From patchwork Mon Aug 8 04:34:22 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 2640 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director14.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id 2GC/Gzsf8WKfdQAAIUCqbw (envelope-from ) for ; Mon, 08 Aug 2022 10:35:39 -0400 Received: from proxy2.mail.ord1d.rsapps.net ([172.30.191.6]) by director14.mail.ord1d.rsapps.net with LMTP id 6BKUGzsf8WI9MAAAeJ7fFg (envelope-from ) for ; Mon, 08 Aug 2022 10:35:39 -0400 Received: from smtp29.gate.ord1d ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy2.mail.ord1d.rsapps.net with LMTPS id KGphGzsf8WK4MQAAfawv4w (envelope-from ) for ; Mon, 08 Aug 2022 10:35:39 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp29.gate.ord1d.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=netgate.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: YES X-Classification-ID: 5edf4cca-1727-11ed-a782-525400f257a9-1-1 Received: from [216.105.38.7] ([216.105.38.7:34516] helo=lists.sourceforge.net) by smtp29.gate.ord1d.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 46/49-04991-A3F11F26; Mon, 08 Aug 2022 10:35:38 -0400 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oL3q2-0007RZ-D2; Mon, 08 Aug 2022 14:34:39 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oL3q1-0007RT-1d for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 14:34:37 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=nQOIy4u7ZAwG4E6FzQsh6UL6wn JUjz4EG1+a7jP6ghV7cI3p1KbSSrkrhyUdg9PWCbFnxeMldPGcaIEq02V5bkgp1IFyJPHwOBsLx6j OOXjdu7WsjfvmWs9jfQA4gWGeOT8wtnIdtJIicJLInpNMILnDoGGZtFqlXUmt+47iZ6A=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=WFNEJegXN+oi5DerK1IeYqKGpW 6E/JSo26dvpGnal3VBRje7Lq3MzjA/jsldtSGQQa4GEB8pYcRhIo1L1gFYUHdAYdqhWinaeTIF8F7 N0epmgKc6gMXmP5negjXMY4U2Kfg0/TIrR3Uf/Mpdse6jBaILbdvbeoUrKYHushaKP8E=; Received: from mail-ed1-f50.google.com ([209.85.208.50]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1oL3py-0008NZ-Ri for openvpn-devel@lists.sourceforge.net; Mon, 08 Aug 2022 14:34:37 +0000 Received: by mail-ed1-f50.google.com with SMTP id a89so11582462edf.5 for ; Mon, 08 Aug 2022 07:34:34 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:from:to:cc; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=qIdKU11Msmsxgjv18AT/YuPNd86IudPn8QQoqi5WzqnO9x1pOET9a153TcGf5JvyoQ Rbj3onlJpVefo1MejZ9M68TnlH6TDfimDsHN80UYxyGjK4v5FLt6VaUggljJ78heBAtH N6/lkzx7Ewwz3De4QDdPoBHt1i4H0ZYft4qHw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=content-transfer-encoding:mime-version:references:in-reply-to :message-id:date:subject:to:from:x-gm-message-state:from:to:cc; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=3aTGQeG0U29KgLOnuseb3alkv9IlosFN+mYlXPVygjZMfDgTzXUqJaccRuzWUGfxBQ NpALVNgWynzgcpASqVYMTMxa9f0IYyGblGwPgFJvKcNoV/jkepIlE/Ha6TVmkKb01LsE gL3mrZou/CXxNFUupv81L7G7nhAfF+nX/HjNGNaq7QW+t7bXGgQaKlCm45dRgbWa3ZrE 9XV/aSWKStrU2zwfK0oyWWcitwizzFypdlB7DJ/LtodF4xBd/RUSV6/xZN0ycc0M8lQ6 /oKsD+jd9uqhMJc//NYVsTKkA5jd3vGHKEGsvNN2MhcClvo3gBjjaG3podKnJ9+VzBsK 5tyA== X-Gm-Message-State: ACgBeo0EvBd6fnxY3Kc79jtowZy+aDIxDw5Cggj0A+QPG1XMR+66Rbjq mohBqG50FiLJ9moo5jWR+LYMB71rf2OkVA== X-Google-Smtp-Source: AA6agR5F8DxdFjgVU8g0xnX2pjzBCxxgcO0izFSKJh0z9uO4Ovaoiermpfc44HnOoB2HCV3qIe4iYw== X-Received: by 2002:a05:6402:4385:b0:440:679a:c3fa with SMTP id o5-20020a056402438500b00440679ac3famr8826507edc.118.1659969268172; Mon, 08 Aug 2022 07:34:28 -0700 (PDT) Received: from nut.jupiter.sigsegv.be (ptr-8rii4qaqu7q1ipd5fh4.18120a2.ip6.access.telenet.be. [2a02:1811:2417:df00:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id e12-20020a170906314c00b007246492658asm5051034eje.117.2022.08.08.07.34.27 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Mon, 08 Aug 2022 07:34:27 -0700 (PDT) To: openvpn-devel Date: Mon, 8 Aug 2022 16:34:22 +0200 Message-Id: <20220808143424.65924-2-kprovost@netgate.com> X-Mailer: git-send-email 2.37.1 In-Reply-To: <20220808143424.65924-1-kprovost@netgate.com> References: <20220808143424.65924-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.50 listed in list.dnswl.org] -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.50 listed in wl.mailspike.net] 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1oL3py-0008NZ-Ri Subject: [Openvpn-devel] [PATCH] Handle exceeding 'max-clients' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Kristof Provost If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Signed-off-by: Kristof Provost --- src/openvpn/mudp.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 0810fada..0cbca1a9 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -241,15 +241,16 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) hash_add_fast(hash, bucket, &mi->real, hv, mi); mi->did_real_hash = true; multi_assign_peer_id(m, mi); - } - /* If we have a session id already, ensure that the - * state is using the same */ - if (session_id_defined(&state.server_session_id) - && session_id_defined((&state.peer_session_id))) - { - mi->context.c2.tls_multi->n_sessions++; - struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; - session_skip_to_pre_start(session, &state, &m->top.c2.from); + + /* If we have a session id already, ensure that the + * state is using the same */ + if (session_id_defined(&state.server_session_id) + && session_id_defined((&state.peer_session_id))) + { + mi->context.c2.tls_multi->n_sessions++; + struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; + session_skip_to_pre_start(session, &state, &m->top.c2.from); + } } } else