Acked-by: Gert Doering <[email protected]>
As agreed on the security@ list - this covers all possible leaks, and
is fully "normal OpenVPN style". I didn't test actual file creation
failures, but I *did* test regular server operation with plugins and
scripts, and that all still works fine.
As instructed, I've fixed the "Trial" to read "Trail of Bits" :-)
Your patch has been applied to the master and release/2.6 branch.
release/2.5 and older do not contain this code (no async/deferred
--verify-auth-user-pass scripts yet) - that was only added in 2021
via commit 28e6103096ae8.
commit 0567da5377704cf64bd2599f2d49aa478d386941 (master)
commit cdfdfb3da0ce714f43b23f679a8ef9b36ab9f370 (release/2.6)
Author: David Sommerseth
Date: Thu Dec 15 20:01:37 2022 +0100
ssl_verify: Fix memleak if creating deferred auth control files fails
Signed-off-by: David Sommerseth <[email protected]>
Signed-off-by: Arne Schwabe <[email protected]>
Acked-by: Gert Doering <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg25737.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
