Fixed issue where a client might receive multiple push replies from

a server if it sent multiple push requests due to the server being
slow to respond.  This could cause the client to process pushed
options twice, leading to duplicate pushed routes, among other issues.
The fix, implemented server-side, is to reply only once to a push
request even if multiple requests are received.


git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5

3 files changed, 14 insertions, 2 deletions

diff --git a/openvpn.h b/openvpn.h
index 0c4ff1a..47c9734 100644
--- a/openvpn.h
+++ b/openvpn.h
@@ -414,6 +414,7 @@ struct context_2
   /* --ifconfig endpoints to be pushed to client */
   bool push_reply_deferred;
   bool push_ifconfig_defined;
+  bool sent_push_reply;
   in_addr_t push_ifconfig_local;
   in_addr_t push_ifconfig_remote_netmask;
 #ifdef ENABLE_CLIENT_NAT
diff --git a/push.c b/push.c
index 298031d..f7b7d17 100644
--- a/push.c
+++ b/push.c
@@ -331,8 +331,18 @@ process_incoming_push_msg (struct context *c,
 	}
       else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
 	{
-	  if (send_push_reply (c))
-	    ret = PUSH_MSG_REQUEST;
+	  if (c->c2.sent_push_reply)
+	    {
+	      ret = PUSH_MSG_ALREADY_REPLIED;
+	    }
+	  else
+	    {
+	      if (send_push_reply (c))
+		{
+		  ret = PUSH_MSG_REQUEST;
+		  c->c2.sent_push_reply = true;
+		}
+	    }
 	}
       else
 	{
diff --git a/push.h b/push.h
index 089cf45..b5d1fbf 100644
--- a/push.h
+++ b/push.h
@@ -35,6 +35,7 @@
 #define PUSH_MSG_REQUEST_DEFERRED 3
 #define PUSH_MSG_AUTH_FAILURE     4
 #define PUSH_MSG_CONTINUATION     5
+#define PUSH_MSG_ALREADY_REPLIED  6
 
 void incoming_push_message (struct context *c,
 			    const struct buffer *buffer);