> Arne Schwabe <a...@rfc2549.org> hat am 22.04.2022 15:40 geschrieben:
> diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
> index 4fbe3c1a3..910268333 100644
> --- a/src/openvpn/mudp.c
> +++ b/src/openvpn/mudp.c
> @@ -39,6 +39,20 @@
> #include <sys/inotify.h>
> #endif
>
> +static bool
> +do_pre_decrypt_check(struct multi_context *m)
> +{
> + if (!m->top.c2.tls_auth_standalone)
> + {
> + return false;
> + }
> + if (!tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone,
> &m->top.c2.from, &m->top.c2.buf))
> + {
> + return false;
> + }
> + return true;
Shouldn't this be
if (!m->top.c2.tls_auth_standalone)
{
return true;
}
if (tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone, &m->top.c2.from,
&m->top.c2.buf))
{
return true;
}
return false;
Your patch seems to mangle the logic in several different ways.
> +}
> +
> /*
> * Get a client instance based on real address. If
> * the instance doesn't exist, create it while
> @@ -95,8 +109,7 @@ multi_get_create_instance_udp(struct multi_context *m,
> bool *floated)
> }
> if (!mi)
> {
> - if (!m->top.c2.tls_auth_standalone
> - || tls_pre_decrypt_lite(m->top.c2.tls_auth_standalone,
> &m->top.c2.from, &m->top.c2.buf))
> + if (do_pre_decrypt_check(m))
> {
> if (frequency_limit_event_allowed(m->new_connection_limiter))
> {
--
Frank Lichtenheld
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
