From patchwork Thu Oct 30 19:39:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4552 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7001:2f13:b0:72f:f16c:e055 with SMTP id sa19csp1157200mab; Thu, 30 Oct 2025 12:39:57 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCVvaS4a3on98Z6BHyTQHMnb9F+9GnciN9BhV9XpSw4YWNTYdEonbTyQsHaXQPsRPIDz5jFpQBNZMY8=@openvpn.net X-Google-Smtp-Source: AGHT+IELWD4wZViQhoIgMLGt3V94xPzvndat12ndCqaPsftAgbRweKRLEVK7vjPe+W8p1DU3ek/k X-Received: by 2002:a05:6e02:2604:b0:432:10bb:4126 with SMTP id e9e14a558f8ab-4330d1a7eb1mr15530975ab.19.1761853197028; Thu, 30 Oct 2025 12:39:57 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1761853197; cv=none; d=google.com; s=arc-20240605; b=K+FOSVZW4zGLSn5XX1Q4++SW+Rb8qyXtnCMOnc9rXAlcdwZLhd5it7IZw99BK1w3pq Ma4q2Lgm5z6Kf9LW1ES8nHsutkTyX0HmZ5uW06ZHtBpaIkHF5+AxsvX8PlyjvVdPK7tw 00332y1VSHCcuDBMUpD4wv8Cs2lNMzXXJBSUv3rA3kJYppEqL6Pesv4D+syk0z3HUI0Q krpeIH1ZWKVlqQAOB5jgxdvHtH3VoGoB4fOzKjtAhE6q0sPAVOPNEqDRfOe2J5FaXQz2 eTFTJKqxnNdFV3PBR+Kwu4bHzYOgvmEjw8Le1buc/0eUsMX05R304wB013kZZPcPC3nb C4OA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=r9UP+EHV6qRJMyBBJP/ji7uyYbFXO4WGfsovTtWRVmc=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Y0C3kvAWK3JMHEZcnax8fUPleaoVxOWsaYrYzZODz/eRn053dcfX7z00G+hg1ijrjG wV+2/sanmsN5NUjtnHzoVDzNXX3/a+/jx3cMd0WbmyKGzS5vHTOQxBMv9tuw5kBcFOxU FfJV+YpyYdqLQWrYn3o2Z+/Mhkxcjzsdg7CPHADzkYlKFhBKJVqFIPcALquxsgrzNOI7 RNh5jXfKKEYysn3qWC/xhEJ8jK8J+c810dX7KH2Y40T5lKGmKham1E0R4dsmbMbH/jFy fMnS/oN5MqLQXTulbzuJlbXBn9efo971lKJeW8M/AeIuLesjBHQTiR0Kavi7S+2rdX2v qjPw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=nVQpePQR; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DUw6Jx7I; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GBYnlruW; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id e9e14a558f8ab-431f7db563fsi135677405ab.57.2025.10.30.12.39.56 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 30 Oct 2025 12:39:56 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=nVQpePQR; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=DUw6Jx7I; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=GBYnlruW; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=r9UP+EHV6qRJMyBBJP/ji7uyYbFXO4WGfsovTtWRVmc=; b=nVQpePQRvLhHcfg4YkoSnxmlr8 nT0evJqVey7JpEXFYWsFTw4/WDiTExiIm9TESwIfLhGETi9L9rJO0u9yhHungg2KmTwdkG8q75782 q4zz7H9qN//drN0WBHODZ9YYAkHVZxVNTgfvNaiZeVh+qp4Mam+ii/gfnMTjko3/xZGU=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vEYV1-0006Jz-6e; Thu, 30 Oct 2025 19:39:55 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vEYV0-0006Js-8W for openvpn-devel@lists.sourceforge.net; Thu, 30 Oct 2025 19:39:54 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=7wC1UMONdBGSYB2ysnpnxy8JpJhKJGk+SrxVOCTIyas=; b=DUw6Jx7I28hDo7DVgs+MuGmV3f X6yHJ0T6jwDUK6tXLTypk7RyrpyyuyG//AFqj8Oa08EV+QHxpQlfXqEo/gouItOzW+ydXmhT3g+TY TgK6JSlgCfRPMOkkqaBb5bMSnwpwLbzqfqlFHEUVD1raBGl7TqKaZSL8/UcUJYIj0fQM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=7wC1UMONdBGSYB2ysnpnxy8JpJhKJGk+SrxVOCTIyas=; b=GBYnlruWM9KRUhs10GzW/s7ZnZ bCYMzRj2q1oY0ukwiQSO1J1ntFg/78LbO7aMRzIHdqjse+WdPj/h42XXDINZwCChK4MyS29zW4DJ3 /GHw3HgtxjFAsgXPUvdT+GidzOuKBORC1MGOBOnTUMaTO0mnES9MDbnbRf2a9aJBHTpI=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vEYUz-0001Fu-0i for openvpn-devel@lists.sourceforge.net; Thu, 30 Oct 2025 19:39:54 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59UJdfqp001312 for ; Thu, 30 Oct 2025 20:39:41 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59UJdfG8001311 for openvpn-devel@lists.sourceforge.net; Thu, 30 Oct 2025 20:39:41 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 30 Oct 2025 20:39:34 +0100 Message-ID: <20251030193940.1295-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Arne Schwabe When the auth_failed_reason_file was added, it was forgotten to also add it to the conditions that determine if the file creation was successful. Reported-by: Joshua Rogers Found-by: ZeroPath (https://zeropath.com/) Change-Id: I94d2bdd234a1c416b78924d044bf7e57f1bed8c4 Signed-off-by: Arne Schwabe Acked-by: [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vEYUz-0001Fu-0i Subject: [Openvpn-devel] [PATCH v1] fix key_state_gen_auth_control_files probably checking file creation X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1847436977733011860?= X-GMAIL-MSGID: =?utf-8?q?1847436977733011860?= From: Arne Schwabe When the auth_failed_reason_file was added, it was forgotten to also add it to the conditions that determine if the file creation was successful. Reported-by: Joshua Rogers Found-by: ZeroPath (https://zeropath.com/) Change-Id: I94d2bdd234a1c416b78924d044bf7e57f1bed8c4 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1327 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1327 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 04ef27e..446c4a7 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -992,7 +992,7 @@ const char *apf = platform_create_temp_file(opt->tmp_dir, "apf", &gc); const char *afr = platform_create_temp_file(opt->tmp_dir, "afr", &gc); - if (acf && apf) + if (acf && apf && afr) { ads->auth_control_file = string_alloc(acf, NULL); ads->auth_pending_file = string_alloc(apf, NULL); @@ -1004,7 +1004,7 @@ } gc_free(&gc); - return (acf && apf); + return (acf && apf && afr); } /**