From patchwork Tue Sep 2 16:45:15 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4393 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2a1c:b0:671:5a2c:6455 with SMTP id k28csp1941510maz; Tue, 2 Sep 2025 09:45:38 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCWO17PAz969eQgjxKGrzdfPw/NIj0wKtSRUVtz83/BgLGY7roF1JXg/1/ordJYBRIRE/D8F0xcS1jQ=@openvpn.net X-Google-Smtp-Source: AGHT+IHd6z2H11LsqXhg9pSj1e9hhscIfYU70gX7mmSetXwyb9HaNZZ9qNF8WD0x7GPFk/PNF+gZ X-Received: by 2002:a05:6808:22a1:b0:433:ee48:cb8f with SMTP id 5614622812f47-437f7cf27f0mr6196334b6e.17.1756831538071; Tue, 02 Sep 2025 09:45:38 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1756831538; cv=none; d=google.com; s=arc-20240605; b=QDQwf5woMotWv9ZGjVCwL3fcG70Q2O0Mm7KM9kMvjL8sRigwHqCHYmp2msTuJfLwHZ 9gI8eRmKyvY2//lCbk+RTUtJoPLsXAIv7KtJFNl7sMdeN/pkRYYU6lbUN+sGobEHnP/N dm8EgxgOk2BGJU01FYIh2EZ8bu7cwr6mtl0fMbIVoXUie8RVw0+YVaiROL9Yf3h9BCXp TNhyNEqvr5rQnQOhlYnjW0/QWs67SI0mZ7auabrZK0kz+LVNH1O8hLB1xOu5dNMgEipb fehhGLZeagTnHUUYnpWbCoAfJsF5CTLepn81GFm1WZlOdApKRZH5F5y+n1xaWzpZmTjU ju0g== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=qXGfv2ETl6QJJhCDVz5rkZgBULObhhm2sMR9LLiC4D0=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=BUZl9Zx7qgN1xQBPREENKf+gdt80QZBiiKSUsEalUL2qdG5fA/dUxhE1Fvwe3T1id6 7bA5htB3YlYpsunsRH8giZG+Q477xb7PMcJynKuEGO5SiBqHT6/g/8aNaall5S2afnyG rw+qfdnh7MDrzU7j7cPtaxHuGNvE8O3e28KlmodmHmuJm+vwoIK/t9SEj03mq/OTnF6P Y5bFb8TN5L+rFpEPPLcXw5spKpjLAsxWLZjtWqm68VdfF/7Svu5wV1+1THQISdIduEu1 T66a8CL+/EGFh9Nndiz5rQZ4smi/mFiQ4jsZg/dzhykfLykJKmiWB/jIw5q0XHIg5h3P 9dCA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=etcD+eLc; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Duo6sdPg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EGQecgMg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 46e09a7af769-7457445c2d5si1498472a34.320.2025.09.02.09.45.37 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 02 Sep 2025 09:45:38 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=etcD+eLc; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Duo6sdPg; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=EGQecgMg; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=qXGfv2ETl6QJJhCDVz5rkZgBULObhhm2sMR9LLiC4D0=; b=etcD+eLcyvUIa6i585rrZZUaKo Mz/7pDIzg9ViHhm9Me2EJ2A/cVeabSXqSEIGvkAfJxtwHK1BUraQ4RGjn8jCrJ+PhgxwdyaAzHInP 1nCF3v2dI3KSvq8cUuRkkVrRpKZvtWtmGbJlriD6BbEAY7ds3aJWmXyeoir19e73Ssuk=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1utU8W-0006GQ-Ac; Tue, 02 Sep 2025 16:45:36 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1utU8U-0006GI-G6 for openvpn-devel@lists.sourceforge.net; Tue, 02 Sep 2025 16:45:34 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=USIcAB+zhGWDLOH929rsNk5Q4lPBLYDba+PGKXL5ZX0=; b=Duo6sdPgqvbRMiMyfCYcrwisyR FAqEzEVupN72Ipp5p5uuujT57+YD1YkbWy/O5OIp99zYS7mqbeuamKksRUpJdkesy49oxMqcSWarp gzr64y/6lBjez4yqHWohz69FG540TdZlfgvEk3tUIFTHRMRag4lHBU/8vjpaGkydaQUA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=USIcAB+zhGWDLOH929rsNk5Q4lPBLYDba+PGKXL5ZX0=; b=EGQecgMg4J+a9+D7NXCWhYQHQC DBduIrQWRLBRRaf159UUlFc2ZcpccnFStFA5Jra1/F12R0KY0sX0Ga/SU32ZuOdTEPNgZEQgvUem4 WdGiOB32CZq5xQoFbYf8GcvehFrLdFLS88DR3HOIDn9H56KHYbB5RfqvABTwQiKnx9z8=; Received: from [193.149.48.143] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1utU8T-0000Cx-GH for openvpn-devel@lists.sourceforge.net; Tue, 02 Sep 2025 16:45:34 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 582GjMi3023158 for ; Tue, 2 Sep 2025 18:45:22 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 582GjLRm023157 for openvpn-devel@lists.sourceforge.net; Tue, 2 Sep 2025 18:45:21 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Tue, 2 Sep 2025 18:45:15 +0200 Message-ID: <20250902164521.23145-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Ralf Lici If dco_get_peer_stats() is called with an uninitialized c->c1.tuntap it results in a segfault. This issue happens when a client who has not connected to any server: - has --management and exits, - has [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1utU8T-0000Cx-GH Subject: [Openvpn-devel] [PATCH v2] dco_linux: validate tun interface before fetching stats X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1842165322358718742?= X-GMAIL-MSGID: =?utf-8?q?1842171386462132439?= From: Ralf Lici If dco_get_peer_stats() is called with an uninitialized c->c1.tuntap it results in a segfault. This issue happens when a client who has not connected to any server: - has --management and exits, - has --management and a management interface client issues either `bytecount` or `status` or - if SIGUSR2 is sent to it. Add a check to ensure the tun interface was set up before attempting to retrieve peer statistics. Change-Id: I40c11864745cc1619cb9cbf490b168f90feb5eac Signed-off-by: Ralf Lici Acked-by: Gert Doering --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1166 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index a3907fe..e70b74d 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -1139,6 +1139,8 @@ static int dco_get_peer(dco_context_t *dco, int peer_id, const bool raise_sigusr1_on_err) { + ASSERT(dco); + /* peer_id == -1 means "dump all peers", but this is allowed in MP mode only. * If it happens in P2P mode it means that the DCO peer was deleted and we * can simply bail out @@ -1182,6 +1184,11 @@ int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { + if (!c->c1.tuntap || c->c1.tuntap->dco.ifindex == 0) + { + return -1; + } + return dco_get_peer(&c->c1.tuntap->dco, c->c2.tls_multi->dco_peer_id, raise_sigusr1_on_err); }