diff mbox series

[Openvpn-devel,v3] Fix DNS options duplication on PUSH_UPDATE

Message ID 20250731122410.12200-1-gert@greenie.muc.de
State New
Headers show
Series [Openvpn-devel,v3] Fix DNS options duplication on PUSH_UPDATE | expand

Commit Message

Gert Doering July 31, 2025, 12:24 p.m. UTC 
From: Lev Stipakov <lev@openvpn.net>

Commit

    2dfc4f ("dns: deal with --dhcp-options when --dns is active")

has removed reset of tuntap DNS options. Due to that, incoming --dns
options are added to existing ones instead of overwriting them.

It has also added a new storage for --dhcp-option. The push-update
code didn't clear it and as a result, incoming --dhcp-option options
were added to existing ones instead of overwriting them.

Fixed by:

 - resetting tuntap DNS options (regression from abovementioned commit)
 - clearing dhcp options storage in push-update code

GitHub: fixes OpenVPN/openvpn#804

Change-Id: Ife4d8fc5f8e2183e61226d66a76bbaa02c06f787
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Heiko Hund <heiko@openvpn.net>
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1121
This mail reflects revision 3 of this Change.

Acked-by according to Gerrit (reflected above):
Heiko Hund <heiko@openvpn.net>

Comments

Gert Doering July 31, 2025, 12:56 p.m. UTC | #1 
This looks generally reasonable, and if Heiko (who understands the "DNS
related data flow" around options.c way better than I do) says this is
fine, it should be :-) - so, in it goes, just in time for Alpha3...

Test compiled on Windows/MinGW (as the buildbots are busy and I am
impatient).

Your patch has been applied to the master branch.

commit 70d4c6776bd563f487add399bd4acf58c5e22334
Author: Lev Stipakov
Date:   Thu Jul 31 14:24:05 2025 +0200

     Fix DNS options duplication on PUSH_UPDATE

     Signed-off-by: Lev Stipakov <lev@openvpn.net>
     Acked-by: Heiko Hund <heiko@openvpn.net>
     Message-Id: <20250731122410.12200-1-gert@greenie.muc.de>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32448.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 3753810..3ceada0 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3527,7 +3527,13 @@ 
 #endif /* if defined(_WIN32) */
 
     /* Copy --dns options to tuntap_options */
+
     const struct dns_domain *d = dns->search_domains;
+    if (d)
+    {
+        tt->domain_search_list_len = 0;
+    }
+
     while (d && tt->domain_search_list_len + 1 < N_SEARCH_LIST_LEN)
     {
         tt->domain_search_list[tt->domain_search_list_len++] = d->name;
@@ -3538,6 +3544,9 @@ 
         msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to TUN/TAP");
     }
 
+    tt->dns_len = 0;
+    tt->dns6_len = 0;
+
     const struct dns_server *s = dns->servers;
     while (s)
     {
@@ -6212,6 +6221,8 @@ 
             }
             o->disable_nbt = 0;
             o->dhcp_options = 0;
+
+            CLEAR(options->dns_options.from_dhcp);
 #if defined(TARGET_ANDROID)
             o->http_proxy_port = 0;
             o->http_proxy = NULL;