From patchwork Fri Oct 10 14:19:56 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4496 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:7d42:b0:72f:f16c:e055 with SMTP id fr2csp334280mab; Fri, 10 Oct 2025 07:20:16 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCW7VtLg4RA/40MtZZXZvNksmUGjjTcWVkCCUAvmh52PQcd9WAB1LsXS8IaIA8Z0VQm21hr8DTlPYSY=@openvpn.net X-Google-Smtp-Source: AGHT+IEwggzSza+RbNwHL7U71FVTPikPru6/8Jr02WaKE2dVV6v3VHR802F71XccB1osz7pq3DVS X-Received: by 2002:a05:6e02:214d:b0:426:9b42:24ce with SMTP id e9e14a558f8ab-42f87370ab0mr124028085ab.13.1760106016460; Fri, 10 Oct 2025 07:20:16 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1760106016; cv=none; d=google.com; s=arc-20240605; b=BKeZZB4rufIxX833IgjqTYJqyWPGRRhPgt6IXnYz/0lJNhvopf+9YhPgCahWNYdnNg 2g22zoqRtOR/dXO28Khq9aHpXy50eBpYryABNK9PeenRytTOQ7rkgTJIyp9oWeHjZpwm XY5o6uBBOH5L5v9kQ1gjz9V8lBXMPJf5bmvy3YHYNWdtdaa0JqhTHfaJ8MPg2MD+27bL fnK5tjLDacK4muO/cBCMWe+XXLPuh7J7wavbgPj12YAyt1tg1tUP55b0/lEG/2rChk50 kwlmdX4meInP5I5rlO6aKEY1I5pVWY/560fiX7z57qtE0xifAreof1qyFJNw1D7OZKXB fVWA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=8HN+VMIiOT7OFZ6xnmXZJmAE+B+1L4N9E07p+8OBgj8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=GYS7KNy2rNd1KQuFGW4/4/DC7VErwHLlwgS9+5IPaW5blLkAkagU3ngzFQew8vPgkm rU2QrgJwtXExTJU9dIWY4LbXVhFblPxgs5prnpKTUfzTixAtxpgi3MSxdRmZsNvsnGtm /POhQF7zcuOmz9ZaELIneNIiWTpRszprszN1bCKmiMAaf6kR9+AGOheRNSDUgRzrAzhh HwBtLi6QkA0mRpo1yXd9+2S0wEIEE+dhopDyCkNQOGf8HCzQGwAiEXAM3WPEvnNUwNBB CMnsV4H5pq/pM9mJX+/TC3Scz1qjnV8JFr1Jrtsz8T8w01dJfpAzvQgI9fPUHvjwzhXa /KFQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=kigcKMdf; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Z3oSBPS6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fmUHOniL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-58f6d331c7esi960686173.88.2025.10.10.07.20.16 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Fri, 10 Oct 2025 07:20:16 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=kigcKMdf; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Z3oSBPS6; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fmUHOniL; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=8HN+VMIiOT7OFZ6xnmXZJmAE+B+1L4N9E07p+8OBgj8=; b=kigcKMdfvvjvqdu9l+C0qCJ6+D NlBnCs4UGfCJxyWgZHwXfk8vn6aDSsVUigSOljgoQN5I7vTRst7POtTFDI7mlW2SkBOz3ilt2hNb0 XY9Rk1AaRT6FtZ7UZU2mYQdRhYh9RNTPFr1DYj7ndC/OzOVGANof2UFOFsZOWzNOa3j8=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1v7Dye-0001i0-UP; Fri, 10 Oct 2025 14:20:12 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1v7Dyc-0001hr-T4 for openvpn-devel@lists.sourceforge.net; Fri, 10 Oct 2025 14:20:10 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=x3O0vd3m7uXGDrOuMiyZddi4CtyVrZWsJ5nHvx6GTlM=; b=Z3oSBPS6A//7Iqa9mAphNGDPRW 2NwykPchq+eAdw0X4y9/TrYg/Jqkf5mpUvm4okeIoF09UPO2PPwoUEYW0d0JXbzGGdOUau08Z+aMu V6DJvMNKwJJYz6gVGzyW/RGWBHSZX6YTuI3TLiDbhOkIrnQCYEPcrz4BLdM+tOJfuAl8=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=x3O0vd3m7uXGDrOuMiyZddi4CtyVrZWsJ5nHvx6GTlM=; b=fmUHOniLv4NTkSlVV3k0QYtQ17 bJe20hN+7Bu7wfRe4GT9ENOJzIQOQm75pLVF5WssuQLlRA76344otmcrX0dyxefreoQK3IrQ4yJh5 5KlTKY90WO2A9TbsphkRLXuz0KT6wrtXNaDDCYJ2NZqkoNTLkic21Dm54ABQ2SAlGRQg=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1v7Dyb-0004py-Hd for openvpn-devel@lists.sourceforge.net; Fri, 10 Oct 2025 14:20:10 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59AEK2g0027364 for ; Fri, 10 Oct 2025 16:20:02 +0200 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59AEK2XL027363 for openvpn-devel@lists.sourceforge.net; Fri, 10 Oct 2025 16:20:02 +0200 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 10 Oct 2025 16:19:56 +0200 Message-ID: <20251010142002.27308-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Marco Baffo In the send_single_push_update() function the buffer containing the message was not reset after processing, so o in a push-update-broad the messages sent starting from the second client would have bee [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1v7Dyb-0004py-Hd Subject: [Openvpn-devel] [PATCH v4] PUSH_UPDATE server: bug-fix, reset buffer after processing X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1845604926266625159?= X-GMAIL-MSGID: =?utf-8?q?1845604926266625159?= From: Marco Baffo In the send_single_push_update() function the buffer containing the message was not reset after processing, so o in a push-update-broad the messages sent starting from the second client would have been shrunk (offset advanced and size decreased). Change-Id: I41d08a9a2e79ac1f1104e72dd5b7b7617e2071a0 Signed-off-by: Marco Baffo Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1264 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1264 This mail reflects revision 4 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c index f306104..b475d2e 100644 --- a/src/openvpn/push_util.c +++ b/src/openvpn/push_util.c @@ -170,9 +170,12 @@ * inside `process_incoming_push_msg()`. However, we don't need * to check the return value here because we just want to `advance`, * meaning we skip the `push_update_cmd' we added earlier. + * Also we need to make a temporary copy so we can buf_advance() + * without modifying original buffer. */ - buf_string_compare_advance(&msgs[i], push_update_cmd); - if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &msgs[i], true) == PUSH_MSG_ERROR) + struct buffer tmp_msg = msgs[i]; + buf_string_compare_advance(&tmp_msg, push_update_cmd); + if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &tmp_msg, true) == PUSH_MSG_ERROR) { msg(M_WARN, "Failed to process push update message sent to client ID: %u", c->c2.tls_multi ? c->c2.tls_multi->peer_id : UINT32_MAX);