From 76a59eae43d2a1d08c6dae855b57625008c44cca Mon Sep 17 00:00:00 2001 From: james Date: Tue, 1 Nov 2005 21:05:04 +0000 Subject: Merged 2.0.4 changes. svn merge -r 737:749 $SO/trunk/openvpn git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@750 e7ae566f-a301-0410-adde-c780ea21d3b5 --- ChangeLog | 16 +++++++++------- init.c | 2 +- multi.c | 3 ++- openvpn.h | 11 +++++------ socket.c | 12 ++++++++++++ 5 files changed, 29 insertions(+), 15 deletions(-) diff --git a/ChangeLog b/ChangeLog index b7789e5..3259f5f 100644 --- a/ChangeLog +++ b/ChangeLog @@ -3,9 +3,9 @@ Copyright (C) 2002-2005 OpenVPN Solutions LLC $Id$ -2005.10.31 -- Version 2.1-beta5 +2005.11.01 -- Version 2.1-beta6 -* Security fix (merged from 2.0.3) -- Affects non-Windows +* Security fix (merged from 2.0.4) -- Affects non-Windows OpenVPN clients of version 2.0 or higher which connect to a malicious or compromised server. A format string vulnerability in the foreign_option function in options.c @@ -19,11 +19,13 @@ $Id$ and (c) the client indicates its willingness to accept pushed options from the server by having "pull" or "client" in its configuration file (Credit: Vade79). -* Security fix (merged from 2.0.3) -- Potential DoS vulnerability - on the server in TCP mode. If the TCP server accept() call - returns an error status, the resulting exception handler - may attempt to indirect through a NULL pointer, causing - a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3393 +* Security fix -- (merged from 2.0.4) Potential DoS + vulnerability on the server in TCP mode. If the TCP + server accept() call returns an error status, the resulting + exception handler may attempt to indirect through a NULL + pointer, causing a segfault. Affects all OpenVPN 2.0 versions. + CVE-2005-3409 * Fix attempt of assertion at multi.c:1586 (note that this precise line number will vary across different versions of OpenVPN). diff --git a/init.c b/init.c index d6c13b2..503e75c 100644 --- a/init.c +++ b/init.c @@ -2474,7 +2474,7 @@ init_instance (struct context *c, const struct env_set *env, const unsigned int else if (child) crypto_flags = CF_INIT_TLS_MULTI; do_init_crypto (c, crypto_flags); - if (IS_SIG (c)) + if (IS_SIG (c) && !child) goto sig; } diff --git a/multi.c b/multi.c index a425c19..95ea758 100644 --- a/multi.c +++ b/multi.c @@ -413,7 +413,8 @@ static void multi_client_disconnect_script (struct multi_context *m, struct multi_instance *mi) { - if (mi->context.c2.context_auth == CAS_SUCCEEDED || mi->context.c2.context_auth == CAS_PARTIAL) + if ((mi->context.c2.context_auth == CAS_SUCCEEDED && mi->connection_established_flag) + || mi->context.c2.context_auth == CAS_PARTIAL) { multi_client_disconnect_setenv (m, mi); diff --git a/openvpn.h b/openvpn.h index 318f10d..e635dba 100644 --- a/openvpn.h +++ b/openvpn.h @@ -397,12 +397,11 @@ struct context_2 in_addr_t push_ifconfig_local; in_addr_t push_ifconfig_remote_netmask; - /* client authentication state */ -# define CAS_UNDEF 0 -# define CAS_SUCCEEDED 1 -# define CAS_PENDING 2 -# define CAS_FAILED 3 -# define CAS_PARTIAL 4 /* at least one client-connect script/plugin + /* client authentication state, CAS_SUCCEEDED must be 0 */ +# define CAS_SUCCEEDED 0 +# define CAS_PENDING 1 +# define CAS_FAILED 2 +# define CAS_PARTIAL 3 /* at least one client-connect script/plugin succeeded while a later one in the chain failed */ int context_auth; #endif diff --git a/socket.c b/socket.c index dd98f7c..012158c 100644 --- a/socket.c +++ b/socket.c @@ -1115,9 +1115,16 @@ link_socket_init_phase2 (struct link_socket *sock, struct gc_arena gc = gc_new (); const char *remote_dynamic = NULL; bool remote_changed = false; + int sig_save = 0; ASSERT (sock); + if (signal_received && *signal_received) + { + sig_save = *signal_received; + *signal_received = 0; + } + /* initialize buffers */ socket_frame_init (frame, sock); @@ -1321,6 +1328,11 @@ link_socket_init_phase2 (struct link_socket *sock, &gc)); done: + if (sig_save && signal_received) + { + if (!*signal_received) + *signal_received = sig_save; + } gc_free (&gc); } -- cgit v1.2.3