From patchwork Fri Jul 19 13:10:16 2024 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Frank Lichtenheld X-Patchwork-Id: 3769 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6242:b0:5a1:d4fc:4ac6 with SMTP id v2csp570520mad; Fri, 19 Jul 2024 06:11:03 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXigTGPuzPs9DeIW360FKf+o2LdUa5Ad0LIXQiWu3eAoPNLLlHotdtgZq135p7kDCi1TpE9A/4gXp/HAB0i+UsrctR3QbI= X-Google-Smtp-Source: AGHT+IFLngf1d+DOAupVmAYbbyZDLIp9eykxo7ewFH09fiqUk2gMCZYObCLl6ndrASHF6QiTp3SO X-Received: by 2002:a05:6808:188f:b0:3da:ac08:cd52 with SMTP id 5614622812f47-3dadf5bfc06mr1713763b6e.6.1721394663023; Fri, 19 Jul 2024 06:11:03 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1721394662; cv=none; d=google.com; s=arc-20160816; b=eaQyJ1Kji8tAgQEQHR04xREBpR+Cu+CSYwmmL2yb7hQeYhTTT5psbPe24hwmhqAJVN DlvejR0wBhBZfuZBg7qTAFszdkUk88l0W8oWuFSaoK8O7+pRqgQp9Uq67VEwcxAYE0Fe E9UWQBWJvyp4NUa5Omz1lJQ/z3W19K6FQPFMfTYogN/kBuTM0U/KOZbxsEy220gQl11U KRvqaXKMmbQZ7voqRVCy2S9T18j8WUUOoIbZLzuAQ6V1jygTJHSCdy+C7Vsjwe5sqysW B5/RKdNX3lW4cQ28rKHDc9VIz2qi+s49en9XKFjc66HhF4akPQruUKDz4OMaVeB9aFvF V5xw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=V+CL/K/1RvFznlvLxqEoG/8vmRLnPi/ZACIVxf4xIGk=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=xp9Ywlao3i9k8bqW4kzwaV87Zmvsi70xz0WqmNwEk+kulQbLXAGyRxMjrp6qf1L6KK xSht6fgZSeSL9aREywvrUSijgquGzfu7kD/m6j/TRwagy7bR443ShMQY81XlU7kih5br +fss9hhgW99iyG+ps4Dm3bkReuoqHiGYR6WNJy4mRAcKBe7nML0vkfWgppUCHKj7flaq BcYmKy15HbYEVbKfFaVp5vRN2lCoIMEGh686r6qxOwy1KGuWuc/N4XwBwWxmx96MpeV1 KDc6ZTu+ZNQzgcZmMqdqUir7b2hNOeSKJHmXM2VeNwGLX1ZIYB7Fs6Xb2MwD+fiHOPgl hpeA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DoYSaL2J; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hBUV0Yw+; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=XnF8Ds7n; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3dae0bcee93si663748b6e.346.2024.07.19.06.11.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 19 Jul 2024 06:11:02 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DoYSaL2J; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=hBUV0Yw+; dkim=neutral (body hash did not verify) header.i=@lichtenheld.com header.s=MBO0001 header.b=XnF8Ds7n; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1sUnNb-0005VZ-QR; Fri, 19 Jul 2024 13:10:35 +0000 Received: from [172.30.29.67] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1sUnNZ-0005VQ-Vv for openvpn-devel@lists.sourceforge.net; Fri, 19 Jul 2024 13:10:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=2hLjGK+BRnlhondvGg5sB9jWp9jWG1CC74484hm5x9c=; b=DoYSaL2JsaAsmed5F49nBKcFIP UjTh1UXsnrXQTF22gPSSf8NPlITPMbDVZ1xIW7u7GGppgn6l9r09lzRE+zzSYoQcBopLnuBkyiEng OP9rZsZL8V3MvRLrIpmtAA+64/+PFCdOPWwc++KcDo98CB6m3NAic0FNMpfm6ea4Miig=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=2hLjGK+BRnlhondvGg5sB9jWp9jWG1CC74484hm5x9c=; b=hBUV0Yw+s2ulR0rwixiKIEkN1/ s30A7uNAaznTDJ+etWYCuO0M1QziQdss1ySItew+cTyydxdoqWaOjCjRJVVj8EsawWg7xZoDNrnLv qKju2+IyJPFL5EZ4OyPGzyH9rhYJP1tL2NI8tcDe9n/GtuZzfZM0rK+yYjUwRylNEu90=; Received: from mout-p-101.mailbox.org ([80.241.56.151]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1sUnNX-0001Tm-Tx for openvpn-devel@lists.sourceforge.net; Fri, 19 Jul 2024 13:10:33 +0000 Received: from smtp202.mailbox.org (smtp202.mailbox.org [IPv6:2001:67c:2050:b231:465::202]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4WQVQg0jVKz9snJ; Fri, 19 Jul 2024 15:10:19 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com; s=MBO0001; t=1721394619; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=2hLjGK+BRnlhondvGg5sB9jWp9jWG1CC74484hm5x9c=; b=XnF8Ds7nejAybcwCQzriXQf4LJWDKj9qo/n+BjyJUBFuaMdkHfwvjwkjVaa3g9FgBXWMRZ V2cblFh0wgqAXnWLUAYkpECpfp84tz8wt5K8Gnry0ubr6p+Er/GIrebNJYuoowJkrQgJiv 9nEex4OqfyLhG4vmWZM1rxRYMNY0PmbwQRUgb5eu6G5HQKFC2NdbobZ1dRb4iI3tvhM3zk a1E5JIgy/o8D2Wvu58fOQlI8kUJUwvqDxybMxcEtZfVxeMXZ/C9sy8Poo3s870JAPsBQUN QPMs0j1rTGlBt0aWIMEZGKg1dYgSX7x/jqCqgxgbw4XY6kLny4x+LjlhSucBqg== From: Frank Lichtenheld To: openvpn-devel@lists.sourceforge.net Date: Fri, 19 Jul 2024 15:10:16 +0200 Message-Id: <20240719131016.75042-1-frank@lichtenheld.com> In-Reply-To: References: MIME-Version: 1.0 X-Rspamd-Queue-Id: 4WQVQg0jVKz9snJ X-Spam-Score: -5.2 (-----) X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe If the configuration is read from stdin, we cannot reread the configuration as stdin provides the configuration only once. So whenever we hit the "close_context usr1 to hup" logic, the OpenVPN process [...] Content analysis details: (-5.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 URIBL_BLOCKED ADMINISTRATOR NOTICE: The query to URIBL was blocked. See http://wiki.apache.org/spamassassin/DnsBlocklists#dnsbl-block for more information. [URIs: openvpn.net] 0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [80.241.56.151 listed in sa-accredit.habeas.com] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [80.241.56.151 listed in bl.score.senderscore.com] -5.0 RCVD_IN_DNSWL_HI RBL: Sender listed at https://www.dnswl.org/, high trust [80.241.56.151 listed in list.dnswl.org] -0.0 SPF_PASS SPF: sender matches SPF record 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain X-Headers-End: 1sUnNX-0001Tm-Tx Subject: [Openvpn-devel] [PATCH v3] Avoid SIGUSR1 to SIGHUP when the configuration is read from stdin X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1805013130272256933?= X-GMAIL-MSGID: =?utf-8?q?1805013130272256933?= From: Arne Schwabe If the configuration is read from stdin, we cannot reread the configuration as stdin provides the configuration only once. So whenever we hit the "close_context usr1 to hup" logic, the OpenVPN process will fail as tries to restart with an empty configuration. While OpenVPN tries to block USR1 from normal unix signal, I have observed cases in my app which sends USR1 from management interface where the CC_HARD_USR1_TO_HUP logic is trigger and breaking the OpenVPN process. Change-Id: Icfc179490d6821e22d14817941fb0bad667c713f Signed-off-by: Arne Schwabe Acked-by: Frank Lichtenheld --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/533 This mail reflects revision 3 of this Change. Acked-by according to Gerrit (reflected above): Frank Lichtenheld diff --git a/src/openvpn/openvpn.c b/src/openvpn/openvpn.c index 0e85ebc..a55dde6 100644 --- a/src/openvpn/openvpn.c +++ b/src/openvpn/openvpn.c @@ -32,6 +32,7 @@ #include "multi.h" #include "win32.h" #include "platform.h" +#include "string.h" #include "memdbg.h" @@ -60,9 +61,10 @@ /* set point-to-point mode */ c->mode = CM_P2P; - - /* initialize tunnel instance */ - init_instance_handle_signals(c, c->es, CC_HARD_USR1_TO_HUP); + /* initialize tunnel instance, avoid SIGHUP when config is stdin since + * reading the config from stdin will not work */ + bool stdin_config = c->options.config && (strcmp(c->options.config, "stdin") == 0); + init_instance_handle_signals(c, c->es, stdin_config ? 0 : CC_HARD_USR1_TO_HUP); if (IS_SIG(c)) { return;