Thanks for taking up the challenge :-) - and I think the approach is
quite reasonable, and also extensible should one of the other OSes come
up with a similar memory protection function one day ("crypt with a key
outside the program's own memory").
I have test compiled this "for windows" via GHA/MSVC and locally with
MinGW. Haven't actually tested the windows binary.
More important, since this adds an ASSERT() to a few server-side code path,
fed to the server-side testbed which has user+pass & auth-token instances,
and this all still works :-)
Your patch has been applied to the master and release/2.6 branch
(security hardening). 2.6 lacks the test_user_pass.c file, so that
hunk was omitted.
commit 12a9c357b6a7b55bea929eb5d9669e6386ab0d0e (master)
commit 9e1598de43383ac655fd71bd34021026ac105f23 (release/2.6)
Author: Selva Nair
Date: Fri Sep 6 13:29:08 2024 +0200
Protect cached username, password and token on client
Signed-off-by: Selva Nair <[email protected]>
Acked-by: Frank Lichtenheld <[email protected]>
Message-Id: <[email protected]>
URL:
https://www.mail-archive.com/[email protected]/msg29079.html
Signed-off-by: Gert Doering <[email protected]>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
[email protected]
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
