diff options
| author | Arne Schwabe | 2023-03-01 14:44:55 +0100 |
|---|---|---|
| committer | Gert Doering | 2023-03-20 17:44:59 +0100 |
| commit | 75cc2fa6e15ce806415aed33d7608b8d9cc00e36 (patch) | |
| tree | 2d76022c91edbf97359864bd6a4050984d4afb84 | |
| parent | da083c3b9bc1b5720a4dcbef9c32bbbbec0dcce6 (diff) | |
| download | openvpn-75cc2fa6e15ce806415aed33d7608b8d9cc00e36.zip openvpn-75cc2fa6e15ce806415aed33d7608b8d9cc00e36.tar.gz | |
Only update frame calculation if we have a valid link sockets
Without this, we will caculate a pointer to the linksocket relative to a
null pointer in get_link_socket_info(), which itself does not crash and
the pointer seems not to be accessed later, so we do not get a crash here.
This is still not the correct behaviour and the undefined behaviour
sanitiser from llvm/clang finds this.
Change-Id: I82a20ac72f60f8770ea1b4ab0c8cdea31868abe7
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20230301134455.2810114-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg26318.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
(cherry picked from commit 2d17869f8d9d8e27f64f1a7cd1514fbbb768807b)
| -rw-r--r-- | src/openvpn/init.c | 15 |
1 files changed, 8 insertions, 7 deletions
diff --git a/src/openvpn/init.c b/src/openvpn/init.c index fa2681d..3a6f624 100644 --- a/src/openvpn/init.c +++ b/src/openvpn/init.c @@ -4687,14 +4687,15 @@ init_instance(struct context *c, const struct env_set *env, const unsigned int f if (c->mode == CM_P2P || c->mode == CM_TOP || c->mode == CM_CHILD_TCP) { link_socket_init_phase2(c); - } - /* Update dynamic frame calculation as exact transport socket information - * (IP vs IPv6) may be only available after socket phase2 has finished. - * This is only needed for --static or no crypto, NCP will recalculate this - * in tls_session_update_crypto_params (P2MP) */ - frame_calculate_dynamic(&c->c2.frame, &c->c1.ks.key_type, &c->options, - get_link_socket_info(c)); + + /* Update dynamic frame calculation as exact transport socket information + * (IP vs IPv6) may be only available after socket phase2 has finished. + * This is only needed for --static or no crypto, NCP will recalculate this + * in tls_session_update_crypto_params (P2MP) */ + frame_calculate_dynamic(&c->c2.frame, &c->c1.ks.key_type, &c->options, + get_link_socket_info(c)); + } /* * Actually do UID/GID downgrade, and chroot, if requested. |