[Openvpn-devel] Fix handling of 'route remote_host' for IPv6 transport case.

Message ID 20200911085907.26004-1-gert@greenie.muc.de
State Accepted
Headers show
Series
  • [Openvpn-devel] Fix handling of 'route remote_host' for IPv6 transport case.
Related show

Commit Message

Gert Doering Sept. 11, 2020, 8:59 a.m.
If we connect to a VPN server over IPv6, and the config has a
route like this:

  route remote_host default net_gateway

OpenVPN would try to install a route to "255.255.255.255", which
is obviously bogus.

The bug is twofold: init_route_list() should not set RTSA_REMOTE_HOST
for an "IPV4_INVALID_ADDR" remote_host (wrong condition, this is not
a pointer but an integer, and "invalid" is "-1" numerically here),
and init_route() must not ignore "status = false" returns from
get_special_addr().

I have just added the "if (!status)" check, not done refactoring for
init_route() to see whether I could make it "more pretty".

Trac: #1247

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---
 src/openvpn/route.c | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

Comments

Arne Schwabe Sept. 11, 2020, 9:10 a.m. | #1
Am 11.09.20 um 10:59 schrieb Gert Doering:
> If we connect to a VPN server over IPv6, and the config has a
> route like this:
> 
>   route remote_host default net_gateway
> 
> OpenVPN would try to install a route to "255.255.255.255", which
> is obviously bogus.
> 
> The bug is twofold: init_route_list() should not set RTSA_REMOTE_HOST
> for an "IPV4_INVALID_ADDR" remote_host (wrong condition, this is not
> a pointer but an integer, and "invalid" is "-1" numerically here),
> and init_route() must not ignore "status = false" returns from
> get_special_addr().
> 
> I have just added the "if (!status)" check, not done refactoring for
> init_route() to see whether I could make it "more pretty".
> 
>
Looks good.

Acked-By: Arne Schwabe <arne@rfc2549.org>
Gert Doering Sept. 11, 2020, 9:36 a.m. | #2
Patch has been applied to lots of branches... :)

commit aa34684972eb01bfa5c355d1c8a8a9d384bf0175 (master)
commit 78c50eba82fe9bf9a899cb8587e11dcc227c0cdd (release/2.5)
commit 09e46c3ca7ead4e7b817fa527302dfb1a2f225d0 (release/2.4)
Author: Gert Doering
Date:   Fri Sep 11 10:59:07 2020 +0200

     Fix handling of 'route remote_host' for IPv6 transport case.

     Signed-off-by: Gert Doering <gert@greenie.muc.de>
     Acked-by: Arne Schwabe <arne@rfc2549.org>
     Message-Id: <20200911085907.26004-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20958.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering

Patch

diff --git a/src/openvpn/route.c b/src/openvpn/route.c
index f127a90a..3c94a861 100644
--- a/src/openvpn/route.c
+++ b/src/openvpn/route.c
@@ -323,6 +323,10 @@  init_route(struct route_ipv4 *r,
 
     if (get_special_addr(rl, ro->network, (in_addr_t *) &special.s_addr, &status))
     {
+        if (!status)
+        {
+            goto fail;
+        }
         special.s_addr = htonl(special.s_addr);
         ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL,
                                   AF_INET, network_list);
@@ -619,7 +623,7 @@  init_route_list(struct route_list *rl,
 
     rl->flags = opt->flags;
 
-    if (remote_host)
+    if (remote_host != IPV4_INVALID_ADDR)
     {
         rl->spec.remote_host = remote_host;
         rl->spec.flags |= RTSA_REMOTE_HOST;