diff mbox series

[Openvpn-devel,v1] manage: Do not trigger actions on management disconnect if not authenticated

Message ID 20260122125707.108048-1-frank@lichtenheld.com
State New
Headers show
Series [Openvpn-devel,v1] manage: Do not trigger actions on management disconnect if not authenticated | expand

Commit Message

Frank Lichtenheld Jan. 22, 2026, 12:57 p.m. UTC 
If the management interface requires authentication via password
and the remote did not specify it, do not do trigger actions
requested by --management-forget-disconnect and --management-signal
on disconnect.

Reported-By: Joshua Rogers <contact@joshua.hu>
Found-By: ZeroPath (https://zeropath.com)
Github: openvpn-private-issues#5
Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484
---

This change was reviewed on Gerrit and approved by at least one
developer. I request to merge it to master.

Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484
This mail reflects revision 1 of this Change.

Acked-by according to Gerrit (reflected above):
Arne Schwabe <arne-openvpn@rfc2549.org>

Comments

Gert Doering Jan. 27, 2026, 2:41 p.m. UTC | #1 
Confirmed - run a server instance with "--management-disconnect" *and* a
management password set up, and without this patch, "connect and disconnect"
(without entering a password) will disconnect all clients.

We do not consider this to be a security relevant bug ("CVE assigned") as it
needs quite a lot of prerequisites - "management interface active, while
no management client using this" plus setting "--management-disconnect" on
a server instance, which is somewhat questionable to begin with...

Still, it needs fixing :-)

Your patch has been applied to the master and release/2.6 + 2.5 branch
(bugfix, and trivial cherrypicking)

commit 4bf05d487cc10164615ad7c18931d063ca3eecc2 (master)
commit bb27e40799dcfe51a8cd82b236ce404bd7ab93aa (release/2.6)
commit 193b76ef6e95d86078a2636a38c04beb98c241b8 (release/2.5)
Author: Frank Lichtenheld
Date:   Thu Jan 22 13:57:07 2026 +0100

     manage: Do not trigger actions on management disconnect if not authenticated

     Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
     Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org>
     Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484
     Message-Id: <20260122125707.108048-1-frank@lichtenheld.com>
     URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35390.html
     Signed-off-by: Gert Doering <gert@greenie.muc.de>


--
kind regards,

Gert Doering
diff mbox series

Patch

diff --git a/src/openvpn/manage.c b/src/openvpn/manage.c
index 8fa8784..37ae6b3 100644
--- a/src/openvpn/manage.c
+++ b/src/openvpn/manage.c
@@ -2073,13 +2073,14 @@ 
     }
     if (!exiting)
     {
-        if (man->settings.flags & MF_FORGET_DISCONNECT)
+        if (man->settings.flags & MF_FORGET_DISCONNECT && !man_password_needed(man))
         {
+            msg(D_MANAGEMENT, "MANAGEMENT: Reset authentication on disconnect");
             ssl_purge_auth(false);
             (void)ssl_clean_auth_token();
         }
 
-        if (man->settings.flags & MF_SIGNAL)
+        if (man->settings.flags & MF_SIGNAL && !man_password_needed(man))
         {
             int mysig = man_mod_signal(man, SIGUSR1);
             if (mysig >= 0)