Acked-By: Frank Lichtenheld <fr...@lichtenheld.com>
I'm pretty sure that this patch is correct if 07/21 is correct.
> Frank Lichtenheld <fr...@lichtenheld.com> hat am 15.12.2021 10:58 geschrieben:
>
>
> > Arne Schwabe <a...@rfc2549.org> hat am 14.12.2021 23:38 geschrieben:
> > Am 14.12.21 um 18:10 schrieb Frank Lichtenheld:
> > >
> > >
> > >> Arne Schwabe <a...@rfc2549.org> hat am 14.12.2021 16:09 geschrieben:
> > >> diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
> > >> index 29efcd3b9..f82386a1d 100644
> > >> --- a/src/openvpn/forward.c
> > >> +++ b/src/openvpn/forward.c
> > >> @@ -1493,7 +1493,7 @@ process_ip_header(struct context *c, unsigned int
> > >> flags, struct buffer *buf)
> > >> /* possibly alter the TCP MSS */
> > >> if (flags & PIP_MSSFIX)
> > >> {
> > >> - mss_fixup_ipv4(&ipbuf,
> > >> MTU_TO_MSS(TUN_MTU_SIZE_DYNAMIC(&c->c2.frame)));
> > >> + mss_fixup_ipv4(&ipbuf, c->c2.frame.mss_fix);
> > >
> > > I still think this will badly explode in the ce.mssfix == 0 code path. In
> > > that case frame.mss_fix == 0 AFAICT
> > > and I see no handling of that possibility in mss_fixup_ipv4/6.
> >
> > I won't. This is part of the older parts of OpenVPN that are more
> > obscure. You overlooking the implicit assumption that PIP_MSSFIX is only
> > set if also c->c2.frame.mssfix is != 0
> >
> > See the top of the function. If ce.mssfix is 0 then you never have the
> > PIP_MSSFIX flag in the flags:
>
> You're right. Should've not only looked at mss_fixup_*, but also at
> process_ip_header...
>
> Regards,
> --
> Frank Lichtenheld
>
>
> _______________________________________________
> Openvpn-devel mailing list
> Openvpn-devel@lists.sourceforge.net
> https://lists.sourceforge.net/lists/listinfo/openvpn-devel
--
Frank Lichtenheld
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
