[Openvpn-devel,v3] Avoid SIGUSR1 to SIGHUP when the configuration is read from stdin

Message ID 20240719131016.75042-1-frank@lichtenheld.com
State Accepted
Headers show
Series [Openvpn-devel,v3] Avoid SIGUSR1 to SIGHUP when the configuration is read from stdin | expand

Commit Message

Frank Lichtenheld July 19, 2024, 1:10 p.m. UTC
From: Arne Schwabe <arne@rfc2549.org>

If the configuration is read from stdin, we cannot reread the configuration
as stdin provides the configuration only once. So whenever we hit the
"close_context usr1 to hup" logic, the OpenVPN process will fail as tries
to restart with an empty configuration.

While OpenVPN tries to block  USR1 from normal unix signal, I have observed
cases in my app which sends USR1 from management interface where the
CC_HARD_USR1_TO_HUP logic is trigger and breaking the OpenVPN process.

Change-Id: Icfc179490d6821e22d14817941fb0bad667c713f
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/533
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Frank Lichtenheld <frank@lichtenheld.com>

Comments

Gert Doering Sept. 17, 2024, 11 a.m. UTC | #1
I haven't tested this "for real", but the explanation makes sense and
the change is trivial enough.  I have word-smithed the Subject: and also
the comment line a bit.

Your patch has been applied to the master branch.

(Not really a issue on "non Android", it seems, and that one builds on
top of master only - so not applying to release/2.6)

commit b620025b9570a3d66ad3598dc22aa1b07c90fa31 (master)
Author: Arne Schwabe
Date:   Fri Jul 19 15:10:16 2024 +0200

     Avoid SIGUSR1 to SIGHUP remapping when the configuration is read from stdin

     Signed-off-by: Arne Schwabe <arne@rfc2549.org>
     Acked-by: Frank Lichtenheld <frank@lichtenheld.com>
     Message-Id: <20240719131016.75042-1-frank@lichtenheld.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg28941.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c
index 0e85ebc..a55dde6 100644
--- a/src/openvpn/openvpn.c
+++ b/src/openvpn/openvpn.c
@@ -32,6 +32,7 @@ 
 #include "multi.h"
 #include "win32.h"
 #include "platform.h"
+#include "string.h"
 
 #include "memdbg.h"
 
@@ -60,9 +61,10 @@ 
 
     /* set point-to-point mode */
     c->mode = CM_P2P;
-
-    /* initialize tunnel instance */
-    init_instance_handle_signals(c, c->es, CC_HARD_USR1_TO_HUP);
+    /* initialize tunnel instance, avoid SIGHUP when config is stdin since
+     * reading the config from stdin will not work */
+    bool stdin_config = c->options.config && (strcmp(c->options.config, "stdin") == 0);
+    init_instance_handle_signals(c, c->es, stdin_config ? 0 : CC_HARD_USR1_TO_HUP);
     if (IS_SIG(c))
     {
         return;