Merged 2.0.4 changes.

svn merge -r 737:749 $SO/trunk/openvpn


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5

5 files changed, 29 insertions, 15 deletions

diff --git a/ChangeLog b/ChangeLog
index b7789e5..3259f5f 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC <info@openvpn.net>
 
 $Id$
 
-2005.10.31 -- Version 2.1-beta5
+2005.11.01 -- Version 2.1-beta6
 
-* Security fix (merged from 2.0.3) -- Affects non-Windows
+* Security fix (merged from 2.0.4) -- Affects non-Windows
   OpenVPN clients of version 2.0 or higher which connect to
   a malicious or compromised server.  A format string
   vulnerability in the foreign_option function in options.c
@@ -19,11 +19,13 @@ $Id$
   and (c) the client indicates its willingness to accept
   pushed options from the server by having "pull" or
   "client" in its configuration file (Credit: Vade79).
-* Security fix (merged from 2.0.3) -- Potential DoS vulnerability
-  on the server in TCP mode.  If the TCP server accept() call
-  returns an error status, the resulting exception handler
-  may attempt to indirect through a NULL pointer, causing
-  a segfault.  Affects all OpenVPN 2.0 versions.
+  CVE-2005-3393
+* Security fix -- (merged from 2.0.4) Potential DoS
+  vulnerability on the server in TCP mode.  If the TCP
+  server accept() call returns an error status, the resulting
+  exception handler may attempt to indirect through a NULL
+  pointer, causing a segfault.  Affects all OpenVPN 2.0 versions.
+  CVE-2005-3409
 * Fix attempt of assertion at multi.c:1586 (note that
   this precise line number will vary across different
   versions of OpenVPN).
diff --git a/init.c b/init.c
index d6c13b2..503e75c 100644
--- a/init.c
+++ b/init.c
@@ -2474,7 +2474,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int
     else if (child)
       crypto_flags = CF_INIT_TLS_MULTI;
     do_init_crypto (c, crypto_flags);
-    if (IS_SIG (c))
+    if (IS_SIG (c) && !child)
       goto sig;
   }
 
diff --git a/multi.c b/multi.c
index a425c19..95ea758 100644
--- a/multi.c
+++ b/multi.c
@@ -413,7 +413,8 @@ static void
 multi_client_disconnect_script (struct multi_context *m,
 				struct multi_instance *mi)
 {
-  if (mi->context.c2.context_auth == CAS_SUCCEEDED || mi->context.c2.context_auth == CAS_PARTIAL)
+  if ((mi->context.c2.context_auth == CAS_SUCCEEDED && mi->connection_established_flag)
+      || mi->context.c2.context_auth == CAS_PARTIAL)
     {
       multi_client_disconnect_setenv (m, mi);
 
diff --git a/openvpn.h b/openvpn.h
index 318f10d..e635dba 100644
--- a/openvpn.h
+++ b/openvpn.h
@@ -397,12 +397,11 @@ struct context_2
   in_addr_t push_ifconfig_local;
   in_addr_t push_ifconfig_remote_netmask;
 
-  /* client authentication state */
-# define CAS_UNDEF     0
-# define CAS_SUCCEEDED 1
-# define CAS_PENDING   2
-# define CAS_FAILED    3
-# define CAS_PARTIAL   4 /* at least one client-connect script/plugin
+  /* client authentication state, CAS_SUCCEEDED must be 0 */
+# define CAS_SUCCEEDED 0
+# define CAS_PENDING   1
+# define CAS_FAILED    2
+# define CAS_PARTIAL   3 /* at least one client-connect script/plugin
 			    succeeded while a later one in the chain failed */
   int context_auth;
 #endif
diff --git a/socket.c b/socket.c
index dd98f7c..012158c 100644
--- a/socket.c
+++ b/socket.c
@@ -1115,9 +1115,16 @@ link_socket_init_phase2 (struct link_socket *sock,
   struct gc_arena gc = gc_new ();
   const char *remote_dynamic = NULL;
   bool remote_changed = false;
+  int sig_save = 0;
 
   ASSERT (sock);
 
+  if (signal_received && *signal_received)
+    {
+      sig_save = *signal_received;
+      *signal_received = 0;
+    }
+
   /* initialize buffers */
   socket_frame_init (frame, sock);
 
@@ -1321,6 +1328,11 @@ link_socket_init_phase2 (struct link_socket *sock,
 				    &gc));
 
  done:
+  if (sig_save && signal_received)
+    {
+      if (!*signal_received)
+	*signal_received = sig_save;
+    }
   gc_free (&gc);
 }