From patchwork Wed Apr 2 11:30:11 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4204 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c6:b0:60a:d70a:d3c7 with SMTP id j6csp3421191maw; Wed, 2 Apr 2025 04:30:52 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCViCbl6sQzb9oliOm33/Hi0/tEEng3/KOHFqB4YFsNUmHkR8/QG8SXdXe+9tPgCr+sBeiGLNwKqY/c=@openvpn.net X-Google-Smtp-Source: AGHT+IF5/No2bGWVPuqmy4MQ8DHQiYmraAVWqz12hxv3We4PpSFa9y8hjKprmve61Rk/y7tWK6P9 X-Received: by 2002:a05:6808:1598:b0:3f8:5b09:2ba2 with SMTP id 5614622812f47-3ff0f64bc5cmr9087905b6e.34.1743593451894; Wed, 02 Apr 2025 04:30:51 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1743593451; cv=none; d=google.com; s=arc-20240605; b=Kx2VRrGqEgmwGH1V2D1cN/8FRskX+RS22Vzv+V5RjrHrChjhn4VEw0zZvf4CSi3flZ q5PG2JtLfKTS+loXLN/d0PEj1bCo/LRdJDol8WqpaCFx4YMnXc8mguDmg6FJmi1GY66T L29KkkJCt/aRVRGxC0Nox0wOS/UxSRzC6XBhvuAoEHsCRhFvT67fTmesjmGljmuwn8fo Niq6CW3AWc7s2sZRB4w71UPTHXxPPPU7NYtqmTn88MTZ/TadcueenqxadUZoWR5wVJAs 56EgU1FfbG0SOC7GpQq6amfzMopqAK5h2xRrOw7Ec1LLrmAuQSJS1Kv8OJxisevIwBQU 6rkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature; bh=CkVNPwUPAwX9h3Hyq5BJ16NSAcexS20p6Vf3TsLrsHs=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=A1Z9gILRIUKroVjiDyWkksEBGClChVIZY5Pw6wRVnSXQgCrNm2xgp9b4v5rzA+WsHm IywOZ4N7Xe5SKTqQTMOV5ICBdMPsF+cXUGnyY9a5+m900ktEg4bkiGCADnIwDqr5pjrJ O/HD8ctuHhJ98dNR1Rq7LiNAO/BmECE/ys04UP1LiJ2oAPxnfud+wWsqo+BH1coN8zob Bb02DN+t4r6sX2mN8zZlrODmVERzabpkTzz2TaBrMGVOcMseNcQ/NYD8RKa4iU1qDx9o PqZA/kpMhACfxu5rgikl8rUc8rCvaFcALf3FRLTlUI53BC+ofLu5b6P0mSog+gcIUNPa HdaA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Bg8hDxsd; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mSpjZnJN; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 5614622812f47-3ff05164fb9si7663649b6e.44.2025.04.02.04.30.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Wed, 02 Apr 2025 04:30:51 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Bg8hDxsd; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mSpjZnJN; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1tzwIx-0007FE-Ba; Wed, 02 Apr 2025 11:30:48 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1tzwIv-0007F2-64 for openvpn-devel@lists.sourceforge.net; Wed, 02 Apr 2025 11:30:45 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Z1LIoNrBVFUXd9MCNk/jhcnNRjrTkqPvy7XvQfc36is=; b=Bg8hDxsdqxLztRdlC6qbJidTb6 y0RiPJcsXnKFdbpfTNFvRhknyuw2QXD1er2Ko9VUk/QdxKnaGzsJCPp6MA4DmCK1ErTBIB+bT9P+y G0wnVxmjGNPYrg+Ew9BwDcXHJAfPw2aYallrssMBmLEo2rLGD8UQFb+7UcAosLcO0hSI=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Z1LIoNrBVFUXd9MCNk/jhcnNRjrTkqPvy7XvQfc36is=; b=mSpjZnJNxjGf3ZirYK1QZO5puU Ja1ZKmvXAcLwwxZ6KfDlTwfgaPk4VQGAid+rz++7XPfV/Os6UuK8S95ukMDN9d4vw5DWGvwSgxc/f PlRB/bIAwYcxt6rcUrT29gGnXnv0SKIO2yAUnvACgqOyFYyINLmgl6FEuN/szZPxkFTg=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1tzwIe-0006IT-TY for openvpn-devel@lists.sourceforge.net; Wed, 02 Apr 2025 11:30:45 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.17.1.9/8.17.1.9) with ESMTP id 532BUHan015062 for ; Wed, 2 Apr 2025 13:30:17 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.17.1.9/8.17.1.9/Submit) id 532BUHqg015061 for openvpn-devel@lists.sourceforge.net; Wed, 2 Apr 2025 13:30:17 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Wed, 2 Apr 2025 13:30:11 +0200 Message-ID: <20250402113016.14980-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.45.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 0.0 (/) X-Spam-Report: Spam detection software, running on the system "util-spamd-2.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Lev Stipakov This is a backport of the master commit f60a493 ("dco-win: Fix crash when cancelling pending operation") Content analysis details: (0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 RCVD_IN_VALIDITY_SAFE_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in sa-trusted.bondedsender.org] 0.0 RCVD_IN_VALIDITY_RPBL_BLOCKED RBL: ADMINISTRATOR NOTICE: The query to Validity was blocked. See https://knowledge.validity.com/hc/en-us/articles/20961730681243 for more information. [193.149.48.174 listed in bl.score.senderscore.com] -0.0 SPF_PASS SPF: sender matches SPF record -0.0 SPF_HELO_PASS SPF: HELO matches SPF record X-Headers-End: 1tzwIe-0006IT-TY Subject: [Openvpn-devel] [PATCH v1] dco-win: Ensure correct OVERLAPPED scope X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1828290247065778076?= X-GMAIL-MSGID: =?utf-8?q?1828290247065778076?= From: Lev Stipakov This is a backport of the master commit f60a493 ("dco-win: Fix crash when cancelling pending operation") Although I am unable to reproduce this issue on release branch, the code is clearly wrong and has to be fixed. The OVERLAPPED structure must remain valid for the entire duration of an asynchronous operation. Previously, when a TCP connection was pending inside the NEW_PEER call, the OVERLAPPED structure was defined as a local variable within dco_p2p_new_peer(). When CancelIo() was called later from close_tun_handle(), the OVERLAPPED structure was already out of scope, resulting in undefined behavior and stack corruption. This fix moves the OVERLAPPED structure to the tuntap struct, ensuring it remains valid throughout the operation's lifetime. Change-Id: I44a73f06c0672c1d288bf46e9424dc0dc2abe054 Signed-off-by: Lev Stipakov Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to release/2.6. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/933 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/dco_win.c b/src/openvpn/dco_win.c index 3ec946f..0b8f831 100644 --- a/src/openvpn/dco_win.c +++ b/src/openvpn/dco_win.c @@ -156,7 +156,8 @@ } void -dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local, +dco_create_socket(HANDLE handle, OVERLAPPED *ov, + struct addrinfo *remoteaddr, bool bind_local, struct addrinfo *bind, int timeout, struct signal_info *sig_info) { @@ -229,8 +230,8 @@ ASSERT(0); } - OVERLAPPED ov = { 0 }; - if (!DeviceIoControl(handle, OVPN_IOCTL_NEW_PEER, &peer, sizeof(peer), NULL, 0, NULL, &ov)) + CLEAR(*ov); + if (!DeviceIoControl(handle, OVPN_IOCTL_NEW_PEER, &peer, sizeof(peer), NULL, 0, NULL, ov)) { DWORD err = GetLastError(); if (err != ERROR_IO_PENDING) @@ -239,7 +240,7 @@ } else { - dco_connect_wait(handle, &ov, timeout, sig_info); + dco_connect_wait(handle, ov, timeout, sig_info); } } } diff --git a/src/openvpn/dco_win.h b/src/openvpn/dco_win.h index 4883629..dcf480e 100644 --- a/src/openvpn/dco_win.h +++ b/src/openvpn/dco_win.h @@ -41,7 +41,8 @@ create_dco_handle(const char *devname, struct gc_arena *gc); void -dco_create_socket(HANDLE handle, struct addrinfo *remoteaddr, bool bind_local, +dco_create_socket(HANDLE handle, OVERLAPPED *ov, + struct addrinfo *remoteaddr, bool bind_local, struct addrinfo *bind, int timeout, struct signal_info *sig_info); diff --git a/src/openvpn/socket.c b/src/openvpn/socket.c index e070688..2eb2e74 100644 --- a/src/openvpn/socket.c +++ b/src/openvpn/socket.c @@ -2148,7 +2148,7 @@ c->c1.tuntap = tt; } - dco_create_socket(c->c1.tuntap->hand, + dco_create_socket(c->c1.tuntap->hand, &c->c1.tuntap->dco_new_peer_ov, sock->info.lsa->current_remote, sock->bind_local, sock->info.lsa->bind_local, get_server_poll_remaining_time(sock->server_poll_timeout), diff --git a/src/openvpn/tun.h b/src/openvpn/tun.h index 33b9552..91dbeef 100644 --- a/src/openvpn/tun.h +++ b/src/openvpn/tun.h @@ -196,6 +196,7 @@ #ifdef _WIN32 HANDLE hand; + OVERLAPPED dco_new_peer_ov; /* used for async NEW_PEER dco call, which might wait for TCP connect */ struct overlapped_io reads; struct overlapped_io writes; struct rw_handle rw_handle;