[Openvpn-devel] [PATCH] Return NULL if GetAdaptersInfo fails

From: Selva Nair - Currently a pointer to potentially uninitialized IP_ADAPTER_INFO struct is returned on error causing ill-defined behaviour. Signed-off-by: Selva Nair --- There have been some reports of unexpected failure in GetAdaptersInfo.

[Openvpn-devel] openvpn segfaults on --management-external-key with ECC certificate

Hi, I expected an error message saying only RSA certs are supported for --management-external-key, but openvpn appears to segfault if a cert with an ECC key is used with that option. A stack trace shows it fails in ssl_openssl.c line 1117 when trying to copy n and e. In fact the call pub_rsa =

[Openvpn-devel] [PATCH] Fix typo in error message: "optione" -> "option"

From: Bertrand Bonnefoy-Claudet --- src/openvpn/options.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 7be5f383..b240e2ef 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -4523,7

Re: [Openvpn-devel] [PATCH v3] Don't throw fatal errors from verify_cert_export_cert()

Hi, Thanks for v3. Looks good now. On Tue, Jan 2, 2018 at 5:52 PM, Steffan Karger wrote: > As with create_temp_file(), this function is called on client connects > and should not cause fatal errors when I/O (possibly temporarily) fails. > Fix this and the openssl

Re: [Openvpn-devel] [PATCH v2] Don't throw fatal errors from verify_cert_export_cert()

Hi, On Fri, Dec 29, 2017 at 5:18 AM, Steffan Karger wrote: > As with create_temp_file(), this function is called on client connects and > should not cause fatal errors when I/O (possibly temporarily) fails. > > The callers of this function are already fixed in the

Re: [Openvpn-devel] [PATCH v2] Don't throw fatal errors from verify_cert_export_cert()

Hi, On 02-01-18 20:19, Selva Nair wrote: > On Fri, Dec 29, 2017 at 5:18 AM, Steffan Karger > wrote: >> @@ -557,13 +557,15 @@ verify_cert_export_cert(openvpn_x509_cert_t *peercert, >> const char *tmp_dir, stru >> peercert_file = fopen(peercert_filename, "w+"); >>

[Openvpn-devel] [PATCH v3] Don't throw fatal errors from verify_cert_export_cert()

As with create_temp_file(), this function is called on client connects and should not cause fatal errors when I/O (possibly temporarily) fails. Fix this and the openssl backend implementation of x509_write_pem() to no longer throw fatal errors. The callers of this function are already fixed in

[Openvpn-devel] [PATCH] Check for time_t overflow in event_timeout_trigger()

As reported in trac #922, the wakeup computation in event_timeout_trigger() could overflow. Since time_t and int are signed types, that is officially undefined behvaiour. On systems with a 64-bit signed time_t (most if not all 64-bit system), the overflow was caused by the (unnecessary) cast to

[Openvpn-devel] [PATCH v2] Check for time_t overflow in event_timeout_trigger()

As reported in trac #922, the wakeup computation in event_timeout_trigger() could overflow. Since time_t and int are signed types, that is officially undefined behvaiour. On systems with a 64-bit signed time_t (most if not all 64-bit system), the overflow was caused by the (unnecessary) cast to