From patchwork Thu Sep 10 22:59:07 2020 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 1438 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director8.mail.ord1d.rsapps.net ([172.31.255.6]) by backend30.mail.ord1d.rsapps.net with LMTP id qKQtCLk8W1/xHQAAIUCqbw (envelope-from ) for ; Fri, 11 Sep 2020 05:00:41 -0400 Received: from proxy12.mail.iad3b.rsapps.net ([172.31.255.6]) by director8.mail.ord1d.rsapps.net with LMTP id kIYJCLk8W19rIQAAfY0hYg (envelope-from ) for ; Fri, 11 Sep 2020 05:00:41 -0400 Received: from smtp7.gate.iad3b ([172.31.255.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy12.mail.iad3b.rsapps.net with LMTPS id wCwXAbk8W19pFQAAEsW3lA (envelope-from ) for ; Fri, 11 Sep 2020 05:00:41 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp7.gate.iad3b.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 43cdbf82-f40d-11ea-8be8-525400e292e5-1-1 Received: from [216.105.38.7] ([216.105.38.7:52568] helo=lists.sourceforge.net) by smtp7.gate.iad3b.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id AD/7C-24787-8BC3B5F5; Fri, 11 Sep 2020 05:00:40 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.90_1) (envelope-from ) id 1kGeu9-0005xQ-6q; Fri, 11 Sep 2020 08:59:37 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.90_1) (envelope-from ) id 1kGeu7-0005xA-Dq for openvpn-devel@lists.sourceforge.net; Fri, 11 Sep 2020 08:59:35 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=tvZSeyJi4t8L7j4ay2MAkWSu2L+DbIkFQLjWeuTubXw=; b=lUcW2tEeb7OXyi9dJLV9p074cQ TQp/+euNM0RVjeGqQsOjCO5mOdV6rjBhfv3n3O2jlzbM26oxI+jh2YI3o4y/BGn09sfYJqpGjcqZ2 h4ntt1tXjRXmjss9ySZvLZxQcOwG9Os2nr/chh6Mn9PGHD7xs3uJP8quYM/QHgmnHDGk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-Id:Date:Subject:To:From: Sender:Reply-To:Cc:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=tvZSeyJi4t8L7j4ay2MAkWSu2L+DbIkFQLjWeuTubXw=; b=D fCXP+O8hpUBsJ12KCuyKbvqVt/duM8+p1usg3y5g2sPL40eiMekSSdREMzY9Dgn/LrVK7OG+tLRkr uv5oNpzMNEwcAQqXcBrPf8UGZN3fE0t3sZT4Vni3JlXCorNz1ooUDWrA3vBWA5gb+myG//4yV3sZ1 h+C70XkbzJtV9qcM=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-3.v28.lw.sourceforge.com with esmtps (TLSv1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.92.2) id 1kGetr-003qWP-C2 for openvpn-devel@lists.sourceforge.net; Fri, 11 Sep 2020 08:59:35 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.14.9/8.14.9) with ESMTP id 08B8x8i4026052 for ; Fri, 11 Sep 2020 10:59:08 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 08B8x87E026051 for openvpn-devel@lists.sourceforge.net; Fri, 11 Sep 2020 10:59:08 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 11 Sep 2020 10:59:07 +0200 Message-Id: <20200911085907.26004-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.2 MIME-Version: 1.0 X-Spam-Report: Spam Filtering performed by mx.sourceforge.net. See http://spamassassin.org/tag/ for more details. 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: muc.de] 0.0 TIME_LIMIT_EXCEEDED Exceeded time limit / deadline X-Headers-End: 1kGetr-003qWP-C2 Subject: [Openvpn-devel] [PATCH] Fix handling of 'route remote_host' for IPv6 transport case. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox If we connect to a VPN server over IPv6, and the config has a route like this: route remote_host default net_gateway OpenVPN would try to install a route to "255.255.255.255", which is obviously bogus. The bug is twofold: init_route_list() should not set RTSA_REMOTE_HOST for an "IPV4_INVALID_ADDR" remote_host (wrong condition, this is not a pointer but an integer, and "invalid" is "-1" numerically here), and init_route() must not ignore "status = false" returns from get_special_addr(). I have just added the "if (!status)" check, not done refactoring for init_route() to see whether I could make it "more pretty". Trac: #1247 Signed-off-by: Gert Doering Acked-By: Arne Schwabe --- src/openvpn/route.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) diff --git a/src/openvpn/route.c b/src/openvpn/route.c index f127a90a..3c94a861 100644 --- a/src/openvpn/route.c +++ b/src/openvpn/route.c @@ -323,6 +323,10 @@ init_route(struct route_ipv4 *r, if (get_special_addr(rl, ro->network, (in_addr_t *) &special.s_addr, &status)) { + if (!status) + { + goto fail; + } special.s_addr = htonl(special.s_addr); ret = openvpn_getaddrinfo(0, inet_ntoa(special), NULL, 0, NULL, AF_INET, network_list); @@ -619,7 +623,7 @@ init_route_list(struct route_list *rl, rl->flags = opt->flags; - if (remote_host) + if (remote_host != IPV4_INVALID_ADDR) { rl->spec.remote_host = remote_host; rl->spec.flags |= RTSA_REMOTE_HOST;