diff options
author | James Yonan <james@openvpn.net> | 2011-03-18 04:51:59 +0000 |
---|---|---|
committer | David Sommerseth <dazo@users.sourceforge.net> | 2011-04-26 22:29:11 +0200 |
commit | ff65da3a230b658b2c1d52dc1a48612e80a2eb42 (patch) | |
tree | 6c5a7b07a5e749cfbd88173ac069736e8065045c | |
parent | env_filter_match now includes the serial number of all certs (diff) | |
download | openvpn-ff65da3a230b658b2c1d52dc1a48612e80a2eb42.tar.xz |
Fixed issue where a client might receive multiple push replies from
a server if it sent multiple push requests due to the server being
slow to respond. This could cause the client to process pushed
options twice, leading to duplicate pushed routes, among other issues.
The fix, implemented server-side, is to reply only once to a push
request even if multiple requests are received.
git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5
-rw-r--r-- | openvpn.h | 1 | ||||
-rw-r--r-- | push.c | 14 | ||||
-rw-r--r-- | push.h | 1 |
3 files changed, 14 insertions, 2 deletions
@@ -414,6 +414,7 @@ struct context_2 /* --ifconfig endpoints to be pushed to client */ bool push_reply_deferred; bool push_ifconfig_defined; + bool sent_push_reply; in_addr_t push_ifconfig_local; in_addr_t push_ifconfig_remote_netmask; #ifdef ENABLE_CLIENT_NAT @@ -331,8 +331,18 @@ process_incoming_push_msg (struct context *c, } else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED) { - if (send_push_reply (c)) - ret = PUSH_MSG_REQUEST; + if (c->c2.sent_push_reply) + { + ret = PUSH_MSG_ALREADY_REPLIED; + } + else + { + if (send_push_reply (c)) + { + ret = PUSH_MSG_REQUEST; + c->c2.sent_push_reply = true; + } + } } else { @@ -35,6 +35,7 @@ #define PUSH_MSG_REQUEST_DEFERRED 3 #define PUSH_MSG_AUTH_FAILURE 4 #define PUSH_MSG_CONTINUATION 5 +#define PUSH_MSG_ALREADY_REPLIED 6 void incoming_push_message (struct context *c, const struct buffer *buffer); |