Hi, On Thu, Feb 09, 2023 at 07:40:06PM +0200, Mykhailo Mishchenko wrote: > On 09.02.23 17:36, Petr ??tetiar wrote: > > Server can crash on systems using musl libc when client with comma in > > commonName tries to connect: > > > > ifconfig_pool_read(), in='VPN Client, abc,192.168.1.2,' > > RESOLVE: Cannot parse IP address: abc: (Name does not resolve) > > I also would like to empathize what exactly leads to the crash. It > clearly tried to parse a part of client certificate's Common Name as an > IP address. As I understand it, this IP address was supposed to be used > to restore client's previous IP address. This is another bug, different > from trying to "free" NULL pointer.
CNs with commas in them are a long-standing issue, because OpenVPN
doesn't know how to deal with them. So, don't do that.
(There is an old Trac ticket about it, but nobody went out and fixed
the code yet - which is tricky, as you can't just change the format
of ifconfig-pool-persist without breaking existing setups)
gert
--
"If was one thing all people took for granted, was conviction that if you
feed honest figures into a computer, honest figures come out. Never doubted
it myself till I met a computer with a sense of humor."
Robert A. Heinlein, The Moon is a Harsh Mistress
Gert Doering - Munich, Germany g...@greenie.muc.de
signature.asc
Description: PGP signature
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
