On 15/12/16 19:52, Steffan Karger wrote: > When the pulled options change, OpenVPN will attempt to reopen the tun > device. That might fail if the process has already dropper privileges, > and is not needed unless the tun MTU is changed. This patch therefore > ignores the cipher value for the digest if a fixed tun-mtu is used. > > Additionally, this patch changes the md_ctx_update() call to include the > trailing zero byte of each option, to make sure that parsing "foo,bar" > results in a different hash than "foobar". (Sorry for not catching that > during the review...) > > Trac: #761 > > Signed-off-by: Steffan Karger <stef...@karger.me> > --- > src/openvpn/push.c | 16 +++++++++++----- > 1 file changed, 11 insertions(+), 5 deletions(-) > > diff --git a/src/openvpn/push.c b/src/openvpn/push.c > index 34c65c4..674efeb 100644 > --- a/src/openvpn/push.c > +++ b/src/openvpn/push.c > @@ -677,17 +677,22 @@ process_incoming_push_request(struct context *c) > #endif /* if P2MP_SERVER */ > > static void > -push_update_digest(md_ctx_t *ctx, struct buffer *buf) > +push_update_digest(md_ctx_t *ctx, struct buffer *buf, const struct options > *opt) > { > char line[OPTION_PARM_SIZE]; > while (buf_parse(buf, ',', line, sizeof(line))) > { > /* peer-id might change on restart and this should not trigger > reopening tun */ > - if (strstr(line, "peer-id ") != line) > + if (strcmp(line, "peer-id ") == 0)
Are you sure about this strcmp()? I'd expect line to contain "peer-id 1" or something like that ... so the result would be 49 (or anything not 0) .... strncmp(line, "peer-id ", 8) would provide a match though. > { > - md_ctx_update(ctx, (const uint8_t *) line, strlen(line)); > + continue; > } > - } > + if (strcmp(line, "cipher ") == 0 && !opt->ce.tun_mtu_defined) Same as above. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Check out the vibrant tech community on one of the world's most engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel