diff options
author | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-11-01 21:05:04 +0000 |
---|---|---|
committer | james <james@e7ae566f-a301-0410-adde-c780ea21d3b5> | 2005-11-01 21:05:04 +0000 |
commit | 76a59eae43d2a1d08c6dae855b57625008c44cca (patch) | |
tree | 6c438bd05ebb9c7fe48d84c7956c5335fe462d94 | |
parent | VERSION 2.1_beta5 (diff) | |
download | openvpn-76a59eae43d2a1d08c6dae855b57625008c44cca.tar.xz |
Merged 2.0.4 changes.
svn merge -r 737:749 $SO/trunk/openvpn
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5
Diffstat (limited to '')
-rw-r--r-- | ChangeLog | 16 | ||||
-rw-r--r-- | init.c | 2 | ||||
-rw-r--r-- | multi.c | 3 | ||||
-rw-r--r-- | openvpn.h | 11 | ||||
-rw-r--r-- | socket.c | 12 |
5 files changed, 29 insertions, 15 deletions
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net> $Id$ -2005.10.31 -- Version 2.1-beta5 +2005.11.01 -- Version 2.1-beta6 -* Security fix (merged from 2.0.3) -- Affects non-Windows +* Security fix (merged from 2.0.4) -- Affects non-Windows OpenVPN clients of version 2.0 or higher which connect to a malicious or compromised server. A format string vulnerability in the foreign_option function in options.c @@ -19,11 +19,13 @@ $Id$ and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79). -* Security fix (merged from 2.0.3) -- Potential DoS vulnerability - on the server in TCP mode. If the TCP server accept() call - returns an error status, the resulting exception handler - may attempt to indirect through a NULL pointer, causing - a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3393 +* Security fix -- (merged from 2.0.4) Potential DoS + vulnerability on the server in TCP mode. If the TCP + server accept() call returns an error status, the resulting + exception handler may attempt to indirect through a NULL + pointer, causing a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3409 * Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN). @@ -2474,7 +2474,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int else if (child) crypto_flags = CF_INIT_TLS_MULTI; do_init_crypto (c, crypto_flags); - if (IS_SIG (c)) + if (IS_SIG (c) && !child) goto sig; } @@ -413,7 +413,8 @@ static void multi_client_disconnect_script (struct multi_context *m, struct multi_instance *mi) { - if (mi->context.c2.context_auth == CAS_SUCCEEDED || mi->context.c2.context_auth == CAS_PARTIAL) + if ((mi->context.c2.context_auth == CAS_SUCCEEDED && mi->connection_established_flag) + || mi->context.c2.context_auth == CAS_PARTIAL) { multi_client_disconnect_setenv (m, mi); @@ -397,12 +397,11 @@ struct context_2 in_addr_t push_ifconfig_local; in_addr_t push_ifconfig_remote_netmask; - /* client authentication state */ -# define CAS_UNDEF 0 -# define CAS_SUCCEEDED 1 -# define CAS_PENDING 2 -# define CAS_FAILED 3 -# define CAS_PARTIAL 4 /* at least one client-connect script/plugin + /* client authentication state, CAS_SUCCEEDED must be 0 */ +# define CAS_SUCCEEDED 0 +# define CAS_PENDING 1 +# define CAS_FAILED 2 +# define CAS_PARTIAL 3 /* at least one client-connect script/plugin succeeded while a later one in the chain failed */ int context_auth; #endif @@ -1115,9 +1115,16 @@ link_socket_init_phase2 (struct link_socket *sock, struct gc_arena gc = gc_new (); const char *remote_dynamic = NULL; bool remote_changed = false; + int sig_save = 0; ASSERT (sock); + if (signal_received && *signal_received) + { + sig_save = *signal_received; + *signal_received = 0; + } + /* initialize buffers */ socket_frame_init (frame, sock); @@ -1321,6 +1328,11 @@ link_socket_init_phase2 (struct link_socket *sock, &gc)); done: + if (sig_save && signal_received) + { + if (!*signal_received) + *signal_received = sig_save; + } gc_free (&gc); } |