From patchwork Wed Nov 1 11:03:41 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Steffan Karger X-Patchwork-Id: 44 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director3.mail.ord1d.rsapps.net ([172.30.191.6]) by backend31.mail.ord1d.rsapps.net (Dovecot) with LMTP id awuDBPJE+lkeJgAAgoeIoA for ; Wed, 01 Nov 2017 18:04:34 -0400 Received: from proxy10.mail.ord1d.rsapps.net ([172.30.191.6]) by director3.mail.ord1d.rsapps.net (Dovecot) with LMTP id hUXYAvJE+lkxZQAAkXNnRw ; Wed, 01 Nov 2017 18:04:34 -0400 Received: from smtp4.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy10.mail.ord1d.rsapps.net (Dovecot) with LMTP id IM07BPJE+lmoEwAAfSg8FQ ; Wed, 01 Nov 2017 18:04:34 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: justin@openvpn.net X-Originating-Ip: [216.34.181.88] Authentication-Results: smtp4.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.34.181.88"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=karger-me.20150623.gappssmtp.com; dmarc=none (p=nil; dis=none) header.from=karger.me X-Classification-ID: a45f3a82-bf50-11e7-b327-525400760ffc-1-1 Received: from [216.34.181.88] ([216.34.181.88:37288] helo=lists.sourceforge.net) by smtp4.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.1.56364 r(Core:4.2.1.14)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id C1/B2-25778-1F44AF95; Wed, 01 Nov 2017 18:04:33 -0400 Received: from localhost ([127.0.0.1] helo=sfs-ml-2.v29.ch3.sourceforge.com) by sfs-ml-2.v29.ch3.sourceforge.com with esmtp (Exim 4.89) (envelope-from ) id 1eA17F-0000BK-Re; Wed, 01 Nov 2017 22:04:05 +0000 Received: from sog-mx-4.v43.ch3.sourceforge.com ([172.29.43.194] helo=mx.sourceforge.net) by sfs-ml-2.v29.ch3.sourceforge.com with esmtps (TLSv1:DHE-RSA-AES256-SHA:256) (Exim 4.89) (envelope-from ) id 1eA17C-0000Ac-46 for openvpn-devel@lists.sourceforge.net; Wed, 01 Nov 2017 22:04:02 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=ZOqesW2WDJfln40AlroGdjQhBvP4pbZ9feRvQRz9J5I=; b=YriswueKDpYBBZOPBQzIvCVzOFdtjfyNvkdtG3a5A9MsrqECzv9xdmqIoWW6sxVf7LdUrTEPEPVg8nE5/yacJYGaI1gjb3SvXYsb7Cir/uxd4B9Zw/q9PMTZmCM+wwrshSzyUtBNWORL0oS5ltRbp4maBqwQmr2mvqGEgh95VYA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x; h=References:In-Reply-To:Message-Id:Date:Subject:Cc:To:From; bh=ZOqesW2WDJfln40AlroGdjQhBvP4pbZ9feRvQRz9J5I=; b=ItXOrg2V+Gi8+5V0nRcF3rU3HOytWzY1PPakFcgURVGekCoEkQ3zdB4awHCOzJSzALW61ifZ24VA6bQzJfnaROQAdR7ISVHLkOkX3FGRokQgEyRRiZXf4X29bmFffOuXEC172vaPhn3dlwWSVA7gBPi6hv5rR4R64IV31FGEjW0=; Received-SPF: pass (sog-mx-4.v43.ch3.sourceforge.com: domain of karger.me designates 74.125.82.66 as permitted sender) client-ip=74.125.82.66; envelope-from=steffan@karger.me; helo=mail-wm0-f66.google.com; Received: from mail-wm0-f66.google.com ([74.125.82.66]) by sog-mx-4.v43.ch3.sourceforge.com with esmtps (TLSv1:AES128-SHA:128) (Exim 4.76) id 1eA17A-00063c-6A for openvpn-devel@lists.sourceforge.net; Wed, 01 Nov 2017 22:04:02 +0000 Received: by mail-wm0-f66.google.com with SMTP id r196so7532250wmf.2 for ; Wed, 01 Nov 2017 15:03:59 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=karger-me.20150623.gappssmtp.com; s=20150623; h=from:to:cc:subject:date:message-id:in-reply-to:references; bh=ZOqesW2WDJfln40AlroGdjQhBvP4pbZ9feRvQRz9J5I=; b=ObyceAVcmGR8zVCykijVow83F214KDgZkT56mFcfN9oElNTdPrnsR3+enCJtblo1eq 85nwfEWR0md5Kpsg+3LZq3nf35slk6LD47zIxFLx247NtT5V4ACqLMXOkvVlXfgrAvfR YqoPXs4J5v14jQdKmNnftz/RvG+u4KO3z/1DHNL/idlzqR2/K3pNan59KAheWvwwakkr XcE2/p18yaKVeYLpDIKtTDB6StZXJ1tpvrVdY8rIRda316tjDN4iYWnphN8vYq5K/kHd g4AmMWmH4Bq93TCTIhL9y3ic8h+Bn/gipYvm9+YIQrIJM71oW7fWUzZoIARsurrd2xRl HoTA== X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id:in-reply-to :references; bh=ZOqesW2WDJfln40AlroGdjQhBvP4pbZ9feRvQRz9J5I=; b=SHZlc/JYsG1XXwZHUjsPzdm5R2WpdZlKJ13JELKha5DDTdDK+NkT59f6gbXg3p92EJ e901rB3AFohnW4pIQrVjMmqWrVNwglyqGsWuR6JHacd8cHpGo0o3G9O+ieitXjVgq5Vr dS0QL6TM2WSIleinSJWPNbqi/+Pvg7tPpO0xXk5P+3jPa2UV6hBAIHDuPBC0ttxI+zgJ gL+O7TRpuBCivKz6DqCF3+NaT/vCnAaetGkkL4FHTe1615YwQm9RuBRWcGe6+al8M6DW IwFTbegSEdtGZHwMX69lEFYHP8D/JPpO1u0MXr1/CsEWtBiFBZTq7eVHJXR42kwz4Y40 KtQg== X-Gm-Message-State: AMCzsaUlSc38KXI+VJgl9zDEFQZ3rsRNHPZYfUU+PkuLUuho25sC0BtC srOIcVoHDI0JmoJ5nxRKwCaexYhkYl8= X-Google-Smtp-Source: ABhQp+QMiyFxang7bRmng8Tj4ZCboZd1OGHz7G6BYREvQXjftI0DWRM3VIk58GFWWZ5NfPWnZ3tNfA== X-Received: by 10.80.136.4 with SMTP id b4mr1927654edb.155.1509573833344; Wed, 01 Nov 2017 15:03:53 -0700 (PDT) Received: from vesta.fritz.box ([2001:985:e54:1:f834:91b2:a7cf:128b]) by smtp.gmail.com with ESMTPSA id f39sm2096642edf.83.2017.11.01.15.03.52 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 01 Nov 2017 15:03:52 -0700 (PDT) From: Steffan Karger To: openvpn-devel@lists.sourceforge.net Date: Wed, 1 Nov 2017 23:03:41 +0100 Message-Id: <20171101220342.14648-4-steffan@karger.me> X-Mailer: git-send-email 2.14.1 In-Reply-To: <20171101220342.14648-1-steffan@karger.me> References: <1505424872-27434-1-git-send-email-steffan.karger@fox-it.com> <20171101220342.14648-1-steffan@karger.me> X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at http://www.dnswl.org/, no trust [74.125.82.66 listed in list.dnswl.org] -1.5 SPF_CHECK_PASS SPF reports sender host as permitted sender for sender-domain -0.0 SPF_PASS SPF: sender matches SPF record 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.5 RCVD_IN_SORBS_SPAM RBL: SORBS: sender is a spam source [74.125.82.66 listed in dnsbl.sorbs.net] -0.0 AWL AWL: Adjusted score from AWL reputation of From: address X-Headers-End: 1eA17A-00063c-6A Subject: [Openvpn-devel] [PATCH 3/4 v2] Don't throw fatal errors from create_temp_file() X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , MIME-Version: 1.0 Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Steffan Karger This function is called in response to connecting clients, and can fail when I/O fails for some (possibly temporary) reason. In such cases we should not exit the process, but just reject the connecting client. This commit changes the function to actually return NULL on errors, and (where needed) changes the callers to check for and handle errors. Since the tls-crypt-v2 metadata code also calls create_temp_file() when clients connect, I consider this a prerequisite for tls-crypt-v2. Signed-off-by: Steffan Karger Acked-by: Antonio Quartulli --- v2: put || at the beginning of a line (not the end) src/openvpn/misc.c | 6 +++--- src/openvpn/ssl_verify.c | 32 +++++++++++++++++++++----------- 2 files changed, 24 insertions(+), 14 deletions(-) diff --git a/src/openvpn/misc.c b/src/openvpn/misc.c index 8c7f6116..25f38003 100644 --- a/src/openvpn/misc.c +++ b/src/openvpn/misc.c @@ -740,7 +740,7 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) retfname = gen_path(directory, BSTR(&fname), gc); if (!retfname) { - msg(M_FATAL, "Failed to create temporary filename and path"); + msg(M_WARN, "Failed to create temporary filename and path"); return NULL; } @@ -755,14 +755,14 @@ create_temp_file(const char *directory, const char *prefix, struct gc_arena *gc) else if (fd == -1 && errno != EEXIST) { /* Something else went wrong, no need to retry. */ - msg(M_FATAL | M_ERRNO, "Could not create temporary file '%s'", + msg(M_WARN | M_ERRNO, "Could not create temporary file '%s'", retfname); return NULL; } } while (attempts < 6); - msg(M_FATAL, "Failed to create temporary file after %i attempts", attempts); + msg(M_WARN, "Failed to create temporary file after %i attempts", attempts); return NULL; } diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 9cd36d7a..de54fb74 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -547,14 +547,14 @@ verify_cert_export_cert(openvpn_x509_cert_t *peercert, const char *tmp_dir, stru FILE *peercert_file; const char *peercert_filename = ""; - if (!tmp_dir) + /* create tmp file to store peer cert */ + if (!tmp_dir + || !(peercert_filename = create_temp_file(tmp_dir, "pcf", gc))) { + msg (M_WARN, "Failed to create peer cert file"); return NULL; } - /* create tmp file to store peer cert */ - peercert_filename = create_temp_file(tmp_dir, "pcf", gc); - /* write peer-cert in tmp-file */ peercert_file = fopen(peercert_filename, "w+"); if (!peercert_file) @@ -589,10 +589,13 @@ verify_cert_call_command(const char *verify_command, struct env_set *es, if (verify_export_cert) { - if ((tmp_file = verify_cert_export_cert(cert, verify_export_cert, &gc))) + tmp_file = verify_cert_export_cert(cert, verify_export_cert, &gc); + if (!tmp_file) { - setenv_str(es, "peer_cert", tmp_file); + ret = false; + goto cleanup; } + setenv_str(es, "peer_cert", tmp_file); } argv_parse_cmd(&argv, verify_command); @@ -609,6 +612,7 @@ verify_cert_call_command(const char *verify_command, struct env_set *es, } } +cleanup: gc_free(&gc); argv_reset(&argv); @@ -879,21 +883,21 @@ key_state_rm_auth_control_file(struct key_state *ks) } } -static void +static bool key_state_gen_auth_control_file(struct key_state *ks, const struct tls_options *opt) { struct gc_arena gc = gc_new(); - const char *acf; key_state_rm_auth_control_file(ks); - acf = create_temp_file(opt->tmp_dir, "acf", &gc); + const char *acf = create_temp_file(opt->tmp_dir, "acf", &gc); if (acf) { ks->auth_control_file = string_alloc(acf, NULL); setenv_str(opt->es, "auth_control_file", ks->auth_control_file); - } /* FIXME: Should have better error handling? */ + } gc_free(&gc); + return acf; } static unsigned int @@ -1184,7 +1188,12 @@ verify_user_pass_plugin(struct tls_session *session, const struct user_pass *up, #ifdef PLUGIN_DEF_AUTH /* generate filename for deferred auth control file */ - key_state_gen_auth_control_file(ks, session->opt); + if (!key_state_gen_auth_control_file(ks, session->opt)) + { + msg (D_TLS_ERRORS, "TLS Auth Error (%s): " + "could not create deferred auth control file", __func__); + goto cleanup; + } #endif /* call command */ @@ -1209,6 +1218,7 @@ verify_user_pass_plugin(struct tls_session *session, const struct user_pass *up, msg(D_TLS_ERRORS, "TLS Auth Error (verify_user_pass_plugin): peer provided a blank username"); } +cleanup: return retval; }