diff options
author | Fabian Knittel <fabian.knittel@avona.com> | 2010-05-04 16:21:47 +0200 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2010-10-21 21:26:42 +0200 |
commit | 8bebb729a53ae423d0867648f0c12868a96cafde (patch) | |
tree | b893b8d7e6301a8bba2ccc5b9c68e621d4f976bc | |
parent | Revamped the script-security warning logging (version 2) (diff) | |
download | openvpn-8bebb729a53ae423d0867648f0c12868a96cafde.tar.xz |
ssl.c: fix use of openvpn_run_script()'s return value
This patch fixes two bugs introduced in
commit 339f2a4d4b487afa53fa99d72c35b16f31e417d3
Author: David Sommerseth <dazo@users.sourceforge.net>
Date: Thu Apr 29 23:35:45 2010 +0200
David's patch replaced openvpn_execve() with openvpn_run_script() in two places,
but didn't adjust the return value handling. openvpn_run_script() returns true
or false, while openvpn_execve() returns the program's exit code.
Without the fix, the --tls-verify script and the --auth-user-pass-verify
script fail to run. (I noticed the latter, but haven't actually tested the
former.)
The return value handling is fine for the other places where
openvpn_run_script() is used, because those places previously used
openvpn_execve_check() (notice the "_check" suffix).
Signed-off-by: Fabian Knittel <fabian.knittel@avona.com>
Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Acked-by: David Sommerseth <dazo@users.sourceforge.net>
-rw-r--r-- | ssl.c | 18 |
1 files changed, 5 insertions, 13 deletions
@@ -992,21 +992,19 @@ verify_callback (int preverify_ok, X509_STORE_CTX * ctx) gc_free(&gc); } - if (system_ok (ret)) + if (ret) { msg (D_HANDSHAKE, "VERIFY SCRIPT OK: depth=%d, %s", ctx->error_depth, subject); } else { - if (!system_executed (ret)) - argv_msg_prefix (M_ERR, &argv, "Verify command failed to execute"); msg (D_HANDSHAKE, "VERIFY SCRIPT ERROR: depth=%d, %s", ctx->error_depth, subject); goto err; /* Reject connection */ } } - + /* check peer cert against CRL */ if (opt->crl_file) { @@ -3299,7 +3297,6 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up struct gc_arena gc = gc_new (); struct argv argv = argv_new (); const char *tmp_file = ""; - int retval; bool ret = false; /* Is username defined? */ @@ -3342,16 +3339,11 @@ verify_user_pass_script (struct tls_session *session, const struct user_pass *up /* format command line */ argv_printf (&argv, "%sc %s", session->opt->auth_user_pass_verify_script, tmp_file); - + /* call command */ - retval = openvpn_run_script (&argv, session->opt->es, 0, "--auth-user-pass-verify"); + ret = openvpn_run_script (&argv, session->opt->es, 0, + "--auth-user-pass-verify"); - /* test return status of command */ - if (system_ok (retval)) - ret = true; - else if (!system_executed (retval)) - argv_msg_prefix (D_TLS_ERRORS, &argv, "TLS Auth Error: user-pass-verify script failed to execute"); - if (!session->opt->auth_user_pass_verify_script_via_file) setenv_del (session->opt->es, "password"); } |