Am 21.01.21 um 18:25 schrieb Gert Doering:
> If we ship something that we consider a form of documentation
> "this is how to write an OpenVPN plugin" it should meet our standards
> for secure and modern code. This plugin did neither.
>
> - get rid of system() calls, especially those that enabled a
> remote-root exploit if this code was used "as is"
>
> - change logging from printf() to OpenVPN's plugin_log()
>
> - this requires changing to openvpn_plugin_open_v3() to get
> to the function pointers
>
> - change wacky "background and sleep in the shell call" to the
> double-fork/waitpid model we use in plugins/auth-pam
> (copy-paste code reuse)
>
> - OpenVPN 2.5 and later react badly to OPENVPN_PLUGIN_FUNC_ERROR
> returns to OPENVPN_PLUGIN_ENABLE_PF calls (SIGSEGV crash), so
> always return SUCCESS. Only hook ENABLE_PF if that functionality
> is actually requested ("setenv test_packet_filter NN").
>
> - change deeply-nested functions auth_user_pass_verify() and
> tls_final() to use early-return style
>
> - actually make defered PF setup *work* with recent OpenVPNs
> (pre-creating temp files broke this, so unlink() the pre-created
> file in the ENABLE_PF hook, and re-create asyncronously later)
>
> - add lots of comments explaining why we do things this way
>
> + while( r>0 );
style ....
But overall it improves the sample plugin so massive that I think we
should merge it because it fixes several big issues.
Acked-By: Arne Schwabe <a...@rfc2549.org>
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
