From patchwork Fri Feb 4 00:42:01 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 2265 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director9.mail.ord1d.rsapps.net ([172.27.255.59]) by backend41.mail.ord1d.rsapps.net with LMTP id ANKrMUsR/WHkZgAAqwncew (envelope-from ) for ; Fri, 04 Feb 2022 06:43:07 -0500 Received: from proxy8.mail.iad3a.rsapps.net ([172.27.255.59]) by director9.mail.ord1d.rsapps.net with LMTP id IA7aFUwR/WFVfAAAalYnBA (envelope-from ) for ; Fri, 04 Feb 2022 06:43:08 -0500 Received: from smtp37.gate.iad3a ([172.27.255.59]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy8.mail.iad3a.rsapps.net with LMTPS id eCgZD0wR/WHFAgAAsBr/qg (envelope-from ) for ; Fri, 04 Feb 2022 06:43:08 -0500 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp37.gate.iad3a.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dmarc=none (p=nil; dis=none) header.from=greenie.muc.de X-Suspicious-Flag: YES X-Classification-ID: 9e8df9fc-85af-11ec-9475-525400dc5f6a-1-1 Received: from [216.105.38.7] ([216.105.38.7:60346] helo=lists.sourceforge.net) by smtp37.gate.iad3a.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id B0/5A-29405-B411DF16; Fri, 04 Feb 2022 06:43:07 -0500 Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1nFwyn-0007bY-GW; Fri, 04 Feb 2022 11:42:16 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1nFwyl-0007bS-Eb for openvpn-devel@lists.sourceforge.net; Fri, 04 Feb 2022 11:42:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=ax8lc6upo9mv8tnazhXN8A/Uc/4A32SBWFydjLS3WVA=; b=UA2ZM9ngdL1xxM3g03MljTuWSm FcNjLhxHjcZ6gvT4N1Pte4FhZsaob8VoppdPlH/YoEqYy31aPXeQEodaUpP/5QB6KTYAsUQINvfDN IrLJTPyqc8jspK3Dxx5k8yMgnRt3gvX5BsZJSYEhkYJdgW2sWaqNFoxfNDwd7vKMYWPg=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=ax8lc6upo9mv8tnazhXN8A/Uc/4A32SBWFydjLS3WVA=; b=W06lhwIJRuTnJ6xHH9Zxh1hmjr YadP6+GHM2Rg6yaTypufw0HdLcr0ReT8ICU2s7eT/Oz3U6YnO+UPKh5D9sEVMfRmJo17/PhJuT55y QXcQUdrTAYLVjHv3eH77ugwT2WLre3vUdlE6LA/niSiO6wOuhudlFM5KMsq1s1J3qXYo=; Received: from dhcp-174.greenie.muc.de ([193.149.48.174] helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.94.2) id 1nFwyf-0006gD-4H for openvpn-devel@lists.sourceforge.net; Fri, 04 Feb 2022 11:42:13 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.15.2/8.14.9) with ESMTP id 214Bg2rv005682 for ; Fri, 4 Feb 2022 12:42:02 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.15.2/8.14.9/Submit) id 214Bg2s9005681 for openvpn-devel@lists.sourceforge.net; Fri, 4 Feb 2022 12:42:02 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Fri, 4 Feb 2022 12:42:01 +0100 Message-Id: <20220204114201.5632-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.26.3 In-Reply-To: <20220204102356.1271-1-gert@greenie.muc.de> References: <20220204102356.1271-1-gert@greenie.muc.de> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: --inactive has an optional 2nd parameter specifiying the number of bytes that need to be sent/received in the given time window. This was parsed with atoi(), stored in an 32bit int. atoi() overflows a [...] Content analysis details: (-0.0 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.0 SPF_HELO_PASS SPF: HELO matches SPF record -0.0 SPF_PASS SPF: sender matches SPF record X-Headers-End: 1nFwyf-0006gD-4H Subject: [Openvpn-devel] [PATCH v2] Repair --inactive with 'bytes' argument larger 2Gbytes. X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox --inactive has an optional 2nd parameter specifiying the number of bytes that need to be sent/received in the given time window. This was parsed with atoi(), stored in an 32bit int. atoi() overflows at 2Gbyte (signed int), which makes gcc return "0" and MSVC "2^31-1" for the value reported in the ticket (10G) - so on gcc, this was behaving like "not set", while windows builds after 2.5.4 honoured this setting, and aborted (unexpectedly) due to "not enough traffic". Fix by increasing word length of all involved variables to int64_t. While add it, add option printer SHOW_LONG(), and print variable. This has the potential to break existing setups where this value is set unreasonably high, thus "impossible to achieve in the interval", but which was never noticed before due to "overflow, 0, ignored". Thus, print WARNING if a value >INT_MAX (2Gbyte) is configured. v2: use atoll(), as atol() is limited to INT_MAX on MSVC, and PRi64 for format string. Rename SHOW_LONG() to SHOW_INT64(). Trac: #1448 Signed-off-by: Gert Doering Acked-by: Lev Stipakov --- src/openvpn/openvpn.h | 2 +- src/openvpn/options.c | 13 ++++++++++++- src/openvpn/options.h | 2 +- 3 files changed, 14 insertions(+), 3 deletions(-) diff --git a/src/openvpn/openvpn.h b/src/openvpn/openvpn.h index a5c312c6..77263dfb 100644 --- a/src/openvpn/openvpn.h +++ b/src/openvpn/openvpn.h @@ -286,7 +286,7 @@ struct context_2 /* --inactive */ struct event_timeout inactivity_interval; - int inactivity_bytes; + int64_t inactivity_bytes; /* the option strings must match across peers */ char *options_string_local; diff --git a/src/openvpn/options.c b/src/openvpn/options.c index 2297a970..705f7e0c 100644 --- a/src/openvpn/options.c +++ b/src/openvpn/options.c @@ -939,6 +939,7 @@ pull_filter_type_name(int type) "'%s'") #define SHOW_INT(var) SHOW_PARM(var, o->var, "%d") #define SHOW_UINT(var) SHOW_PARM(var, o->var, "%u") +#define SHOW_INT64(var) SHOW_PARM(var, o->var, "%" PRIi64) #define SHOW_UNSIGNED(var) SHOW_PARM(var, o->var, "0x%08x") #define SHOW_BOOL(var) SHOW_PARM(var, (o->var ? "ENABLED" : "DISABLED"), "%s"); @@ -1610,6 +1611,7 @@ show_settings(const struct options *o) SHOW_INT(keepalive_ping); SHOW_INT(keepalive_timeout); SHOW_INT(inactivity_timeout); + SHOW_INT64(inactivity_minimum_bytes); SHOW_INT(ping_send_timeout); SHOW_INT(ping_rec_timeout); SHOW_INT(ping_rec_timeout_action); @@ -6268,7 +6270,16 @@ add_option(struct options *options, options->inactivity_timeout = positive_atoi(p[1]); if (p[2]) { - options->inactivity_minimum_bytes = positive_atoi(p[2]); + int64_t val = atoll(p[2]); + options->inactivity_minimum_bytes = (val < 0) ? 0 : val; + if ( options->inactivity_minimum_bytes > INT_MAX ) + { + msg(M_WARN, "WARNING: '--inactive' with a 'bytes' value" + " >2 Gbyte was silently ignored in older versions. If " + " your VPN exits unexpectedly with 'Inactivity timeout'" + " in %d seconds, revisit this value.", + options->inactivity_timeout ); + } } } else if (streq(p[0], "proto") && p[1] && !p[2]) diff --git a/src/openvpn/options.h b/src/openvpn/options.h index c2523399..13d6b0da 100644 --- a/src/openvpn/options.h +++ b/src/openvpn/options.h @@ -304,7 +304,7 @@ struct options int keepalive_timeout; int inactivity_timeout; /* --inactive */ - int inactivity_minimum_bytes; + int64_t inactivity_minimum_bytes; int ping_send_timeout; /* Send a TCP/UDP ping to remote every n seconds */ int ping_rec_timeout; /* Expect a TCP/UDP ping from remote at least once every n seconds */