From patchwork Thu Jan 15 09:32:29 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Gert Doering X-Patchwork-Id: 4712 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:9186:b0:80a:3855:ce6a with SMTP id j6csp851185maf; Thu, 15 Jan 2026 01:32:52 -0800 (PST) X-Forwarded-Encrypted: i=2; AJvYcCUX2Dh9k87P+p3Yx7C9osNW7jAzqr+Iq0QApbd1jqnDq/u34Nb2K34jBaeQox7jfOUMiqPK2yq1l08=@openvpn.net X-Received: by 2002:a05:6870:c0c3:b0:3f6:207d:1b74 with SMTP id 586e51a60fabf-40407013081mr3877593fac.25.1768469572029; Thu, 15 Jan 2026 01:32:52 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1768469572; cv=none; d=google.com; s=arc-20240605; b=XquM6StpFc5Z/kcWH4vyVgBWUtdhJEjynm4r0L5h249gNEKe8U6Xt+mhBNxy1Oz8/9 P/snBNq4uQThFTJtk1ddRu4btFh2uzNRUulWXNzkBrwi38+JpZbPhZaaHa67tH74BcDb rOQWc8qKWpOekbHparxsY+ZTXy9vkBnGfB43tveMHUHsNQ3RSIa55v3VKjUin2hfwKnl pH9Sy5ZM0YSymaio53mJMY6mJbmFRVX8ZVbzc6fjEwf4B9jFY7SBBIbnPDcKl1vAwovo FC4VAGr1nidIrdARiuG10SfO1Zsuv+s2p8yIKPFP4rqn+J4r/G0UzEH0nQ/EKbbNR3bN VJpQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature; bh=kAAGfjyIv3t5N9LZCUaU+LuFqKoEsWRL16GMcd3h8dg=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=jDHs9ML/AUsAcw5eSuV9nd3teql1bV4zQNMrgsb9BMjBVuK3PgdrxIApDzjcpMgyRM Ra3BFmqZaEHajk+QEx7EUbpMHjQgKwk3gRWkpcnY7VR1kIAXynGVn3/W+YkeVrA7vNnk f1Fmaq1MX/Incb0S1g794nbT4NM0BPxz8jIc8SnD7NBFh/21SXAsCHHb9ANj21mIsh+8 QBfuQaXbS4hlGFrm5bPEfXCSSc2qck8kCQ7b+/TMG9RUcDSbxjJ622rNGHUOOvNQT6md atE6qp8RXtSzssK785IzJu6DqmlIB4yZAD2FuW3P8XiVlXsH9fw6oDhWXjtK8tkeBVlE FoZA==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="CxGeXZY/"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dHhQrm0d; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mcN0fWHf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-404233e636dsi2666841fac.0.2026.01.15.01.32.51 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Thu, 15 Jan 2026 01:32:52 -0800 (PST) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b="CxGeXZY/"; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=dHhQrm0d; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=mcN0fWHf; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=muc.de DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=kAAGfjyIv3t5N9LZCUaU+LuFqKoEsWRL16GMcd3h8dg=; b=CxGeXZY/A+ADTxVqkZlRBROSeL Onp65I3ZaV5ocZ41hsBWd1b7P1xiA+nIYKHf3fzs1rjUFQGdSVWiSu91uSl0aUdo3e8MN3KwH+zuv 4QMxxndEijyKu4heQzOGSiyuuPie6oEkfNjLV0eOOkRZSyUvQOCTrOL6aZgfITYQp5+k=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1vgJij-0006nv-Pa; Thu, 15 Jan 2026 09:32:49 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1vgJii-0006nn-SM for openvpn-devel@lists.sourceforge.net; Thu, 15 Jan 2026 09:32:48 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=C/2yZYohBnfkXTKBC2+HnUBZS/M2XXWJD+vvNPDVQpU=; b=dHhQrm0d6R1iBXeEgDSTJddYeu cxooJuQ8jskwe6iPpqNzrJBMGdAyVJlrVny7FWAZ7Vo482YlUEEGJ49cp46MKwmXk4BtLirH6rcOx b5/77p61MXdrQrGQoWhq6csfZF2qTTl0sjK/snbMJxsbfzDTj+a2fVJMaO+7MDj9IVIM=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:To:From:Sender:Reply-To:Cc:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=C/2yZYohBnfkXTKBC2+HnUBZS/M2XXWJD+vvNPDVQpU=; b=mcN0fWHfEKUd18bbvqsxhZPnoa hO/7wbOTXiVfM1zYdR0jByUA34CrbuJZsMieMrnde/YxkChFiZ2CoXNO42YjYgcZG3iw2pO9EMBOh wzQY8pKwq4ttMoNMlf4p4KfVD/DOyVW22C9E4rxYMSIE3NOb5l7NXcERjUojeGNgQwY4=; Received: from [193.149.48.134] (helo=blue.greenie.muc.de) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1vgJih-0002rf-Ss for openvpn-devel@lists.sourceforge.net; Thu, 15 Jan 2026 09:32:48 +0000 Received: from blue.greenie.muc.de (localhost [127.0.0.1]) by blue.greenie.muc.de (8.18.1/8.18.1) with ESMTP id 60F9WaQQ025647 for ; Thu, 15 Jan 2026 10:32:36 +0100 Received: (from gert@localhost) by blue.greenie.muc.de (8.18.1/8.18.1/Submit) id 60F9WaQJ025646 for openvpn-devel@lists.sourceforge.net; Thu, 15 Jan 2026 10:32:36 +0100 From: Gert Doering To: openvpn-devel@lists.sourceforge.net Date: Thu, 15 Jan 2026 10:32:29 +0100 Message-ID: <20260115093235.25635-1-gert@greenie.muc.de> X-Mailer: git-send-email 2.51.2 In-Reply-To: References: MIME-Version: 1.0 X-Spam-Score: 1.3 (+) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: From: Frank Lichtenheld Make sure the value is not negative before casting it to unsigned. Change-Id: I8a5efb2ed009a702f10dc8f40c677f014547b4c8 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/open [...] Content analysis details: (1.3 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- 1.3 RDNS_NONE Delivered to internal network by a host with no rDNS X-Headers-End: 1vgJih-0002rf-Ss Subject: [Openvpn-devel] [PATCH v1] ssl_verify: Fix parsing of timeout from auth pending file X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: =?utf-8?q?1854374750002220867?= X-GMAIL-MSGID: =?utf-8?q?1854374750002220867?= From: Frank Lichtenheld Make sure the value is not negative before casting it to unsigned. Change-Id: I8a5efb2ed009a702f10dc8f40c677f014547b4c8 Signed-off-by: Frank Lichtenheld Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1451 --- This change was reviewed on Gerrit and approved by at least one developer. I request to merge it to master. Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1451 This mail reflects revision 1 of this Change. Acked-by according to Gerrit (reflected above): Gert Doering diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index a11003c..5effa2c 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -874,11 +874,6 @@ return supported; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic push -#pragma GCC diagnostic ignored "-Wconversion" -#endif - /** * Checks if the deferred state should also send auth pending * request to the client. Also removes the auth_pending control file @@ -888,7 +883,8 @@ * @returns false The file had an invlaid format or another error occured */ static bool -key_state_check_auth_pending_file(struct auth_deferred_status *ads, struct tls_multi *multi, +key_state_check_auth_pending_file(struct auth_deferred_status *ads, + struct tls_multi *multi, struct tls_session *session) { bool ret = true; @@ -916,7 +912,7 @@ buf_chomp(extra_buf); long timeout = strtol(BSTR(timeout_buf), NULL, 10); - if (timeout == 0) + if (timeout <= 0) { msg(M_WARN, "could not parse auth pending file timeout"); buffer_list_free(lines); @@ -933,14 +929,14 @@ pending_method); auth_set_client_reason(multi, buf); msg(M_INFO, - "Client does not supported auth pending method " - "'%s'", + "Client does not supported auth pending method '%s'", pending_method); ret = false; } else { - send_auth_pending_messages(multi, session, BSTR(extra_buf), timeout); + send_auth_pending_messages(multi, session, BSTR(extra_buf), + (unsigned int)timeout); } } @@ -950,10 +946,6 @@ return ret; } -#if defined(__GNUC__) || defined(__clang__) -#pragma GCC diagnostic pop -#endif - /** * Removes auth_pending and auth_control files from file system * and key_state structure