Handle exceeding 'max-clients'

If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Signed-off-by: Kristof Provost <kprovost@netgate.com> Acked-by: Arne Schwabe <arne@rfc2549.org> Message-Id: <20220713083404.13227-2-kprovost@netgate.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24678.html Signed-off-by: Gert Doering <gert@greenie.muc.de>
author: Kristof Provost 2022-07-13 10:34:04 +0200
committer: Gert Doering 2022-07-13 14:02:06 +0200
commit: ac14d90e7e5a80c57d064b1d3a5deb1db63b0911 (patch)
tree: a68c573575c72a0e0132dadcd6728c11a371d5f7 /src/openvpn/mudp.c
parent: ad085464b15d63324846d0a5151141f58ccb5a34 (diff)
download: openvpn-ac14d90e7e5a80c57d064b1d3a5deb1db63b0911.zip
openvpn-ac14d90e7e5a80c57d064b1d3a5deb1db63b0911.tar.gz
1 files changed, 10 insertions, 9 deletions
diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 0810fad..0cbca1a 100644
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -241,15 +241,16 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated)
                         hash_add_fast(hash, bucket, &mi->real, hv, mi);
                         mi->did_real_hash = true;
                         multi_assign_peer_id(m, mi);
-                    }
-                    /* If we have a session id already, ensure that the
-                     * state is using the same */
-                    if (session_id_defined(&state.server_session_id)
-                        && session_id_defined((&state.peer_session_id)))
-                    {
-                        mi->context.c2.tls_multi->n_sessions++;
-                        struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE];
-                        session_skip_to_pre_start(session, &state, &m->top.c2.from);
+
+                        /* If we have a session id already, ensure that the
+                         * state is using the same */
+                        if (session_id_defined(&state.server_session_id)
+                            && session_id_defined((&state.peer_session_id)))
+                        {
+                            mi->context.c2.tls_multi->n_sessions++;
+                            struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE];
+                            session_skip_to_pre_start(session, &state, &m->top.c2.from);
+                        }
                     }
                 }
                 else
author	Kristof Provost	2022-07-13 10:34:04 +0200
committer	Gert Doering	2022-07-13 14:02:06 +0200
commit	ac14d90e7e5a80c57d064b1d3a5deb1db63b0911 (patch)
tree	a68c573575c72a0e0132dadcd6728c11a371d5f7 /src/openvpn/mudp.c
parent	ad085464b15d63324846d0a5151141f58ccb5a34 (diff)
download	openvpn-ac14d90e7e5a80c57d064b1d3a5deb1db63b0911.zip openvpn-ac14d90e7e5a80c57d064b1d3a5deb1db63b0911.tar.gz