| Message ID | 20250121161247.37883-1-frank@lichtenheld.com |
|---|---|
| State | New |
| Headers | show
Return-Path: <openvpn-devel-bounces@lists.sourceforge.net>
Delivered-To: patchwork@openvpn.net
Received: by 2002:a05:7000:6166:b0:5e7:b9eb:58e8 with SMTP id t6csp160193mab;
Tue, 21 Jan 2025 08:13:10 -0800 (PST)
X-Forwarded-Encrypted: i=2;
AJvYcCVXx7saaDa4HtTens1IFuta9S6BXYZ16mbp9oQ/ANusA1wJ6gKXq4eJhbSj9vwsrUXLA1HXtA8E3JE=@openvpn.net
X-Google-Smtp-Source:
AGHT+IGvb3kRLlRqI5yESnWfCOoR+qP88ppYM1zinMrFgMuD9ekXkktEpwzl3Zq8/EtZcqTpWQLC
X-Received: by 2002:a05:6871:400b:b0:2a3:c59f:4cba with SMTP id
586e51a60fabf-2b1c0ab0d4emr9487906fac.17.1737475990176;
Tue, 21 Jan 2025 08:13:10 -0800 (PST)
ARC-Seal: i=1; a=rsa-sha256; t=1737475990; cv=none;
d=google.com; s=arc-20240605;
b=a4HFDn8UY0VWjMAr+SaAb2CRZX6yRqEL5QagsFmRWyZ5UKLod3RjB3a/oW1LBN/R/F
bjzPsJQ+2Rg0PtoHn2ZnORud+gwy4d28HV2w1LOmPOmEHG/J1PMUnr3ntiBN5UqgWyTc
UZkHGjOxRGcXkjZoe934jDD8p64COS4Hdr36sjTavt+vcPR+DX60lgQkYUQGR7kSddm4
4oKwa0xSt/wB3fXeEQtGKGZfgDzTLlLJAzfx/OE7GpPkVpdXIMg0vP0JS5CIAcsWdatX
yqIFI/DL5gC3kr0dKtdCwXqNZ7hHRapPIgzgmpuvIYmokV/3CW1438hMX6njWurAueSx
OKfw==
ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com;
s=arc-20240605;
h=errors-to:content-transfer-encoding:list-subscribe:list-help
:list-post:list-archive:list-unsubscribe:list-id:precedence:subject
:mime-version:references:in-reply-to:message-id:date:to:from
:dkim-signature:dkim-signature:dkim-signature;
bh=x1Xb6FgX8iu/0b6Q21uThi/Ix253LA8UZlzXPp86SQY=;
fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=;
b=baEp2ZJ7WlaozUQjAzGCrs4Axe/ePqtzaqlJwCGh0RTxFQmq3umsPX8DFaiRFs+4RC
yG3H3xNCcZm5LTi/hiS0xNyTA/y5PCg++ods4heEXuaZWfifFD1noxyUN9d+yBta2N/3
9r1JGR6G/i+REx8noNyCEkj0DsK2pMWW4YJvAVzzEibgGKCS4aCTqc777HUdEDfvMF00
1sJI9d9kLZTOsqLSlQSfLukCsBX8+a5UCZWExIMQTzfalAxhqKg7M5X5aB15bURB5Whu
GyCB5cuR718Nm5T+lKdjl3oHkDtpZG6utqUQDXkT/qk8iQmdiFSkbJz7pBQJdDWZbOr3
hGkQ==;
dara=google.com
ARC-Authentication-Results: i=1; mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=HbegvFD2;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=jSmNuUnY;
dkim=neutral (body hash did not verify) header.i=@lichtenheld.com
header.s=MBO0001 header.b=Ad4VzWnS;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7])
by mx.google.com with ESMTPS id
46e09a7af769-7249b392af8si8985962a34.29.2025.01.21.08.13.09
(version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128);
Tue, 21 Jan 2025 08:13:10 -0800 (PST)
Received-SPF: pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) client-ip=216.105.38.7;
Authentication-Results: mx.google.com;
dkim=neutral (body hash did not verify) header.i=@sourceforge.net
header.s=x header.b=HbegvFD2;
dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x
header.b=jSmNuUnY;
dkim=neutral (body hash did not verify) header.i=@lichtenheld.com
header.s=MBO0001 header.b=Ad4VzWnS;
spf=pass (google.com: domain of
openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as
permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net
Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com)
by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95)
(envelope-from <openvpn-devel-bounces@lists.sourceforge.net>)
id 1taGsD-0004AM-Tl;
Tue, 21 Jan 2025 16:13:05 +0000
Received: from [172.30.29.66] (helo=mx.sourceforge.net)
by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls
TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95)
(envelope-from <frank@lichtenheld.com>) id 1taGs8-0004A3-AU
for openvpn-devel@lists.sourceforge.net;
Tue, 21 Jan 2025 16:13:00 +0000
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed;
d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References:
In-Reply-To:Message-Id:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:
Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender:
Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:
List-Subscribe:List-Post:List-Owner:List-Archive;
bh=nnsHfJ2DoGgj/3e33D2h2Bkq5dmPvxYAL+wEuceK5rI=; b=HbegvFD2sGgLeZWTiRvBPpgC9i
aaLa0ozaeNa4LUZXSHYsDk0mQHhXAY/5/mY6EsT1g2dAOlGyqPYgzy5BY1MNMgca9lTS6iZuxzoZ5
XidsYnUDGXDngMI/IXpc+rHJLCTSGneipH5nMHgP7eYEb1BKAkVNgqT42QLmP/nNORxA=;
DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x
;
h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id:
Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID:
Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc
:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe:
List-Post:List-Owner:List-Archive;
bh=nnsHfJ2DoGgj/3e33D2h2Bkq5dmPvxYAL+wEuceK5rI=; b=jSmNuUnYnyVJQ8oJeXc0t9SZtN
X+kZ5uX/Fk3CcRhVasv7u5uocync2dQVBvYU5s710xPzlbmGg3taBY4XIfu1X2uxstNVAgmR73S1+
8nicax/BBf4Rf30mKA3YoqGVcNfIQzXDtkGEuSGMGuGml59RVEGC67MsowVLyTY0Z5Vw=;
Received: from mout-p-101.mailbox.org ([80.241.56.151])
by sfi-mx-2.v28.lw.sourceforge.com with esmtps
(TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95)
id 1taGs6-0002ON-35 for openvpn-devel@lists.sourceforge.net;
Tue, 21 Jan 2025 16:12:58 +0000
Received: from smtp202.mailbox.org (smtp202.mailbox.org [10.196.197.202])
(using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits)
key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest
SHA256)
(No client certificate requested)
by mout-p-101.mailbox.org (Postfix) with ESMTPS id 4YcsgP5JfFz9sX2;
Tue, 21 Jan 2025 17:12:49 +0100 (CET)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=lichtenheld.com;
s=MBO0001; t=1737475969;
h=from:from:reply-to:subject:subject:date:date:message-id:message-id:
to:to:cc:cc:mime-version:mime-version:
content-transfer-encoding:content-transfer-encoding:
in-reply-to:in-reply-to:references:references;
bh=nnsHfJ2DoGgj/3e33D2h2Bkq5dmPvxYAL+wEuceK5rI=;
b=Ad4VzWnSwY3MR8DUa9xvFug8H/BVjRBl6Alw/JE3H+O//MKo1p34Iv+yru3+FI2EolAf3t
GmXlSYLNlhNLwnnjGDtgFpo4duswHZwAr1pfXAs2u2rtl1A8f5wRXOuavSQ642HIKLkkMT
E8aJHEgCymVCut07peMEKFpnF7e6VD/zw/QRw2pKeadEGAun/J/qKAAhr9FWMSawZfUZN1
3qcjfHb970b0rMmGSM9Om0fdgbj8GDItRy+7WmphJ0GXCIrF0AVRdXE25Ps28fFDG+ChRM
m4mNWXdeAsR6jfU0tchK3ch+Haqw3OHG2RLmYSUL0PSzP1sCsmIyQnv1VDiMBg==
From: Frank Lichtenheld <frank@lichtenheld.com>
To: openvpn-devel@lists.sourceforge.net
Date: Tue, 21 Jan 2025 17:12:47 +0100
Message-Id: <20250121161247.37883-1-frank@lichtenheld.com>
In-Reply-To:
<gerrit.1737375148000.Ib8adf7b31cae02e2de3d45da23b76a2d79f13e20@gerrit.openvpn.net>
References:
<gerrit.1737375148000.Ib8adf7b31cae02e2de3d45da23b76a2d79f13e20@gerrit.openvpn.net>
MIME-Version: 1.0
X-Spam-Score: -0.9 (/)
X-Spam-Report: Spam detection software,
running on the system "util-spamd-2.v13.lw.sourceforge.com",
has NOT identified this incoming email as spam. The original
message has been attached to this so you can view it or label
similar future email. If you have any questions, see
the administrator of that system for details.
Content preview: From: Arne Schwabe <arne@rfc2549.org> tls_lock_username is
only called in a single place and that place calls this is function with
up->username,
which is always defined. Change-Id: Ib8adf7b31cae02e2de3d45da23b76a2d79f13e20
Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Frank Lichtenheld
<frank@lichtenheld.com> ---
Content analysis details: (-0.9 points, 6.0 required)
pts rule name description
---- ----------------------
--------------------------------------------------
-0.7 RCVD_IN_DNSWL_LOW RBL: Sender listed at https://www.dnswl.org/,
low trust [80.241.56.151 listed in list.dnswl.org]
0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The
query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[80.241.56.151 listed in bl.score.senderscore.com]
-0.0 SPF_PASS SPF: sender matches SPF record
0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record
0.0 RCVD_IN_VALIDITY_CERTIFIED_BLOCKED RBL: ADMINISTRATOR NOTICE:
The query to Validity was blocked. See
https://knowledge.validity.com/hc/en-us/articles/20961730681243
for more information.
[80.241.56.151 listed in sa-trusted.bondedsender.org]
-0.1 DKIM_VALID Message has at least one valid DKIM or DK signature
-0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from
author's domain
0.1 DKIM_SIGNED Message has a DKIM or DK signature,
not necessarily
valid
-0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from
envelope-from domain
X-Headers-End: 1taGs6-0002ON-35
Subject: [Openvpn-devel] [PATCH v1] Remove comparing username to NULL in
tls_lock_username
X-BeenThere: openvpn-devel@lists.sourceforge.net
X-Mailman-Version: 2.1.21
Precedence: list
List-Id: <openvpn-devel.lists.sourceforge.net>
List-Unsubscribe: <https://lists.sourceforge.net/lists/options/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=unsubscribe>
List-Archive:
<http://sourceforge.net/mailarchive/forum.php?forum_name=openvpn-devel>
List-Post: <mailto:openvpn-devel@lists.sourceforge.net>
List-Help: <mailto:openvpn-devel-request@lists.sourceforge.net?subject=help>
List-Subscribe: <https://lists.sourceforge.net/lists/listinfo/openvpn-devel>,
<mailto:openvpn-devel-request@lists.sourceforge.net?subject=subscribe>
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: 7bit
Errors-To: openvpn-devel-bounces@lists.sourceforge.net
X-getmail-retrieved-from-mailbox: Inbox
X-GMAIL-THRID: =?utf-8?q?1821875623870239155?=
X-GMAIL-MSGID: =?utf-8?q?1821875623870239155?=
|
| Series |
[Openvpn-devel,v1] Remove comparing username to NULL in tls_lock_username
|
expand
|
diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 4c4b58d..e7d7ed6 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -153,11 +153,11 @@ { if (multi->locked_username) { - if (!username || strcmp(username, multi->locked_username)) + if (strcmp(username, multi->locked_username) != 0) { msg(D_TLS_ERRORS, "TLS Auth Error: username attempted to change from '%s' to '%s' -- tunnel disabled", multi->locked_username, - np(username)); + username); /* disable the tunnel */ tls_deauthenticate(multi); @@ -166,10 +166,7 @@ } else { - if (username) - { - multi->locked_username = string_alloc(username, NULL); - } + multi->locked_username = string_alloc(username, NULL); } return true; }