From patchwork Tue Jul 12 22:34:04 2022 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Kristof Provost via Openvpn-devel X-Patchwork-Id: 2587 Return-Path: Delivered-To: patchwork@openvpn.net Delivered-To: patchwork@openvpn.net Received: from director13.mail.ord1d.rsapps.net ([172.30.191.6]) by backend30.mail.ord1d.rsapps.net with LMTP id GPNJKOKDzmL+UQAAIUCqbw (envelope-from ) for ; Wed, 13 Jul 2022 04:35:46 -0400 Received: from proxy7.mail.ord1d.rsapps.net ([172.30.191.6]) by director13.mail.ord1d.rsapps.net with LMTP id QEEuKOKDzmIJNgAA91zNiA (envelope-from ) for ; Wed, 13 Jul 2022 04:35:46 -0400 Received: from smtp39.gate.ord1c ([172.30.191.6]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) by proxy7.mail.ord1d.rsapps.net with LMTPS id 0BryJ+KDzmKyXwAAMe1Fpw (envelope-from ) for ; Wed, 13 Jul 2022 04:35:46 -0400 X-Spam-Threshold: 95 X-Spam-Score: 0 X-Spam-Flag: NO X-Virus-Scanned: OK X-Orig-To: openvpnslackdevel@openvpn.net X-Originating-Ip: [216.105.38.7] Authentication-Results: smtp39.gate.ord1c.rsapps.net; iprev=pass policy.iprev="216.105.38.7"; spf=pass smtp.mailfrom="openvpn-devel-bounces@lists.sourceforge.net" smtp.helo="lists.sourceforge.net"; dkim=fail (signature verification failed) header.d=sourceforge.net; dkim=fail (signature verification failed) header.d=sf.net; dkim=fail (signature verification failed) header.d=netgate.com; dmarc=pass (p=none; dis=none) header.from=lists.sourceforge.net X-Suspicious-Flag: YES X-Classification-ID: c9f5113a-0286-11ed-92fd-5452006c005a-1-1 Received: from [216.105.38.7] ([216.105.38.7:48642] helo=lists.sourceforge.net) by smtp39.gate.ord1c.rsapps.net (envelope-from ) (ecelerity 4.2.38.62370 r(:)) with ESMTPS (cipher=DHE-RSA-AES256-GCM-SHA384) id 0A/2C-26725-1E38EC26; Wed, 13 Jul 2022 04:35:46 -0400 Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.94.2) (envelope-from ) id 1oBXpV-0005Q1-GU; Wed, 13 Jul 2022 08:34:44 +0000 Received: from [172.30.20.202] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.94.2) (envelope-from ) id 1oBXpA-0005Pg-GY for openvpn-devel@lists.sourceforge.net; Wed, 13 Jul 2022 08:34:23 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-Id:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=erY84Ap3Y3luEPMVIwpO19UHIk 5EfijB7N+auMYx3NiwHWY8H6ScrYYUmAr8BAA7U3cO+Axb6aMEjBGsweNANhULM7BngcG7VxZ7cHf obQ5OL02Ng6Zt/zf/Z2jDp7Yv0GSdBB+4ayDF5A72NOAk81oVD6G46olsEm77m4SpEdA=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-Id: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=GT5aJsLw5wwAXkBka49vzEbgIh KT43vGeycDRJwAEo7lyi7hNVXvvHADSvOdvH5iQl9xxbAF3Rvnpl4YRa5jJkkcug89DnYqvqE3/JO Szkg6C4ZCqvXd485qOpM8ftg7YysnBD5YcHdu/AJ9BaHv8deE+AkbO/D2I3AUirRmqjE=; Received: from mail-ed1-f54.google.com ([209.85.208.54]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES128-GCM-SHA256:128) (Exim 4.94.2) id 1oBXp2-0005u9-Dk for openvpn-devel@lists.sourceforge.net; Wed, 13 Jul 2022 08:34:16 +0000 Received: by mail-ed1-f54.google.com with SMTP id x91so13168054ede.1 for ; Wed, 13 Jul 2022 01:34:16 -0700 (PDT) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=netgate.com; s=google; h=from:to:subject:date:message-id:in-reply-to:references:mime-version :content-transfer-encoding; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=bbey0RUutrCF8Eq6wSQ8srn+eCpEk059IU0a7/XjjEcpq9//ijhEx1JKRKyC6VUSxf NygzWfs14TlM/Yrl07MEoKSBca1VN6ntLmG0n7MBaHQ46N06Q97QAG1qCi6lyLUbvTXw Po5CcZmoNPVBUjZ+TvsB5VRyOgISEJXkaizzw= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20210112; h=x-gm-message-state:from:to:subject:date:message-id:in-reply-to :references:mime-version:content-transfer-encoding; bh=r4Ma0y4zEtHiD4NEpOQphU6d/FyBahv0Ykb2HTY+m5I=; b=ApIwtJKmrURnyxvcUwi3OV81l6HsB/LVbb8l/O8OTENEMuaPdK8ao9GKEoSiwu5OTk 4lm2pRGMlK/9RWH4MgPU5u+/TyTtdPWhfbJ7VO0X/FxtmHgB5aEe7WILca2fevph8Tz1 Xw2loRCRMP62TIbzR2bw9KWKD6CVUaWJohOQNNVoQ6ezstpv4LLu9wwYBGAcUZ0rDcfD CjXtNq5fMdHtAt05I3oRenscLtDf2Er4g1mhNZCqcnQeY373RGTY730CKosp+ZMzEBjQ ovpQu7bpskpGZJy7MbkAvYBgZrjsgK0mPIf+Z2gpyY4ZdpvusnMVQl8q6YPjOIb3JH0E c+sQ== X-Gm-Message-State: AJIora9WuqP4VV+8+jD7T9LOIWK2YkRlWfmWkCRSGNyR524nPN0QjQ10 SHvYwidAQ0Fn0YOEXYv0bdJy8RinLylzYV/m X-Google-Smtp-Source: AGRyM1s7toXZuDDzR/aNg+kkP/R8UvPgkfeAqzKAXOqTzygPXJemhhlu7XK5ny4/PdnRfe7fNdxDlg== X-Received: by 2002:aa7:c585:0:b0:43a:725b:9851 with SMTP id g5-20020aa7c585000000b0043a725b9851mr3169854edq.399.1657701249832; Wed, 13 Jul 2022 01:34:09 -0700 (PDT) Received: from nut.jupiter.sigsegv.be (ptr-8rgvk5277arubwggeqg.18120a2.ip6.access.telenet.be. [2a02:1811:240d:2900:f602:70ff:feae:6e98]) by smtp.googlemail.com with ESMTPSA id fg16-20020a1709069c5000b006fec27575f1sm4689233ejc.123.2022.07.13.01.34.08 for (version=TLS1_3 cipher=TLS_AES_256_GCM_SHA384 bits=256/256); Wed, 13 Jul 2022 01:34:09 -0700 (PDT) To: openvpn-devel Date: Wed, 13 Jul 2022 10:34:04 +0200 Message-Id: <20220713083404.13227-2-kprovost@netgate.com> X-Mailer: git-send-email 2.37.0 In-Reply-To: <20220713083404.13227-1-kprovost@netgate.com> References: <20220713083404.13227-1-kprovost@netgate.com> MIME-Version: 1.0 X-Spam-Report: Spam detection software, running on the system "util-spamd-1.v13.lw.sourceforge.com", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Kristof Provost If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Content analysis details: (-0.2 points, 6.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 0.0 SPF_HELO_NONE SPF: HELO does not publish an SPF Record -0.0 SPF_PASS SPF: sender matches SPF record -0.0 RCVD_IN_MSPIKE_H2 RBL: Average reputation (+2) [209.85.208.54 listed in wl.mailspike.net] -0.0 RCVD_IN_DNSWL_NONE RBL: Sender listed at https://www.dnswl.org/, no trust [209.85.208.54 listed in list.dnswl.org] -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain X-Headers-End: 1oBXp2-0005u9-Dk Subject: [Openvpn-devel] [PATCH] Handle exceeding 'max-clients' X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-Patchwork-Original-From: Kristof Provost via Openvpn-devel From: Kristof Provost via Openvpn-devel Reply-To: Kristof Provost Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox From: Kristof Provost If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Signed-off-by: Kristof Provost Acked-By: Arne Schwabe --- src/openvpn/mudp.c | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 0810fada..0cbca1a9 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -241,15 +241,16 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) hash_add_fast(hash, bucket, &mi->real, hv, mi); mi->did_real_hash = true; multi_assign_peer_id(m, mi); - } - /* If we have a session id already, ensure that the - * state is using the same */ - if (session_id_defined(&state.server_session_id) - && session_id_defined((&state.peer_session_id))) - { - mi->context.c2.tls_multi->n_sessions++; - struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; - session_skip_to_pre_start(session, &state, &m->top.c2.from); + + /* If we have a session id already, ensure that the + * state is using the same */ + if (session_id_defined(&state.server_session_id) + && session_id_defined((&state.peer_session_id))) + { + mi->context.c2.tls_multi->n_sessions++; + struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; + session_skip_to_pre_start(session, &state, &m->top.c2.from); + } } } else