From patchwork Mon Nov 24 18:38:34 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4629 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp2091278maw; Mon, 24 Nov 2025 10:38:58 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVSYdBEhEg+oY5t6uLnAO/MAtqLT/ueEK4rBJdRo3SZWo/LOOH5hCNenXGvmqfObmC/jdWEqY0mkBc=@openvpn.net X-Google-Smtp-Source: AGHT+IHhmnGm++680tJ89WFegFrF3MS2TmuS65nfAS18BxL6PjR6/36/YvoBOx/DSnFalmpgIVbL X-Received: by 2002:a05:6820:2005:b0:657:45e1:1979 with SMTP id 006d021491bc7-65785873cdcmr6940752eaf.3.1764009538646; Mon, 24 Nov 2025 10:38:58 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1764009538; cv=none; d=google.com; s=arc-20240605; b=INTq9hEuuBweKik53AJoybz6RPhAQ26+UF96Rz9mLQIAyGeYXW/Wss90Btdo+P+FyU nfQco9IoF+wlCGUNXu95bXElkiqwGlToHNoLbS3sRAG14C37LjaB/niqY2BmO2kadTXO y5iPa+OZlOPzEcKor2XcHrgHatQLfVUSCV3OjZGOu9Hzvt12fzgLQ8qSMOz+1c+AuzoV IGn/mYALdkF20F4HXC46iBINNMa6tRcSQZqxnxiXPnfXgJUqorGt7TQfo8yHSI5piO9Y p50uIoSzXGiaOJpbRoSNAkufPKKVV+b27kousW6/s6Hms1n878GSHS+pfXFpriHhlsVv 0faQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=Ygs+ac58By0ZVpjhPj6d0WOyVtpjgaY8dxTXN6838K8=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=d+2x8C4Dk7Pp15Q5kV+8TgHP411iiPx0ZSknfw40W7GbLm9KD3U6XEtreM/DeRx638 AXAsrLzZ9GpoHUfBcsHn1E1VHMP8RngppwSgVAWMLRZhT94y0orcetMiXVCR0Z7imN/b cQINI0x6PxlJ+3PZ7JjDLxXWvg7XuwfG5HUdSHPs3KmalutlkoiR8M39ETB9W+rb9HVW 7q+4HeyE++O2ZzqCduDH7fbdr7vbhf1I1nkelvnH6j9WyDtAIEBfqxgYFi8OnESD5fYV w7v9KbwUgySNbMJVugckNfCIO8xh56fcZ+Kj2RHlCPGNm++iwVSyYN1Q7wzZIrQZOoVH 4+Gg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=GHty5fsL; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=S+vw5zbf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=WZUxkP2P; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 006d021491bc7-65782b37677si1979516eaf.110.2025.11.24.10.38.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Nov 2025 10:38:58 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=GHty5fsL; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=S+vw5zbf; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=WZUxkP2P; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=Ygs+ac58By0ZVpjhPj6d0WOyVtpjgaY8dxTXN6838K8=; b=GHty5fsL+zvj6ljXYoQDO2szsx mP+MqzNvdSX7+7smLS4vP0NQCiN+Xd0m2Ar2oUI8fQrf/klupJsi1udmfKmmvMyGHLvi+1sJOM2ff V47kiCZ3s20TibaVk99tNoVzwZF4RiFxHp1lct1XuRIDBY5fVaelkOGNhlqN+28A6vqI=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vNbSf-0002VA-J9; Mon, 24 Nov 2025 18:38:54 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vNbSe-0002Uw-HK for openvpn-devel@lists.sourceforge.net; Mon, 24 Nov 2025 18:38:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=rO7RLqiyE4owml8iI/mmPMqdT5s9An9OyMSqsgrUSfQ=; b=S+vw5zbf+4aSxGIxMpQlgzLBCM zG3jU4tw6UzwaZ8KggP0WRT95+dlQeEhS1O+5Vyj+DUyIFZ9nYQNJONxTOU7Tg1Gu3n+TEMwQWlVN jHg2IjzOptREKzJXFhCZDiUFdyN8KJ2ftjLFtWg2dLlp3VcD5xwkjWqLw7j0Sd5SjVsQ=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=rO7RLqiyE4owml8iI/mmPMqdT5s9An9OyMSqsgrUSfQ=; b=WZUxkP2P3qAWRo6yLGWHg6A2Mh tNCDnfSYA847amJwoGWCcFKaejs2wroTk2O6LWPoJHMSnKELko+6/HgL7LLq4ut5nJxamlmPZuzgY 3HxSudiCVwTt0c0+GFUbhXeNe3eN5FUj48WLF6ABuIZCOjVIyHBvJiyX/jkT5iHQM4Gg=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vNbSd-0000hF-RJ for openvpn-devel@lists.sourceforge.net; Mon, 24 Nov 2025 18:38:53 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5AOIcetQ024818 for ; Mon, 24 Nov 2025 19:38:40 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5AOIcduD024817 for openvpn-devel@lists.sourceforge.net; Mon, 24 Nov 2025 19:38:39 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 24 Nov 2025 19:38:34 +0100 Message-ID: <20251124183839.24803-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Append a version 4 uuid to ovpn_pipe_name to make it less predictable - Do not allow remote access to the pipe This greatly reduces the possibility of a rogue process racing to open the pipe before CreateFile() is called in the worker thread. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vNbSd-0000hF-RJ Subject: [Openvpn-devel] [PATCH v1] Harden interactive service pipe X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849698066178796395?= X-GMAIL-MSGID: =?utf-8?q?1849698066178796395?= From: Selva Nair - Append a version 4 uuid to ovpn_pipe_name to make it less predictable - Do not allow remote access to the pipe This greatly reduces the possibility of a rogue process racing to open the pipe before CreateFile() is called in the worker thread. Reported-by: Marc Heuse Change-Id: Ie66a142751354e421d48b273784fc79bcb9f7208 Signed-off-by: Selva Nair Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1401 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to release/2.6. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1401 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index c717e99..2dc865e 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -1955,11 +1955,30 @@ goto out; } + UUID pipe_uuid; + RPC_STATUS rpc_stat = UuidCreate(&pipe_uuid); + if (rpc_stat != RPC_S_OK) + { + ReturnError(pipe, rpc_stat, L"UuidCreate", 1, &exit_event); + goto out; + } + + RPC_WSTR pipe_uuid_str = NULL; + rpc_stat = UuidToStringW(&pipe_uuid, &pipe_uuid_str); + if (rpc_stat != RPC_S_OK) + { + ReturnError(pipe, rpc_stat, L"UuidToString", 1, &exit_event); + goto out; + } openvpn_swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name), - TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu"), service_instance, GetCurrentThreadId()); + TEXT("\\\\.\\pipe\\" PACKAGE "%ls\\service_%lu_%ls"), service_instance, + GetCurrentThreadId(), pipe_uuid_str); + RpcStringFree(&pipe_uuid_str); + ovpn_pipe = CreateNamedPipe(ovpn_pipe_name, PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE | FILE_FLAG_OVERLAPPED, - PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 128, 128, 0, NULL); + PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT | PIPE_REJECT_REMOTE_CLIENTS, + 1, 128, 128, 0, NULL); if (ovpn_pipe == INVALID_HANDLE_VALUE) { ReturnLastError(pipe, L"CreateNamedPipe");