[Openvpn-devel,v1] ssl_mbedtls: fix missing perf_pop() call

Message ID	20251026143521.13291-1-gert@greenie.muc.de
State	New
Headers	show Return-Path: <openvpn-devel-bounces@lists.sourceforge.net> Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; From: Gert Doering <gert@greenie.muc.de> To: openvpn-devel@lists.sourceforge.net Date: Sun, 26 Oct 2025 15:35:14 +0100 Message-ID: <20251026143521.13291-1-gert@greenie.muc.de> In-Reply-To: <gerrit.1761489176000.I5b6881dc73358c8d1249ee2ceb968ede295105b0@gerrit.openvpn.net> References: <gerrit.1761489176000.I5b6881dc73358c8d1249ee2ceb968ede295105b0@gerrit.openvpn.net> MIME-Version: 1.0 preview: From: Steffan Karger <steffan@karger.me> This was triggered by a bug report submitted by Joshua Rogers, who used ZeroPath to discover we missed a perf_pop() call in one of the error paths of ssl_mbedtls.c. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS Subject: [Openvpn-devel] [PATCH v1] ssl_mbedtls: fix missing perf_pop() call Precedence: list Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: 7bit Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox
Series	[Openvpn-devel,v1] ssl_mbedtls: fix missing perf_pop() call \| expand [Openvpn-devel,v1] ssl_mbedtls: fix missing perf_pop() call

Message ID

20251026143521.13291-1-gert@greenie.muc.de

State

New

Headers

Received-SPF: pass (google.com: domain of
 openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
 permitted sender) client-ip=216.105.38.7;
From: Gert Doering <gert@greenie.muc.de>
To: openvpn-devel@lists.sourceforge.net
Date: Sun, 26 Oct 2025 15:35:14 +0100
Message-ID: <20251026143521.13291-1-gert@greenie.muc.de>
In-Reply-To: 
 <gerrit.1761489176000.I5b6881dc73358c8d1249ee2ceb968ede295105b0@gerrit.openvpn.net>
References: 
 <gerrit.1761489176000.I5b6881dc73358c8d1249ee2ceb968ede295105b0@gerrit.openvpn.net>
MIME-Version: 1.0
Subject: [Openvpn-devel] [PATCH v1] ssl_mbedtls: fix missing perf_pop() call
Precedence: list
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net

Series

[Openvpn-devel,v1] ssl_mbedtls: fix missing perf_pop() call | expand

Commit Message

Gert Doering Oct. 26, 2025, 2:35 p.m. UTC

From: Steffan Karger <steffan@karger.me>

This was triggered by a bug report submitted by Joshua Rogers, who
used ZeroPath to discover we missed a perf_pop() call in one of the
error paths of ssl_mbedtls.c.

Move an existing perf_pop call a bit upwards to fix that.

The perf code is always disabled by ENABLE_PERFORMANCE_METRICS being
commented out in perf.h. There is no configure flag. None of the active
developers remembers using it and the git log shows no actual code changes
since at least the project structure overhaul of 2012. So this has no
real-world impact.

Change-Id: I5b6881dc73358c8d1249ee2ceb968ede295105b0
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1305
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to release/2.6.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1305
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Gert Doering <gert@greenie.muc.de>

Comments

Gert Doering Oct. 27, 2025, 10:01 a.m. UTC | #1

While this is sort-of a NOP in 2.6, at least it's a consistent NOP now :-)

Your patch has been applied to the release/2.6 branch.

commit e83c63f58135913bb2ca2f4345da8cd77098474b
Author: Steffan Karger
Date:   Sun Oct 26 15:35:14 2025 +0100

     ssl_mbedtls: fix missing perf_pop() call

     Signed-off-by: Steffan Karger <steffan@karger.me>
     Acked-by: Gert Doering <gert@greenie.muc.de>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1305
     Message-Id: <20251026143521.13291-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33870.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c
index 8fb69c3..2862989 100644
--- a/src/openvpn/ssl_mbedtls.c
+++ b/src/openvpn/ssl_mbedtls.c
@@ -1489,13 +1489,13 @@ 
     /* Error during read, check for retry error */
     if (retval < 0)
     {
+        perf_pop();
         if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval)
         {
             return 0;
         }
         mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_plaintext error");
         buf->len = 0;
-        perf_pop();
         return -1;
     }
     /* Nothing read, try again */

[Openvpn-devel,v1] ssl_mbedtls: fix missing perf_pop() call

Commit Message

Comments

Patch