From patchwork Sun Oct 26 14:35:14 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4528 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:2995:b0:72f:f16c:e055 with SMTP id f21csp901504max; Sun, 26 Oct 2025 07:35:58 -0700 (PDT) X-Forwarded-Encrypted: i=2; AJvYcCXNm9xmTPUjWjlnBWrmYCcqdwayIJqHj02jlM/8JdugtRB0R9Jmm3qDj0QywvUSsPWtfWdiZVU7WrU=@openvpn.net X-Google-Smtp-Source: AGHT+IGu22PkNuopZIB095blComsd801vhW0vNW6okF318VkVcWfGeP/azZvOUiNlT9DNhnQSL+C X-Received: by 2002:a05:6e02:2183:b0:430:9f96:23b9 with SMTP id e9e14a558f8ab-430c5245f56mr505209275ab.3.1761489358596; Sun, 26 Oct 2025 07:35:58 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1761489358; cv=none; d=google.com; s=arc-20240605; b=kmQQQ+M74VyH4t5YcMw7fXG8qwo3zBYHkCvZZ7SkJb901DFmxFRAoB1Z8LILhU54mt MdTuUJnNqBGMFFC5aacZ3KxaDLhbviGSC9sE/fWwHQxFJ0FIn+vxpnyOxkY83ZXaQNTD bePtixirYF6TI2AbaPSnWO+a3aQ9GXKqHlpsO4O3v4c7pMzaIf9ajz3yFrEATUbOMSxW ToMQwprZ0ocqN79B5JhmYhcoxaqg0p/yMx34eBMFQIaZm+Tu08qB2ARdUOxY/A+8ny16 EVaeQQV3x6Ha1rhwO/6N+UxmQHMwIUvNM4rtUDe3WEJWFKpo7qltOYqdRJn5I7voOaKS CJfw== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=QqUcrbkxE3RNgrIZ9cxBbCZFZcfZXE6/HKhfNc1Gf4o=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=bgSmgOhwsr3O/k974hItJQXEs8HUWdjawziIHlqm0cxpVuAO1gAia28LGTnPRLex5Q zJy9J+8ri8QuWaqGLC5Ywj8Bw/AMpVfC2uG4wCbfERDR6Kl8U3NMYE8tsq9tYkMSFaBW O0SQ0dCLt9WReLGD3nTDKyTgyUOxToGLgYglxtpEFj/o2fVUDjp321eZfXWFPDyemvIW 7gUOcHQF6roRwu5Rr+NmaWOIWpLZjAltA7IAeMhaX8scsD1wS4+dcSg+d3xNEA0dXpIm LAclaEVHzCMlBx/po7ZSVNSrQkNpsmw23TIOsKFmXuYT+gJuVmEd3poZTHWvB9QGoYPQ HGiQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=dH+PzRAO; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bCgHH22Z; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=bvNQ1rrk; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 8926c6da1cb9f-5aec88f3548si3170976173.147.2025.10.26.07.35.58 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Sun, 26 Oct 2025 07:35:58 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=dH+PzRAO; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=bCgHH22Z; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=bvNQ1rrk; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=QqUcrbkxE3RNgrIZ9cxBbCZFZcfZXE6/HKhfNc1Gf4o=; b=dH+PzRAOUnRdzPuiqq6soy2unu 6xZAS03PJczBg/zVIc7jmVedaHsbTqHbADkiDN2wKNOM6v7pbBJv5TKjdN4BvfMOpNUC8XpAcHgs+ d5CHkHMhcQf6Kh9uNac8tDr8cLlhq0ubfi4/i2zb3phBF3FldYaXftT7FO/GsjRgAC5s=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vD1qd-0003hi-EG; Sun, 26 Oct 2025 14:35:56 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vD1qa-0003fW-Qh for openvpn-devel@lists.sourceforge.net; Sun, 26 Oct 2025 14:35:53 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=El5Hf7FePUkibFBZtZf5euonl9Wlhpwed6tb8benU4o=; b=bCgHH22ZZYXiMdbwBlszFXqs5V rn2ll0ZqnXbyK8mw+ekuO5bqpoAVGJG1M9/bG9jlV7SmmPb/fjuhpDs+20+B/do3aXkQ2u3/fTpf4 s8mz2ZM1+gBU4Ns1u8yTHt4c3kySUu06UJu3BVymZUUiT0wrDPkTvSnKLpTVHnY8Kn7Q=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=El5Hf7FePUkibFBZtZf5euonl9Wlhpwed6tb8benU4o=; b=bvNQ1rrk6+MMXmOrYXjezU1i+S aWWIUXEr1ig8E2btxYoZAO4EzU9fHVYR86y4wYhqUQwJuhq7AI8HxX6zUoYf0Kagu6Mm0karXfGMB 784xSK1inuwed7gyg407DS0b5g2kBYUbgUk8KJhtfRh8DQl6i6bMhPin/88aVh0zYNqg=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vD1qC-0002kg-Ph for openvpn-devel@lists.sourceforge.net; Sun, 26 Oct 2025 14:35:29 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 59QEZMS5013310 for ; Sun, 26 Oct 2025 15:35:22 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 59QEZMKR013309 for openvpn-devel@lists.sourceforge.net; Sun, 26 Oct 2025 15:35:22 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Sun, 26 Oct 2025 15:35:14 +0100 Message-ID: <20251026143521.13291-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.49.1 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Steffan Karger This was triggered by a bug report submitted by Joshua Rogers, who used ZeroPath to discover we missed a perf_pop() call in one of the error paths of ssl_mbedtls.c. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vD1qC-0002kg-Ph Subject: [Openvpn-devel] [PATCH v1] ssl_mbedtls: fix missing perf_pop() call X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1847055465880724449?= X-GMAIL-MSGID: =?utf-8?q?1847055465880724449?= From: Steffan Karger This was triggered by a bug report submitted by Joshua Rogers, who used ZeroPath to discover we missed a perf_pop() call in one of the error paths of ssl_mbedtls.c. Move an existing perf_pop call a bit upwards to fix that. The perf code is always disabled by ENABLE_PERFORMANCE_METRICS being commented out in perf.h. There is no configure flag. None of the active developers remembers using it and the git log shows no actual code changes since at least the project structure overhaul of 2012. So this has no real-world impact. Change-Id: I5b6881dc73358c8d1249ee2ceb968ede295105b0 Signed-off-by: Steffan Karger Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1305 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to release/2.6. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1305 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/ssl_mbedtls.c b/src/openvpn/ssl_mbedtls.c index 8fb69c3..2862989 100644 --- a/src/openvpn/ssl_mbedtls.c +++ b/src/openvpn/ssl_mbedtls.c @@ -1489,13 +1489,13 @@ /* Error during read, check for retry error */ if (retval < 0) { + perf_pop(); if (MBEDTLS_ERR_SSL_WANT_WRITE == retval || MBEDTLS_ERR_SSL_WANT_READ == retval) { return 0; } mbed_log_err(D_TLS_ERRORS, retval, "TLS_ERROR: read tls_read_plaintext error"); buf->len = 0; - perf_pop(); return -1; } /* Nothing read, try again */