From patchwork Mon Nov 24 16:53:06 2025 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4625 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:6c3:b0:7b1:439f:bdf with SMTP id j3csp2015568maw; Mon, 24 Nov 2025 08:54:03 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCVOKeLEcyyaTGzui5yuFN8tlwIRnCIKHBAFL48K0or7tyZ6gFX1Cfsc1PMwymI+IoFDQUI9OPmEBxs=@openvpn.net X-Google-Smtp-Source: AGHT+IE48dk5xSG83sPPqI9JtYSR67RXzuDOsfEFvx1HpghHS58h9r9g8rX6Zt6nrInx+B0i5OSz X-Received: by 2002:a05:6870:525:b0:3e8:8a65:82a9 with SMTP id 586e51a60fabf-3ecbe4f51e6mr5687547fac.27.1764003242894; Mon, 24 Nov 2025 08:54:02 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1764003242; cv=none; d=google.com; s=arc-20240605; b=YXjPaHxGLJeRGgnik/oo0fo8URDTD4QIrgOJ2IQx8n1ikZwauhlcyxbcNpf0evhSto GUeBILRAO3x7TDxDS9RbXmQuCt9SObS++9fs7pl5nvtF3TUYfFX8FmZDohZMgRywi1NS sifo/UAHhvlyuF/27mhynTVRB3up66blJnnBvOQ5HrAyLTRX0Nx9gZPVdzYq0zoO7saX P2jZfW2YUlU7IEI6gbBDRfw9zwuy58CT4vibe2DcmppVzCQWfBBj6n/PreEmBVmebKU6 x2bjbfvljp+HQMBaVExHto5Tn+9wKppPDdR7rRaWETH7DxHmWhCdxXUx9zo6AjCooOga JSRQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=RVIPD1l0k32c8OzNYAC/bqNFjRKbFGd3wu/cXCWDumE=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=BVAEWpp6hv1HIKz0UNb9WnyJdaU3Ko3H8+vOCTfBfVwuWbFZdnfxB3fWlqBZ74fug+ lEVhXlZLf4d3Oucex+0EZNxUGo2KJ1mbvgBlI9nWYq6DZXhEP6P1EgyuFZ8PQCTLh/Kw /6Ucgw/GcLxDgX8o1J/DSBUy4TLnkS4XvBBWzpQQaEyiXU7c3qktrmHy53mRQEdKCICH 9WKHm8zQWGnCkhmUZc1xRKXEr/dXWb9xd48MoOxJM1SxBFKHS5IxUdTBchW8YHS28jPp iUNIkZRQ6SXiV1KQfwDFUVwN/EacwNuFy4dXwbfN8yeb+0Rjw5VSglQ+bIgljXPAqNBW QWEg==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=UPu47wx5; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MYVyJ9QC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d4UFq84J; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-3eca1b63587si2341533fac.868.2025.11.24.08.54.02 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Mon, 24 Nov 2025 08:54:02 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=UPu47wx5; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=MYVyJ9QC; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=d4UFq84J; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=RVIPD1l0k32c8OzNYAC/bqNFjRKbFGd3wu/cXCWDumE=; b=UPu47wx5GP4GOR9P97pWd2u9+K Jy2q0Rn3l0rzjaBqzrPl+D3vArxjOoG8iNHvS9TpcZcYmt1UfRYVyJyErQBsxxqc422QHtFySynKl Mv1JTnMt2wHC8F+Nvqpos3RgZP2WmTutS7SnJgbHKjpTh3pyepxhAaFuaA503YoFdPGY=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vNZp6-0002vC-Ob; Mon, 24 Nov 2025 16:53:56 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vNZoW-0002ud-0T for openvpn-devel@lists.sourceforge.net; Mon, 24 Nov 2025 16:53:20 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=jwZCwNTKLNvIAhqauTRz90Uidg03Q7WtgAf9P24Wbkg=; b=MYVyJ9QC6Gs9j2GdACQriY2yZU VSwahpzg2oiZeV5JYM4v+8jM7iQrJ8loyvFwjzb6thNHBNy2i3jK8t0zyWmlr/PzGTSdITIeiaoJ0 OuledUrow7g3zyKCpYlTXnH405YdOnTZ0zflwCv+cQoMIe4D/GACoooAoFYva3rvfiVw=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=jwZCwNTKLNvIAhqauTRz90Uidg03Q7WtgAf9P24Wbkg=; b=d4UFq84Jycb1EySba3bEmXCaOL Q4iJgzbr3XfGo7bTuKSDJbBig5He1JaRbkn41hAmiVbkvxeAMTcciwYegNDFc3jBfwT98lkqiCbVa 8NNjvpYvexZFyWd4om11aBFKF9PzCPux3Bg8lIahQeIT4IjKQ5GtYUEQbKTe+X9pqgI8=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vNZoU-0008Rp-QX for openvpn-devel@lists.sourceforge.net; Mon, 24 Nov 2025 16:53:19 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 5AOGrBCV014876 for ; Mon, 24 Nov 2025 17:53:11 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 5AOGrBIL014875 for openvpn-devel@lists.sourceforge.net; Mon, 24 Nov 2025 17:53:11 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Mon, 24 Nov 2025 17:53:06 +0100 Message-ID: <20251124165311.14859-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Selva Nair - Append a version 4 uuid to ovpn_pipe_name to make it less predictable - Do not allow remote access to the pipe This greatly reduces the possibility of a rogue process racing to open the pipe before CreateFile() is called in the worker thread. Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vNZoU-0008Rp-QX Subject: [Openvpn-devel] [PATCH v2] Harden interactive service pipe X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1849691464188796319?= X-GMAIL-MSGID: =?utf-8?q?1849691464188796319?= From: Selva Nair - Append a version 4 uuid to ovpn_pipe_name to make it less predictable - Do not allow remote access to the pipe This greatly reduces the possibility of a rogue process racing to open the pipe before CreateFile() is called in the worker thread. Reported-by: Marc Heuse Change-Id: Ie66a142751354e421d48b273784fc79bcb9f7208 Signed-off-by: Selva Nair Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1396 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1396 This mail reflects revision 2 of this Change. Acked-by according to Gerrit (reflected above): diff --git a/src/openvpnserv/interactive.c b/src/openvpnserv/interactive.c index 0712986..7a0a075 100644 --- a/src/openvpnserv/interactive.c +++ b/src/openvpnserv/interactive.c @@ -3398,12 +3398,29 @@ goto out; } + UUID pipe_uuid; + RPC_STATUS rpc_stat = UuidCreate(&pipe_uuid); + if (rpc_stat != RPC_S_OK) + { + ReturnError(pipe, rpc_stat, L"UuidCreate", 1, &exit_event); + goto out; + } + + RPC_WSTR pipe_uuid_str = NULL; + rpc_stat = UuidToStringW(&pipe_uuid, &pipe_uuid_str); + if (rpc_stat != RPC_S_OK) + { + ReturnError(pipe, rpc_stat, L"UuidToString", 1, &exit_event); + goto out; + } swprintf(ovpn_pipe_name, _countof(ovpn_pipe_name), - L"\\\\.\\pipe\\" _L(PACKAGE) L"%ls\\service_%lu", service_instance, - GetCurrentThreadId()); + L"\\\\.\\pipe\\" _L(PACKAGE) L"%ls\\service_%lu_%ls", service_instance, + GetCurrentThreadId(), pipe_uuid_str); + RpcStringFree(&pipe_uuid_str); + ovpn_pipe = CreateNamedPipe( ovpn_pipe_name, PIPE_ACCESS_DUPLEX | FILE_FLAG_FIRST_PIPE_INSTANCE | FILE_FLAG_OVERLAPPED, - PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT, 1, 128, 128, 0, NULL); + PIPE_TYPE_MESSAGE | PIPE_READMODE_MESSAGE | PIPE_WAIT | PIPE_REJECT_REMOTE_CLIENTS, 1, 128, 128, 0, NULL); if (ovpn_pipe == INVALID_HANDLE_VALUE) { ReturnLastError(pipe, L"CreateNamedPipe");