From patchwork Tue May 26 12:45:38 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4971 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:788e:b0:861:c897:cb9d with SMTP id d14csp3006216max; Tue, 26 May 2026 05:46:23 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ+K/WivHcOecMlWHL2o1Wfxh028tHc/81RVJNCV/fGg/dAQwfbd6Qn4IdIGkEtzJSu1/pVfpCvruPk=@openvpn.net X-Received: by 2002:a05:6820:290d:b0:69d:900f:4263 with SMTP id 006d021491bc7-69d900f427emr8131100eaf.16.1779799583345; Tue, 26 May 2026 05:46:23 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779799583; cv=none; d=google.com; s=arc-20240605; b=IGT7SYKpj4OwaKf81EsVDworHDoa4WVabuuPbBDWj6nrFp40JMWkbGlijiRgNz+NDa 3g/1WFrKZOfWVIMFDUV0+/Wv4d+83oU9vnYvH0zHZMRGVqpP00zoP4T05j+TmGBdukYa NI3vLtUqMhA5/JjbSLAjUYgCl1B6fH8KVgf85KZpbYKeUwZio/3sHNNWEWOurk4RXGE1 y34djxzSQ6eqB/2LaCAaeP19yOTNSYtKcdfXQBi946tdZgr/qYZ8XzBBepNteeZyyXUz aOM0qNQU82wpYgFeENQjN76UbieYaJO+5Nepz67lfvQmRy3NfvasbwcXPPxRoN3o7fr6 FLeQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:message-id:date:to:from:dkim-signature:dkim-signature :dkim-signature:dkim-signature; bh=4K0w0zTqzk/ty6aVyF+wEIIB5v/jF5YMKxr9pPrwI3M=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=Fwq5QvnbCdLazi6PPLr2LpfR8rMjhqtTxERGH4biSyNJIK8dnolfxtSdKeiFPj4Z3Y dcLba8zmZr/Tg8fx/yU680hJFseOHC8rISjxyvypSQhTenlwB398Zp/HG2qt28psD/QZ BXgvMO5RIOySt9Os4p/ScZMTYcZZZX6QXJFF7WxJStwSLc5bLOWvY0fpqQfkcY7dNnMj wPzKSYNJSth9o/6OUenl6jOsWW7HpIP5Ofyu+59KIjDcMKuUk3Nhkm5FAfbJqejRrVkX mzNocFeZm7PuXENSvTphs/JdBi44xxDJ1mJXoAQHJPcnl9uZ8cgMGUD2+SLxWr+4EKTN ek6A==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=FFSA2k17; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gw1lJeTJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fzxRHkMx; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=V44YO5V4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b6c73cf37si10247149fac.10.2026.05.26.05.46.23 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 05:46:23 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=FFSA2k17; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=gw1lJeTJ; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=fzxRHkMx; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=V44YO5V4; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:Message-ID:Date:To:From:Sender:Reply-To:Cc:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Owner; bh=4K0w0zTqzk/ty6aVyF+wEIIB5v/jF5YMKxr9pPrwI3M=; b=FFSA2k17NnLhaUuCc2sDMdQ3ok 8f7fhYb7DdYX5fTK95JA68edCYlf19NeuTAqd1Owx982hRNUmYIyhkvkv9/Y3Jdd1Zu4EGflGx0zd qaEBc7WKbMgTJd6Kh1hK87aN7shVyqj2QTw+tblBZgKQ6hG3+tv9YDyGe9Qmd/36IF3M=; Received: from [127.0.0.1] (helo=sfs-ml-4.v29.lw.sourceforge.com) by sfs-ml-4.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wRrAn-0001Om-Bp; Tue, 26 May 2026 12:46:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-4.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wRrAe-0001OY-Fp for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:In-Reply-To:References:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=qSctAYy/f+Ckd6Varr6NH262ju2Rwf5Ibuly/1iNqwY=; b=gw1lJeTJSX3FajYVsIAkRbMVzE /knQEKR6+lagZ8+ak59AXuwN6DVZ5bVgGVDKAaiMR81keoIp9b774zsyd1msqRnSjAt6Bv5VNaJk2 rJuXnm/LnBYavwpGiFzd4sRcGSxZtbYgiHYkeoicgjUiVErkhIXZPP+gONIpUba3frTY=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:Message-ID:Date:Subject:Cc:To:From :Sender:Reply-To:Content-Type:Content-ID:Content-Description:Resent-Date: Resent-From:Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:In-Reply-To: References:List-Id:List-Help:List-Unsubscribe:List-Subscribe:List-Post: List-Owner:List-Archive; bh=qSctAYy/f+Ckd6Varr6NH262ju2Rwf5Ibuly/1iNqwY=; b=f zxRHkMxRTrQcU7yeq1slvSIGFxLiC954WwaAI5wLXPOnrS+nuABM9CuCQ1TZ+4bDte79GcLkBirFF c7LMHg+pgFjw0PfE5iHZ5OLPbgYKj8UH9kpS+a8A5B8e6+2Rf4mCKjJ635xQDo84NKn6xRVBACl/F DZJJp3643g73E8Lc=; Received: from mout-b-202.mailbox.org ([195.10.208.62]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wRrAc-0007ZA-Ac for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:08 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-202.mailbox.org (Postfix) with ESMTPS id 4gPstV0hYJzDs03; Tue, 26 May 2026 14:45:54 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=MBO0001; t=1779799554; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding; bh=qSctAYy/f+Ckd6Varr6NH262ju2Rwf5Ibuly/1iNqwY=; b=V44YO5V4nT5c28u0flgMVzcH0GAhAoMOm4kr6fCDYks9iJ2+i+OXJ2Tv2nxG5pUA0pV829 ICb5gPK8Jm8sQWa3cDxGpr/pmaMbFyEC25XoNH+zCxq90fVY/rbDLmCJpRwz5NhH/29g91 wP+sllrrP0qMmHQn5NQ2ED7vEgMMetIpDX6oARnsWgHp1RoFEOgWDnOyduMjyI/44PWGTn qQKFJgoo8zPgE5tFQzwqswd7zRp0QqH8/g9Q2i0CgTSLesr297ioVb2PONdizpCvDp5A1X dZ1MSLNPH/EP4eaaazUEaHv+E4YFJa0W/MoUinAlrtqHLFD6CIn0sNMCRo4JGA== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of ralf@mandelbit.com designates 2001:67c:2050:b231:465::2 as permitted sender) smtp.mailfrom=ralf@mandelbit.com From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Tue, 26 May 2026 14:45:38 +0200 Message-ID: <20260526124544.425791-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gPstV0hYJzDs03 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ovpn operates on a userspace-owned UDP socket, which may be manipulated in various ways by userspace. If the socket is never bound, connected, or used for communication, it may not have a source port [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wRrAc-0007ZA-Ac Subject: [Openvpn-devel] [PATCH ovpn net 1/4] ovpn: avoid sending UDP packets with source port 0 X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866255127933301933 X-GMAIL-MSGID: 1866255127933301933 ovpn operates on a userspace-owned UDP socket, which may be manipulated in various ways by userspace. If the socket is never bound, connected, or used for communication, it may not have a source port assigned. Similarly, if the socket was connect()'ed to AF_INET or AF_INET6, it can be disconnected by connect() with AF_UNSPEC, which resets the source port unless the socket was explicitly bound. Since we must not transmit packets with source port 0, gate UDP TX on the presence of a valid source port and drop packets otherwise. To avoid ambiguity, sample the current source port once before route lookup and header build and enforce the check on that value. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Ralf Lici --- drivers/net/ovpn/udp.c | 12 ++++++++++-- 1 file changed, 10 insertions(+), 2 deletions(-) diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index 493a5a0744af..2610f3e23bf0 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -149,13 +149,17 @@ static int ovpn_udp4_output(struct ovpn_peer *peer, struct ovpn_bind *bind, struct flowi4 fl = { .saddr = bind->local.ipv4.s_addr, .daddr = bind->remote.in4.sin_addr.s_addr, - .fl4_sport = inet_sk(sk)->inet_sport, + .fl4_sport = READ_ONCE(inet_sk(sk)->inet_sport), .fl4_dport = bind->remote.in4.sin_port, .flowi4_proto = sk->sk_protocol, .flowi4_mark = sk->sk_mark, }; int ret; + /* an uninitialized socket or connect(AF_UNSPEC) can cause this */ + if (unlikely(!fl.fl4_sport)) + return -EADDRNOTAVAIL; + local_bh_disable(); rt = dst_cache_get_ip4(cache, &fl.saddr); if (rt) @@ -226,13 +230,17 @@ static int ovpn_udp6_output(struct ovpn_peer *peer, struct ovpn_bind *bind, struct flowi6 fl = { .saddr = bind->local.ipv6, .daddr = bind->remote.in6.sin6_addr, - .fl6_sport = inet_sk(sk)->inet_sport, + .fl6_sport = READ_ONCE(inet_sk(sk)->inet_sport), .fl6_dport = bind->remote.in6.sin6_port, .flowi6_proto = sk->sk_protocol, .flowi6_mark = sk->sk_mark, .flowi6_oif = bind->remote.in6.sin6_scope_id, }; + /* an uninitialized socket or connect(AF_UNSPEC) can cause this */ + if (unlikely(!fl.fl6_sport)) + return -EADDRNOTAVAIL; + local_bh_disable(); dst = dst_cache_get_ip6(cache, &fl.saddr); if (dst) From patchwork Tue May 26 12:45:39 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4973 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:788e:b0:861:c897:cb9d with SMTP id d14csp3006238max; Tue, 26 May 2026 05:46:25 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ8cmt9zqjmCSXlGi7eLPJK2MGkJUZRlTieV9je0pL5BS86qnEU4mBUqIOMKCDRj32496g5uO9/WFJc=@openvpn.net X-Received: by 2002:a05:6808:1a0c:b0:485:4f80:1652 with SMTP id 5614622812f47-4854f80183dmr7946076b6e.2.1779799584942; Tue, 26 May 2026 05:46:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779799584; cv=none; d=google.com; s=arc-20240605; b=ggQ1rm7v9p3RepedOXCG0MY71GcYSCThiSwDqypvdVyL6q7/e2WZ1tSocjxCA+XWcA ukHCh/HknBNs50kRCmLU9JhqPAVnon/fhFt4KGCpJIljiB8QdrXKsnRybUBkoUJZjsOB fHAJgw13v6xtgmUavZlPa1iUHWUv1e4matAC6mBL51dOYCwTm8q9/2W0SuEbtufjMiSZ QB2jKATBvOaQtLBiUnp36RP5l5H65W4wb8y9qfkpXvWA/Mr0Ym6ETqlT5qxSrAgrWo43 b7FcbUnArMO0jUAKhgPY7UfrhhiiFPRXNy2aLEqBTscpmCMQumedHM8NKKsVOo82gPht jCBA== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=o2iof7UO1XnKobOsH7/ceMUHNuC5fdT47lZeltvwEeA=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=ExAuO9aB4VvtjEv/5RDOJnor91RclxE3gTtG32fASdAR5frLBimvSr/4yTPI0exJtw UUlI/QNe4VDTz2nff1IOSnyI02wYMV9VRc04XfPNT9w6WapW/c5T1H5O0eFTcp6BBO7i RJ0vjtE1DSb3StSUEAwlxFKqOoxrh1OT0PWknDmEO1A6ja8u13OdBLmvFG4ty1UjB4RH WArmIQDRGfxfEXnd9QmKl2OuKcGmlgzVXMCWu6W40st8M1pC1cwmaT+79xpOtwDsU4wO qlCLou6uK2oZ9SNBdjYlEx8kwElxmoFPuysDPIlMgacQZA2lxGA/jPXpGfeMBJobvZpC iWYQ==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Np70b842; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CDMONEps; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KmdRuYa7; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=1psX9Q4X; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63bac51asi10729328fac.199.2026.05.26.05.46.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 05:46:24 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=Np70b842; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CDMONEps; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=KmdRuYa7; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=1psX9Q4X; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=o2iof7UO1XnKobOsH7/ceMUHNuC5fdT47lZeltvwEeA=; b=Np70b842yI64sz+hH9YflR5sQ8 VhRvSQXdOwD0GrJb3T1dDLZ9AKGj/C/M8ducmjBS9ebW4nffbxIlFvIf29ZHlK5lQWu2I6dDRi/0i fHQ4mDm9aQbrKmWSEA4gq7k7lpZwpSdgdnjXWhKHOjCYAQ7SxgORi+E53RClfHJiasRY=; Received: from [127.0.0.1] (helo=sfs-ml-1.v29.lw.sourceforge.com) by sfs-ml-1.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wRrAm-000583-IV; Tue, 26 May 2026 12:46:14 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-1.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wRrAd-00057h-Px for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:07 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=K1H9y3XpTZevsf6lVzm+dN951O5cGbwpgsYfvZMpO5c=; b=CDMONEpsiRqOGmcPRpNawSBRby EDGw6qjr6VYpNPEFR5Y5Ad7xxMSgWTrQO/chOl+9c2bZVwbuBx5YB1bvs+KZpHK2uuIkmomjZTFVM B67MlR1/O31MiNPD5OhdBNkYdPBU/BtftFmaYs3MZFdwPVDsb763mduztrsETZGZ9hu0=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=K1H9y3XpTZevsf6lVzm+dN951O5cGbwpgsYfvZMpO5c=; b=KmdRuYa7IIHDPam/+GXwTH7YBA GAQTUfT5XnxIIXVqZTfcisrvf2YRPbMOYl9bPjLx8zvwgwdFzXInATmZMgSO1H96W9SWTpSm7ax2H +4wZQSIyo2ZOmY43E2XfmLyY4MTGK+dkmUBoiTnFT6smE9GyGVBbtoR1ZjrtUPQZclWE=; Received: from mout-b-202.mailbox.org ([195.10.208.62]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wRrAZ-0007Z5-4L for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:05 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-202.mailbox.org (Postfix) with ESMTPS id 4gPstX1HvQzDs1r; Tue, 26 May 2026 14:45:56 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=MBO0001; t=1779799556; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=K1H9y3XpTZevsf6lVzm+dN951O5cGbwpgsYfvZMpO5c=; b=1psX9Q4XLqptDZdrRiPlxIwF9VgGAUt4AaYfMmpiCh/7LLIp1rlyqxttszOQlgoT8X9FmP z9W2gZ/zOT8OefBU3MzQx7tVyouTqjPXhbODrYMyBibDaGBWuhWYUIg7Dmy1MdapWlOzY0 BFzlRjAKgPNgzm/1YXCpfSV1ArzcXXH11skDs7ezEAAwc8rJUVGdMpbJjA2U4cUA02n6HJ GF26j5tamfdgRnNB8W9PUQGlS5jh/FgDP3H3sM2HfE1fRERzHcW0l9+MEYI8FKKENYT2Yu G7Zckz9pLqmqv7rHmK8yyJabsoz5kh7nS/yTBGBCHlROGFtSaSSbMvztbLUN7Q== From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Tue, 26 May 2026 14:45:39 +0200 Message-ID: <20260526124544.425791-2-ralf@mandelbit.com> In-Reply-To: <20260526124544.425791-1-ralf@mandelbit.com> References: <20260526124544.425791-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ovpn accepts a userspace-provided socket and attaches transport-specific state to it. The current checks use sk_protocol to select the UDP or TCP attach path, but sk_protocol alone does not identify t [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wRrAZ-0007Z5-4L Subject: [Openvpn-devel] [PATCH ovpn net 2/4] ovpn: validate sockets before attaching peer transports X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866255129900818789 X-GMAIL-MSGID: 1866255129900818789 ovpn accepts a userspace-provided socket and attaches transport-specific state to it. The current checks use sk_protocol to select the UDP or TCP attach path, but sk_protocol alone does not identify the socket layout. For example, a raw socket can have sk_protocol set to IPPROTO_UDP while its storage is not a struct udp_sock. Passing such a socket to the UDP attach path would make ovpn read and write udp_sock fields on the wrong object, potentially accessing memory beyond the actual socket storage. Reject sockets unless they are real UDP datagram or TCP stream sockets before attaching them to ovpn in the peer creation path. This lets netlink report a clear error before calling the socket attach helper. Also switch ovpn_socket_new to sk_is_tcp and sk_is_udp, matching the netlink validation performed before the helper is called. This does not change the accepted socket types, but makes the helper's assumptions explicit. Fixes: f6226ae7a0cd ("ovpn: introduce the ovpn_socket object") Fixes: 1d36a36f6d53 ("ovpn: implement peer add/get/dump/delete via netlink") Signed-off-by: Ralf Lici --- drivers/net/ovpn/netlink.c | 15 +++++++++++++-- drivers/net/ovpn/socket.c | 16 +++++++++------- 2 files changed, 22 insertions(+), 9 deletions(-) diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index 291e2e5bb450..01ae5a40e31d 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -400,10 +400,21 @@ int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info) goto peer_release; } + /* sk_protocol is not enough to determine if this is a real UDP or TCP + * socket + */ + if (!sk_is_udp(sock->sk) && !sk_is_tcp(sock->sk)) { + NL_SET_ERR_MSG_FMT_MOD(info->extack, + "socket is not TCP or UDP"); + sockfd_put(sock); + ret = -EOPNOTSUPP; + goto peer_release; + } + /* Only when using UDP as transport protocol the remote endpoint * can be configured so that ovpn knows where to send packets to. */ - if (sock->sk->sk_protocol == IPPROTO_UDP && + if (sk_is_udp(sock->sk) && !attrs[OVPN_A_PEER_REMOTE_IPV4] && !attrs[OVPN_A_PEER_REMOTE_IPV6]) { NL_SET_ERR_MSG_FMT_MOD(info->extack, @@ -417,7 +428,7 @@ int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info) * will just send bytes over it, without the need to specify a * destination. */ - if (sock->sk->sk_protocol == IPPROTO_TCP && + if (sk_is_tcp(sock->sk) && (attrs[OVPN_A_PEER_REMOTE_IPV4] || attrs[OVPN_A_PEER_REMOTE_IPV6])) { NL_SET_ERR_MSG_FMT_MOD(info->extack, diff --git a/drivers/net/ovpn/socket.c b/drivers/net/ovpn/socket.c index 517caa64a4fe..7f34f0f11f13 100644 --- a/drivers/net/ovpn/socket.c +++ b/drivers/net/ovpn/socket.c @@ -126,13 +126,15 @@ static int ovpn_socket_attach(struct ovpn_socket *ovpn_sock, /** * ovpn_socket_new - create a new socket and initialize it - * @sock: the kernel socket to embed + * @sock: the kernel socket to embed; must be a real UDP or TCP socket * @peer: the peer reachable via this socket * * Return: an openvpn socket on success or a negative error code otherwise */ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) { + const bool tcp = sk_is_tcp(sock->sk); + const bool udp = sk_is_udp(sock->sk); struct ovpn_socket *ovpn_sock; struct sock *sk = sock->sk; int ret; @@ -142,7 +144,7 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) /* a TCP socket can only be owned by a single peer, therefore there * can't be any other user */ - if (sk->sk_protocol == IPPROTO_TCP && sk->sk_user_data) { + if (tcp && sk->sk_user_data) { ovpn_sock = ERR_PTR(-EBUSY); goto sock_release; } @@ -150,7 +152,7 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) /* a UDP socket can be shared across multiple peers, but we must make * sure it is not owned by something else */ - if (sk->sk_protocol == IPPROTO_UDP) { + if (udp) { u8 type = READ_ONCE(udp_sk(sk)->encap_type); /* socket owned by other encapsulation module */ @@ -203,11 +205,11 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) /* TCP sockets are per-peer, therefore they are linked to their unique * peer */ - if (sk->sk_protocol == IPPROTO_TCP) { + if (tcp) { INIT_WORK(&ovpn_sock->tcp_tx_work, ovpn_tcp_tx_work); ovpn_sock->peer = peer; ovpn_peer_hold(peer); - } else if (sk->sk_protocol == IPPROTO_UDP) { + } else if (udp) { /* in UDP we only link the ovpn instance since the socket is * shared among multiple peers */ @@ -228,9 +230,9 @@ struct ovpn_socket *ovpn_socket_new(struct socket *sock, struct ovpn_peer *peer) ret = ovpn_socket_attach(ovpn_sock, sock, peer); if (ret < 0) { - if (sk->sk_protocol == IPPROTO_TCP) + if (tcp) ovpn_peer_put(peer); - else if (sk->sk_protocol == IPPROTO_UDP) + else if (udp) netdev_put(peer->ovpn->dev, &ovpn_sock->dev_tracker); sock_put(sk); From patchwork Tue May 26 12:45:40 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4970 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:788e:b0:861:c897:cb9d with SMTP id d14csp3006203max; Tue, 26 May 2026 05:46:22 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ9KbWRIAHH8ACx7kywHYzNEGtTZkpW/TGNhq2wpTr4KSdiHcTRoHh8DhxPZ6+ekmEwn4hzsF46NOfs=@openvpn.net X-Received: by 2002:a05:6870:a103:b0:42c:7f40:b10 with SMTP id 586e51a60fabf-43b5acdfbf2mr10513569fac.21.1779799581976; Tue, 26 May 2026 05:46:21 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779799581; cv=none; d=google.com; s=arc-20240605; b=lAKbkAnZn7y754uvHDdxpSc0r1tcT8ekQgtungCrzj901w9sD/NFPULzFJ1Ml3BEp/ QuOPqpKlxr7wu9dYXE1nJO3naZMOGgFYIFmb0uOw+E6GiQUgTFM5KMgWGG6SunFJmOxD +kO7oOaEkBdc8L52gGTb6Gmv1ujnqqdrKoEtzFuKTnj1TbacGdLpZsaD2ORcCYd5KObj de2hHgJSb/jE4AJtEY0N5rM1w+r2/N6ZrcpKTvjDLaeYHOP+4A3rSpSl6LFokeQRZJXu NTSrWe0wmoAbZlWOCQoZsOMrszgIcSNWX5XLfBhY1CIQ34AdE1/2mcy1PRNBB/jWf7uA JGCg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=G709azmeqe1Hxp/ucbRQ/Bi+h0aopu2Xs6HYu6fgIqs=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=E09nY0LZrxpcVQRjpuRYstkD5ijNaT4ULOWS65BE8sleWT3p/iJXL/ZqL2IzA5V6D7 TDnSJpHNo3uE4g8znKf/4CKitlcDQTidNHU8H43L4UazD9Mq/CZMgDbdevwAKmxlN/bw Ur7Pc2+Rwn/Eq54qYi69HwCAEBcd0HqyOuh4giNkCcwtEaGedxze5xoD2pIHCFHEYzVK Aer2JaNIv08YYXywIEao2U2WMAlypkGuXHVJlCZpobM1inEdx5lPG8wWk0vKkpKf3k38 F+KCU5UGbIO4aw4U+H9+Y3ywM/XF2HS0FeVEDo66ahUf1e0DL7Mpi3NfJjkvCzItcx1J Tsbw==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=h+JMPoiX; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Fbj7LYNK; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=LiURtovW; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b="nh/TscuQ"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63c72f15si10661959fac.276.2026.05.26.05.46.21 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 05:46:21 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=h+JMPoiX; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=Fbj7LYNK; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=LiURtovW; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b="nh/TscuQ"; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=G709azmeqe1Hxp/ucbRQ/Bi+h0aopu2Xs6HYu6fgIqs=; b=h+JMPoiXYc+4xm3w/OagDTGJQn fdbTOvlNY2X+FLpKbq552jqDRkj7Tm8CQeFrWknz10HC1Wkqb5Dq944+qpP3pJ4nTB6jIHkIVUAtF uFetFZRA+S/z8OrVDcEqIJZrIbs6KJKCuiayn1QwrE3o9K2QRiUWV9mX+yW9EltaKOao=; Received: from [127.0.0.1] (helo=sfs-ml-2.v29.lw.sourceforge.com) by sfs-ml-2.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wRrAk-0000OB-Vl; Tue, 26 May 2026 12:46:16 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-2.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wRrAb-0000NG-U8 for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:08 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=yXURBZixdH+wajSJQyN5No43Z44Et6pWdE2IyFmfBXw=; b=Fbj7LYNKft9CtV7pJz+KU/cXhQ b6pj7lTRe3BoAtO4LzIx9me9SrMBbW+/+C/NT5c4FSVRDo64gEMJSdTXPSE/cBk9IjP5YgUZ959bD PZ3zVEclp286JsuWciKfB6yj8qbLptK9d5J4w7ny1Dvew//KdMdQfOPiLTZkS6DNQtxk=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=yXURBZixdH+wajSJQyN5No43Z44Et6pWdE2IyFmfBXw=; b=LiURtovWZjK0dqQ4x4ENh2r027 TPEbb5PgXlEzC0YVmHVLh9SD1gGdRfr7YGlvJ6HCxkrtd4qk86nZj4nZwUUHVa/jczI/EpOkXtU2d 13+4meUAHUhcyoKFCa2dTnPu8zcetWngEMWTH5pwaBUJtH1f+L3XwBp2hVCVQ/U/sTrA=; Received: from mout-b-202.mailbox.org ([195.10.208.62]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wRrAb-0007Z9-98 for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:06 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [IPv6:2001:67c:2050:b231:465::2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-202.mailbox.org (Postfix) with ESMTPS id 4gPstZ0D58zDrtx; Tue, 26 May 2026 14:45:58 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=MBO0001; t=1779799558; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=yXURBZixdH+wajSJQyN5No43Z44Et6pWdE2IyFmfBXw=; b=nh/TscuQ3PtRwWsulHU9BnmPU5dWpL9mFjOurrnUR3yRQJr5jmlKkv6rDY37JdNOtvxp9U sB/nWtEoBlw5t2FYHPGz+1Ej5WuAwpGGzjxqSwwNMKyeih4t+SYAs8wy/9HofGRNMtV44a aN/Id+kBkneOmuSPavlorbAn4m0su8BGw7WDlIq6InAb2K15ycwLweRgge5PDgvmQ7b7qa IiNCozWMyGUTdNHL2bQqEvDNhXSgSyOkEUcGwtucE+6cLY/bsh0CgORca7dwlhpD0FrwP3 hZdiKybU5U8HtCPw6to00xvt9vhzz+0b3k/CbwzTucxmVtd1Ubxg7pDL4EV8CA== Authentication-Results: outgoing_mbo_mout; dkim=none; spf=pass (outgoing_mbo_mout: domain of ralf@mandelbit.com designates 2001:67c:2050:b231:465::2 as permitted sender) smtp.mailfrom=ralf@mandelbit.com From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Tue, 26 May 2026 14:45:40 +0200 Message-ID: <20260526124544.425791-3-ralf@mandelbit.com> In-Reply-To: <20260526124544.425791-1-ralf@mandelbit.com> References: <20260526124544.425791-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Rspamd-Queue-Id: 4gPstZ0D58zDrtx X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-2.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ovpn accepts a userspace-provided socket and a peer remote endpoint through netlink. For UDP peers, the remote endpoint family selects the transmit path used later by ovpn_udp_output. An IPv4 UDP socket cannot be used with an IPv6 remote endpoint. If accepted, the transmit path may reach IPv6 routing and UDP tunnel helpers with an IPv4 socket. Similarly, an IPv6-only UDP socket can [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wRrAb-0007Z9-98 Subject: [Openvpn-devel] [PATCH ovpn net 3/4] ovpn: reject UDP remotes incompatible with socket family X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866255126342587441 X-GMAIL-MSGID: 1866255126342587441 ovpn accepts a userspace-provided socket and a peer remote endpoint through netlink. For UDP peers, the remote endpoint family selects the transmit path used later by ovpn_udp_output. An IPv4 UDP socket cannot be used with an IPv6 remote endpoint. If accepted, the transmit path may reach IPv6 routing and UDP tunnel helpers with an IPv4 socket. Similarly, an IPv6-only UDP socket cannot be used with an IPv4 remote endpoint. Otherwise ovpn may enter the IPv4 UDP transmit path, where IPv4 routing treats the unspecified source as a normal source-selection request and may choose an IPv4 source address, bypassing the check that udpv6_sendmsg would normally enforce. Parse the remote endpoint once in the peer new/set paths and reject UDP remotes when the provided socket cannot send to them. Pass the parsed endpoint into the common peer modify helper so the validation and the stored endpoint use the same normalized sockaddr. Fixes: 1d36a36f6d53 ("ovpn: implement peer add/get/dump/delete via netlink") Signed-off-by: Ralf Lici --- drivers/net/ovpn/netlink.c | 130 ++++++++++++++++++++++++++----------- 1 file changed, 92 insertions(+), 38 deletions(-) diff --git a/drivers/net/ovpn/netlink.c b/drivers/net/ovpn/netlink.c index 01ae5a40e31d..2a685fc95d6d 100644 --- a/drivers/net/ovpn/netlink.c +++ b/drivers/net/ovpn/netlink.c @@ -271,15 +271,17 @@ static int ovpn_nl_peer_precheck(struct ovpn_priv *ovpn, * @peer: the peer to modify * @info: generic netlink info from the user request * @attrs: the attributes from the user request + * @remote: remote address, if provided * * Return: a negative error code in case of failure, 0 on success or 1 on * success and the VPN IPs have been modified (requires rehashing in MP * mode) */ static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info *info, - struct nlattr **attrs) + struct nlattr **attrs, + const struct sockaddr_storage *remote) { - struct sockaddr_storage ss = {}; + struct sockaddr_storage empty_remote = {}; void *local_ip = NULL; u32 interv, timeout; bool rehash = false; @@ -287,15 +289,15 @@ static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info *info, spin_lock_bh(&peer->lock); - if (ovpn_nl_attr_sockaddr_remote(attrs, &ss)) { + if (remote) { /* we carry the local IP in a generic container. * ovpn_peer_reset_sockaddr() will properly interpret it - * based on ss.ss_family + * based on remote->ss_family */ local_ip = ovpn_nl_attr_local_ip(attrs); /* set peer sockaddr */ - ret = ovpn_peer_reset_sockaddr(peer, &ss, local_ip); + ret = ovpn_peer_reset_sockaddr(peer, remote, local_ip); if (ret < 0) { NL_SET_ERR_MSG_FMT_MOD(info->extack, "cannot set peer sockaddr: %d", @@ -333,7 +335,7 @@ static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info *info, netdev_dbg(peer->ovpn->dev, "modify peer id=%u tx_id=%u endpoint=%pIScp VPN-IPv4=%pI4 VPN-IPv6=%pI6c\n", - peer->id, peer->tx_id, &ss, + peer->id, peer->tx_id, remote ?: &empty_remote, &peer->vpn_addrs.ipv4.s_addr, &peer->vpn_addrs.ipv6); spin_unlock_bh(&peer->lock); @@ -344,10 +346,41 @@ static int ovpn_nl_peer_modify(struct ovpn_peer *peer, struct genl_info *info, return ret; } +/** + * ovpn_nl_udp_remote_compatible - check if a UDP socket can use a remote + * @sk: UDP socket to validate + * @remote: remote endpoint to validate against the socket + * @extack: netlink extended ACK for reporting validation errors + * + * Return: 0 if the remote endpoint is compatible with the socket or a negative + * error code otherwise. + */ +static int ovpn_nl_udp_remote_compatible(const struct sock *sk, + const struct sockaddr_storage *remote, + struct netlink_ext_ack *extack) +{ + if (sk->sk_family == AF_INET && remote->ss_family == AF_INET6) { + NL_SET_ERR_MSG_FMT_MOD(extack, + "UDP socket is IPv4 but remote is IPv6"); + return -EAFNOSUPPORT; + } + + if (sk->sk_family == AF_INET6 && ipv6_only_sock(sk) && + remote->ss_family == AF_INET) { + NL_SET_ERR_MSG_FMT_MOD(extack, + "UDP socket is IPv6-only but remote is IPv4"); + return -EAFNOSUPPORT; + } + + return 0; +} + int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info) { - struct nlattr *attrs[OVPN_A_PEER_MAX + 1]; + const struct sockaddr_storage *remote = NULL; struct ovpn_priv *ovpn = info->user_ptr[0]; + struct nlattr *attrs[OVPN_A_PEER_MAX + 1]; + struct sockaddr_storage ss = {}; struct ovpn_socket *ovpn_sock; struct socket *sock = NULL; struct ovpn_peer *peer; @@ -411,26 +444,34 @@ int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info) goto peer_release; } - /* Only when using UDP as transport protocol the remote endpoint - * can be configured so that ovpn knows where to send packets to. - */ - if (sk_is_udp(sock->sk) && - !attrs[OVPN_A_PEER_REMOTE_IPV4] && - !attrs[OVPN_A_PEER_REMOTE_IPV6]) { - NL_SET_ERR_MSG_FMT_MOD(info->extack, - "missing remote IP address for UDP socket"); - sockfd_put(sock); - ret = -EINVAL; - goto peer_release; - } + if (ovpn_nl_attr_sockaddr_remote(attrs, &ss)) + remote = &ss; - /* In case of TCP, the socket is connected to the peer and ovpn - * will just send bytes over it, without the need to specify a - * destination. - */ - if (sk_is_tcp(sock->sk) && - (attrs[OVPN_A_PEER_REMOTE_IPV4] || - attrs[OVPN_A_PEER_REMOTE_IPV6])) { + if (sk_is_udp(sock->sk)) { + /* Only when using UDP as transport protocol the remote + * endpoint can be configured so that ovpn knows where to send + * packets to. + */ + if (!remote) { + NL_SET_ERR_MSG_FMT_MOD(info->extack, + "missing remote IP address for UDP socket"); + sockfd_put(sock); + ret = -EINVAL; + goto peer_release; + } + + /* can the socket be used with this remote? */ + ret = ovpn_nl_udp_remote_compatible(sock->sk, remote, + info->extack); + if (ret < 0) { + sockfd_put(sock); + goto peer_release; + } + } else if (remote) { + /* In case of TCP, the socket is connected to the peer and ovpn + * will just send bytes over it, without the need to specify a + * destination. + */ NL_SET_ERR_MSG_FMT_MOD(info->extack, "unexpected remote IP address with TCP socket"); sockfd_put(sock); @@ -456,7 +497,7 @@ int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info) rcu_assign_pointer(peer->sock, ovpn_sock); - ret = ovpn_nl_peer_modify(peer, info, attrs); + ret = ovpn_nl_peer_modify(peer, info, attrs, remote); if (ret < 0) goto sock_release; @@ -483,8 +524,10 @@ int ovpn_nl_peer_new_doit(struct sk_buff *skb, struct genl_info *info) int ovpn_nl_peer_set_doit(struct sk_buff *skb, struct genl_info *info) { - struct nlattr *attrs[OVPN_A_PEER_MAX + 1]; + const struct sockaddr_storage *remote = NULL; struct ovpn_priv *ovpn = info->user_ptr[0]; + struct nlattr *attrs[OVPN_A_PEER_MAX + 1]; + struct sockaddr_storage ss = {}; struct ovpn_socket *sock; struct ovpn_peer *peer; u32 peer_id; @@ -516,22 +559,33 @@ int ovpn_nl_peer_set_doit(struct sk_buff *skb, struct genl_info *info) return -ENOENT; } - /* when using a TCP socket the remote IP is not expected */ + if (ovpn_nl_attr_sockaddr_remote(attrs, &ss)) + remote = &ss; + rcu_read_lock(); sock = rcu_dereference(peer->sock); - if (sock && sock->sk->sk_protocol == IPPROTO_TCP && - (attrs[OVPN_A_PEER_REMOTE_IPV4] || - attrs[OVPN_A_PEER_REMOTE_IPV6])) { - rcu_read_unlock(); - NL_SET_ERR_MSG_FMT_MOD(info->extack, - "unexpected remote IP address with TCP socket"); - ovpn_peer_put(peer); - return -EINVAL; + if (sock && remote) { + if (sk_is_udp(sock->sk)) { + ret = ovpn_nl_udp_remote_compatible(sock->sk, remote, + info->extack); + if (ret < 0) { + rcu_read_unlock(); + ovpn_peer_put(peer); + return ret; + } + } else if (sk_is_tcp(sock->sk)) { + /* when using a TCP socket remote IP is not expected */ + NL_SET_ERR_MSG_FMT_MOD(info->extack, + "unexpected remote IP address with TCP socket"); + rcu_read_unlock(); + ovpn_peer_put(peer); + return -EINVAL; + } } rcu_read_unlock(); spin_lock_bh(&ovpn->lock); - ret = ovpn_nl_peer_modify(peer, info, attrs); + ret = ovpn_nl_peer_modify(peer, info, attrs, remote); if (ret < 0) { spin_unlock_bh(&ovpn->lock); ovpn_peer_put(peer); From patchwork Tue May 26 12:45:41 2026 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: Ralf Lici X-Patchwork-Id: 4972 Return-Path: Delivered-To: patchwork@openvpn.net Received: by 2002:a05:7000:788e:b0:861:c897:cb9d with SMTP id d14csp3006236max; Tue, 26 May 2026 05:46:24 -0700 (PDT) X-Forwarded-Encrypted: i=2; AFNElJ9vVxvYsqfUnKcVrZfN0O86tB5A6l5AbP6DZ5m1edI3jDzruhAtWHYJoc67BDJf2Yql+kg4+JCzVZ8=@openvpn.net X-Received: by 2002:a05:6871:ea83:b0:43b:5bb4:d80e with SMTP id 586e51a60fabf-43b5bb54e09mr8978164fac.10.1779799584665; Tue, 26 May 2026 05:46:24 -0700 (PDT) ARC-Seal: i=1; a=rsa-sha256; t=1779799584; cv=none; d=google.com; s=arc-20240605; b=d2/t14VAU6nk0D5q2O8Htr6n3z0Jfq15NfWFZMj712EZV1BBpTLoQGLTyWpqpn72KN 0R61v96pZhZbWwQd69RMSOoh7GMrRZI+/7YTLXu1ROgeDMVmhFEnqi71F39eJcgrU93V 33qWP58deSzHrP0Xy159qMjET80fXG5Stk4ixLf+upne2vupOsWB2773l6Ow/yT8HJxs bze0/dOh0SUJ6PhrfcYVaK/h+m0MRnSi2PeF1phr99ong4Y9Lqd8rmrz7XDvE91nc7jn 3jfx5TXmwNLtsnfEteCnGfCBNTcGKxliw4lhVdArVz+oOQ58ifvXHJ2JCEAFIVMm7r1/ he8w== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20240605; h=errors-to:content-transfer-encoding:list-subscribe:list-help :list-post:list-archive:list-unsubscribe:list-id:precedence:subject :mime-version:references:in-reply-to:message-id:date:to:from :dkim-signature:dkim-signature:dkim-signature:dkim-signature; bh=YsfB5XNRGcNL6K8hcUGjENev9BrugD8QyyXalmO1PuQ=; fh=4NbAC/LsuMLI0S0hprUlLSLCiHwg6SCAifhH718Jh0Q=; b=chO/dL/RL0LnIW6OQkELZmt3Hd5HVjEW/CHkRclqo87vya+juQdnovCU02KIAAPGK9 BCAGYSdmHTPK9sj4NmeAsZtkHMmmmfHPnh+Epq+HhhsxlqJfOprkC7ddu4m9oFhABkro rWwF7n+NQtBt84aDYeMhd6/uqqXa3e6/xx95U6t77EK4ngo5wQaQnbPAwOr0w3726nAd RjVDAS9sqLNyqXEL+pK6yYHyuFg6TWXlEU+Am1/dPm/QrOrHTQMaU8JNTmWvtCZSW1y8 nPHe7B56kFjD/pMAR/2u7z4ePz/wU9o6SUV/2U60s6qB5A2UET6FMyAiQTEOAzl3IyRJ D85g==; dara=google.com ARC-Authentication-Results: i=1; mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=CS+LvS3L; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CoWgwoH7; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Td4eF4Ka; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=qK+cV2OR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net Received: from lists.sourceforge.net (lists.sourceforge.net. [216.105.38.7]) by mx.google.com with ESMTPS id 586e51a60fabf-43b63c51d4esi10996932fac.257.2026.05.26.05.46.24 (version=TLS1_2 cipher=ECDHE-ECDSA-AES128-GCM-SHA256 bits=128/128); Tue, 26 May 2026 05:46:24 -0700 (PDT) Received-SPF: pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) client-ip=216.105.38.7; Authentication-Results: mx.google.com; dkim=pass header.i=@lists.sourceforge.net header.s=beta header.b=CS+LvS3L; dkim=neutral (body hash did not verify) header.i=@sourceforge.net header.s=x header.b=CoWgwoH7; dkim=neutral (body hash did not verify) header.i=@sf.net header.s=x header.b=Td4eF4Ka; dkim=neutral (body hash did not verify) header.i=@mandelbit.com header.s=MBO0001 header.b=qK+cV2OR; spf=pass (google.com: domain of openvpn-devel-bounces@lists.sourceforge.net designates 216.105.38.7 as permitted sender) smtp.mailfrom=openvpn-devel-bounces@lists.sourceforge.net DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=lists.sourceforge.net; s=beta; h=Content-Transfer-Encoding:Content-Type: List-Subscribe:List-Help:List-Post:List-Archive:List-Unsubscribe:List-Id: Subject:MIME-Version:References:In-Reply-To:Message-ID:Date:To:From:Sender: Reply-To:Cc:Content-ID:Content-Description:Resent-Date:Resent-From: Resent-Sender:Resent-To:Resent-Cc:Resent-Message-ID:List-Owner; bh=YsfB5XNRGcNL6K8hcUGjENev9BrugD8QyyXalmO1PuQ=; b=CS+LvS3LU7+VYYUEcjYgslspOr nM/sj2BciJBztQdAfOKbtQfvUEZbhYXY8v+zArlFNaFubXYVse9uWvzaFBoVuERxJbvuSk2c6kFhv nZ9oGqQ/LffWsb5xsVHj6ftchh6rLp+m2yT+YoeaDGCj64tLMBSCwP2OaatYTK2g4zUM=; Received: from [127.0.0.1] (helo=sfs-ml-3.v29.lw.sourceforge.com) by sfs-ml-3.v29.lw.sourceforge.com with esmtp (Exim 4.95) (envelope-from ) id 1wRrAm-0007a4-DD; Tue, 26 May 2026 12:46:17 +0000 Received: from [172.30.29.66] (helo=mx.sourceforge.net) by sfs-ml-3.v29.lw.sourceforge.com with esmtps (TLS1.2) tls TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384 (Exim 4.95) (envelope-from ) id 1wRrAj-0007Zu-Eo for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:14 +0000 DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sourceforge.net; s=x; h=Content-Transfer-Encoding:MIME-Version:References: In-Reply-To:Message-ID:Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type: Content-ID:Content-Description:Resent-Date:Resent-From:Resent-Sender: Resent-To:Resent-Cc:Resent-Message-ID:List-Id:List-Help:List-Unsubscribe: List-Subscribe:List-Post:List-Owner:List-Archive; bh=Nx9PlGRrQ+xzXm4gen2I/NdhH3MCs3z5a5q3sWzBPGQ=; b=CoWgwoH7R9AEL8jNTjGKNMCIOS daSadMP8bdcaau/1S+4/+SIxoTCuRXiYP3dEYq1Hr9VYQbEMgLevqf2gzOJe/tzVieYVJ80TpG8al wiBN/FfFQ+zd7S+gNkGW5kwG6GbD+UlwDlb6PNSUvpohinS6SROxdliw/+2oL9WQzoCs=; DKIM-Signature: v=1; a=rsa-sha256; q=dns/txt; c=relaxed/relaxed; d=sf.net; s=x ; h=Content-Transfer-Encoding:MIME-Version:References:In-Reply-To:Message-ID: Date:Subject:Cc:To:From:Sender:Reply-To:Content-Type:Content-ID: Content-Description:Resent-Date:Resent-From:Resent-Sender:Resent-To:Resent-Cc :Resent-Message-ID:List-Id:List-Help:List-Unsubscribe:List-Subscribe: List-Post:List-Owner:List-Archive; bh=Nx9PlGRrQ+xzXm4gen2I/NdhH3MCs3z5a5q3sWzBPGQ=; b=Td4eF4Ka8LlymjfUgOxI5A3iad BzEcx6hx+1l7+hRbAxouKL40aRIsukcpYfaDYn0aRVNjRySM8AcdT+wA9E0Ee0J8qCOfS9bpqrrmJ 05bjSldkFG1fdBzMWdTRJjLELz3fXt1o1Ioyp3yI/C32md0tbkfm0dtmRSUHduo1TXnE=; Received: from mout-b-201.mailbox.org ([195.10.208.61]) by sfi-mx-2.v28.lw.sourceforge.com with esmtps (TLS1.2:ECDHE-RSA-AES256-GCM-SHA384:256) (Exim 4.95) id 1wRrAh-0007ZQ-TB for openvpn-devel@lists.sourceforge.net; Tue, 26 May 2026 12:46:13 +0000 Received: from smtp2.mailbox.org (smtp2.mailbox.org [10.196.197.2]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (No client certificate requested) by mout-b-201.mailbox.org (Postfix) with ESMTPS id 4gPstb3dcrzDrqx; Tue, 26 May 2026 14:45:59 +0200 (CEST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=mandelbit.com; s=MBO0001; t=1779799559; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:cc:mime-version:mime-version: content-transfer-encoding:content-transfer-encoding: in-reply-to:in-reply-to:references:references; bh=Nx9PlGRrQ+xzXm4gen2I/NdhH3MCs3z5a5q3sWzBPGQ=; b=qK+cV2ORIx9d8P10GGgN32lhjEiw/XTVlU1/jvTH24v5KuqpYBilJ+9oaBNjwjGQiy2R79 eFoE+A7MO0G7vg4uEUb3q9l3V1KMO/k8DaIsHWzUC0QQE7NjPjT/lKu7blcmZMRj2WnGgk 5Cd3LfVNk8NjGgTwt0wfuHXJYhQuEjKvw1VRJo7NayOnivJ7BCBrhsvPbHx4nP8l8sxVnv PYgtipQ15E/oZiykTjIq8W14wiG4cDq1rlP6ZEpZpmpGNzVM5JhqkTCnk1FBOWRIhAZ2lX /JCwTtxRfbSCzCUAiM5YhTV/aceNQZo01pSL3ieV74jNx0QWTvHXKT0wMkBwTQ== From: Ralf Lici To: openvpn-devel@lists.sourceforge.net Date: Tue, 26 May 2026 14:45:41 +0200 Message-ID: <20260526124544.425791-4-ralf@mandelbit.com> In-Reply-To: <20260526124544.425791-1-ralf@mandelbit.com> References: <20260526124544.425791-1-ralf@mandelbit.com> MIME-Version: 1.0 X-Spam-Score: -0.2 (/) X-Spam-Report: Spam detection software, running on the system "sfi-spamd-1.hosts.colo.sdot.me", has NOT identified this incoming email as spam. The original message has been attached to this so you can view it or label similar future email. If you have any questions, see the administrator of that system for details. Content preview: ovpn validates UDP peer remotes against the socket family when the remote endpoint is configured through netlink. The socket itself, however, remains owned by userspace and some socket options can sti [...] Content analysis details: (-0.2 points, 5.0 required) pts rule name description ---- ---------------------- -------------------------------------------------- -0.1 DKIM_VALID Message has at least one valid DKIM or DK signature -0.1 DKIM_VALID_EF Message has a valid DKIM or DK signature from envelope-from domain -0.1 DKIM_VALID_AU Message has a valid DKIM or DK signature from author's domain 0.1 DKIM_SIGNED Message has a DKIM or DK signature, not necessarily valid X-Headers-End: 1wRrAh-0007ZQ-TB Subject: [Openvpn-devel] [PATCH ovpn net 4/4] ovpn: recheck UDP socket family before transmit X-BeenThere: openvpn-devel@lists.sourceforge.net X-Mailman-Version: 2.1.21 Precedence: list List-Id: List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Errors-To: openvpn-devel-bounces@lists.sourceforge.net X-getmail-retrieved-from-mailbox: Inbox X-GMAIL-THRID: 1866255129006963850 X-GMAIL-MSGID: 1866255129006963850 ovpn validates UDP peer remotes against the socket family when the remote endpoint is configured through netlink. The socket itself, however, remains owned by userspace and some socket options can still change the family seen by the transmit path. For example, IPV6_ADDRFORM can turn an AF_INET6 socket into AF_INET after ovpn accepted an IPv6 remote. Conversely, IPV6_V6ONLY can make a dual-stack AF_INET6 socket unable to send to an IPv4 remote. Recheck the socket family in ovpn_udp_output before selecting the UDP transmit path. Drop the packet with -EAFNOSUPPORT when the peer remote family no longer matches the socket state. Fixes: 08857b5ec5d9 ("ovpn: implement basic TX path (UDP)") Signed-off-by: Ralf Lici --- drivers/net/ovpn/udp.c | 13 ++++++++++--- 1 file changed, 10 insertions(+), 3 deletions(-) diff --git a/drivers/net/ovpn/udp.c b/drivers/net/ovpn/udp.c index 2610f3e23bf0..9a3d3dc11235 100644 --- a/drivers/net/ovpn/udp.c +++ b/drivers/net/ovpn/udp.c @@ -320,18 +320,25 @@ static int ovpn_udp_output(struct ovpn_peer *peer, struct dst_cache *cache, goto out; } + ret = -EAFNOSUPPORT; switch (bind->remote.in4.sin_family) { case AF_INET: + /* userspace might have set IPV6_ONLY */ + if (unlikely(READ_ONCE(sk->sk_family) == AF_INET6 && + ipv6_only_sock(sk))) + break; + ret = ovpn_udp4_output(peer, bind, cache, sk, skb); break; #if IS_ENABLED(CONFIG_IPV6) case AF_INET6: + /* userspace might have set IPV6_ADDRFORM */ + if (unlikely(READ_ONCE(sk->sk_family) != AF_INET6)) + break; + ret = ovpn_udp6_output(peer, bind, cache, sk, skb); break; #endif - default: - ret = -EAFNOSUPPORT; - break; } out: