2183 commits

Author	SHA1	Message	Date
Arne Schwabe	4472265ea2	Ensure that buffer of freed session are not used ... In a race condition an old TLS session could still try to send a packet but also get replaced by a new session. In this case, the buffer of the new session is still referenced. Add the check_session_buf_not_used function to mitigate this problem. Also make the check if the to_link pointer is in one of the memory regions a bit better even though this not make a difference with the way we use these structs. But better safe than sorry. A better solution to remove the TM_INITIAL state and handle reconnecting session in their own complete tls_multi is a more involved fix that requires a lot more refactoring. CVE: 2026-40215 Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) Reported-By: Guannan Wang (wgnbuaa@gmail.com Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) Reported-By: Guancheng Li (lgcpku@gmail.com) Signed-off-by: Arne Schwabe <arne@rfc2549.org> Change-Id: I7c5fa2a7a2563b7a8955d386411f3ceffe5b092f Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/112 Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit b2a15fb84d85790eeae4a2e12b431cbfd0b0302f)	2026-04-22 09:16:23 +02:00
Steffan Karger	0dc820fe1d	tls-crypt-v2: Avoid interpreting opcode as part of WKc ... The buffer we pass to tls_crypt_v2_extract_client_key contains the entire received control channel packet. We should skip the opcode before trying to read WKC. This logic error is a second bug behind the XlabAI finding, next too the too-strict ASSERT in tls_crypt_unwrap. Also remove a too strict ASSERT in tls_crypt_unwrap. We already check a few lines later for a too short packet and return a proper error ("packet too short"). XlabAI found a way of triggering this ASSERT that requires a tls-crypt-v2 client key that has a specific property (a specific byte need to have a specific value, about 1/256 probability). If an attacker can get hold of such a tls-crypt-v2 client key or observe a handshake using such a key, the attacker can trigger the ASSERT, crashing the server. Setups that do not use tls-crypt-v2 are not affected. Independently, Cisco Talos reported a way to trigger this ASSERT with any tls-crypt-v2 key but this requires the attacker to be also in possession of the private key part of the tls-crypt-v2 client key or to inject packet into a live session of a client session. CVE: 2026-35058 Reported-By: XlabAI Team of Tencent Xuanwu Lab (xlabai@tencent.com) Reported-By: Guannan Wang (wgnbuaa@gmail.com Reported-By: Zhanpeng Liu (pkugenuine@gmail.com) Reported-By: Guancheng Li (lgcpku@gmail.com) Reported-By: Emma Reuter of Cisco ASIG (TALOS-2026-2381) Signed-off-by: Steffan Karger <steffan@karger.me> Signed-off-by: Arne Schwabe <arne@rfc2549.org> Change-Id: I623733c0476c98f436d19009ee8990693c1579b5 Private-URL: https://github.com/OpenVPN/openvpn-private-issues/issues/111 Acked-by: Gert Doering <gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 18270324a5fd43122ca1b8c29b224c5dd5905429)	2026-04-22 09:16:23 +02:00
Ralf Lici	adece45628	dco-linux: enforce ifindex only for DEL_PEER notifications ... The unconditional ifindex check introduced by commit e78a8af2f5 rejects legitimate kernel replies, specifically peer stats responses, because those messages do not carry OVPN_ATTR_IFINDEX. Move the check into ovpn_handle_del_peer() so it applies only to spontaneous DEL_PEER notifications from the kernel. This keeps response handling working while still filtering foreign-instance notifications. Fixes: e78a8af2f5 ("dco: backport immediate notification processing on Linux and FreeBSD") Github: closes OpenVPN/openvpn#1020 Change-Id: I9b1f4fd06c8a02d3f51b6a3bdea2f92191669660 Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1636 Message-Id: <20260422055636.20691-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36721.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-22 08:49:20 +02:00
Ralf Lici	e78a8af2f5	dco: backport immediate notification processing on Linux and FreeBSD ... Backport the immediate DCO message processing model from commit 7791f53 ("dco: process messages immediately after read"). Change the core DCO API from dco_do_read() to dco_read_and_process(), and make the backend read paths own the parsing and immediate handling of kernel notifications before handing the resulting state to process_incoming_dco() or multi_process_incoming_dco(). On Linux, install a permanent netlink callback and process GET_PEER and DEL_PEER messages as they are received, instead of switching callbacks for each read and deferring handling through shared DCO message state. Also add a small guard to avoid requesting peer stats while libnl is still parsing a batch of notifications. On FreeBSD, move notification handling into dco_read_and_process() and update peer statistics directly from the backend instead of storing temporary byte counters in dco_context_t. This commit is part of a reworked backport of PR #945 originally proposed by Nikolai Shelekhov <nickshv13@icloud.com>. Github: OpenVPN/openvpn#900 Github: OpenVPN/openvpn#918 Github: OpenVPN/openvpn#931 Github: fixes OpenVPN/openvpn#919 Github: closes OpenVPN/openvpn#945 Change-Id: I92c5f74a27b40fede204f714b042a6cc80b3703e Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1632 Message-Id: <20260421084906.5720-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36707.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-21 15:31:10 +02:00
Ralf Lici	876a8cf5fd	dco: port core/context infrastructure needed for backport of commit 7791f53 ... Change ovpn_dco_init() to take a reference to struct context, add a backlink from the platform DCO contexts to the owning openvpn context, and store the top multi context in struct context for server mode. This prepares the tree for the follow-up backend changes from commit 7791f53 ("dco: process messages immediately after read") where Linux and FreeBSD process DCO notifications directly from their backend read paths. It is part of a reworked backport of PR #945 originally proposed by Nikolai Shelekhov <nickshv13@icloud.com>. The original commits in master are commit a699681bb8 Author: Antonio Quartulli <antonio@mandelbit.com> Date: Wed Jul 23 15:39:11 2025 +0200 dco: only pass struct context to init function commit 7f5a6deae3 Author: Antonio Quartulli <antonio@mandelbit.com> Date: Wed Jul 23 08:10:25 2025 +0200 multi: store multi_context address inside top instance Change-Id: I974e10ec91a0b63f52387f1406ce1b49145eb0be Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1631 Message-Id: <20260420165923.14226-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36691.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-04-21 08:26:28 +02:00
Frank Lichtenheld	246bc0e8d0	openvpnmsica: Fix setting of iTicks in schedule_adapter_delete ... Increase the integer, not the pointer. Found by cppcheck. Change-Id: I4d6501ddfb321f57a76841f29ff92c5a412908bb Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1608 Message-Id: <20260404203525.30790-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36476.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 4494a34396)	2026-04-05 12:17:28 +02:00
Ralf Lici	ea8185ca76	management: stop bytecount on client disconnection ... When a management interface client requests periodic bytecount notifications, openvpn continues to emit them even after the client has disconnected. Additionally, upon reconnecting, the client starts receiving these notifications without having issued a new bytecount command. Stop the periodic bytecount operation when the management interface client disconnects, preventing unnecessary stats polling when using DCO and ensuring that clients only receive notifications they have explicitly requested. Change-Id: I6bdded6c70596b69428e6a00a405ac3cedc405fa Signed-off-by: Ralf Lici <ralf@mandelbit.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1533 Message-Id: <20260302163557.18358-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35825.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry-picked from fccdb21733)	2026-03-05 10:09:41 +01:00
Gert Doering	a89186242f	dco_freebsd: use AF_LOCAL sockets for ioctl() communication with DCO driver ... DCO FreeBSD uses ioctl() calls for userland -> driver communication, on a socket() file descriptor. The original code uses AF_INET sockets, which fails if using a kernel compiled without IPv4 support. The kernel side ioctl() handling does not differentiate between AF_INET, AF_INET6 and AF_LOCAL sockets, and only the latter are guaranteed to be present. While add it, add a clear message if the socket() call in dco_available() fails (it will lead to disabling of DCO). FreeBSD PR: https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=286263 Reported-by: Marek Zarychta <zarychtam@plan-b.pwste.edu.pl> Change-Id: I84fe7a11391eafde3660d25a3c99094a0c525f3d Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1551 Message-Id: <20260227224745.3175-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35795.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 5f19355d15)	2026-02-28 10:25:53 +01:00
Arne Schwabe	a2037b2641	DCO Linux: Fix setting DCO ifmode failing on big endian archs ... The problem is that SITNL_ADDATTR is not forcing type safety and on big endian architcutre passing a smaller size than the underlying integer type of data causes only the more significant byte(s) to be passed instead. A proper fix would be to add specific methods for common integer types like SITNL_ADDATTR_u8, SITNL_ADDATTR_u16, SITNL_ADDATTR_u32 like netlink library does with NLA_PUT_U32, NLA_PUT_U16, NLA_PUT_U8. Change-Id: I560f45fb0011180be8ca2b0e7fbc63030fa10f35 Github: closes OpenVPN/ovpn-dco#96 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1547 Message-Id: <20260219110954.21471-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35752.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit b3e0e8696b)	2026-02-19 16:48:44 +01:00
Frank Lichtenheld	7ec8cbe636	auth-pam: fix discards 'const' qualifier from pointer target type ... strstr now returns const char*. Change-Id: I632368451923116e0a169ddb5b6e86a8f8486afc Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1543 Message-Id: <20260218214712.27119-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35728.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit eeaedd1362)	2026-02-19 10:34:02 +01:00
Rudi Heitbaum	7cf6e1f8dc	dns: fix discards 'const' qualifier from pointer target type ... Since glibc-2.43: For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return pointers into their input arrays now have definitions as macros that return a pointer to a const-qualified type when the input argument is a pointer to a const-qualified type. fixes: src/openvpn/dns.c: In function 'dns_server_addr_parse': src/openvpn/dns.c:67:25: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 67 | char *first_colon = strchr(addr, ':'); | ^~~~~~ src/openvpn/dns.c:68:24: warning: initialization discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 68 | char *last_colon = strrchr(addr, ':'); | ^~~~~~~ Change-Id: I262705189edfbd9aa9a32bcd712840fffa592435 Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1542 Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20260218214738.27158-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35730.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 0157e7fb8a)	2026-02-19 10:19:31 +01:00
Rudi Heitbaum	b5087dcf3f	ntlm: fix discards 'const' qualifier from pointer target type ... Since glibc-2.43: For ISO C23, the functions bsearch, memchr, strchr, strpbrk, strrchr, strstr, wcschr, wcspbrk, wcsrchr, wcsstr and wmemchr that return pointers into their input arrays now have definitions as macros that return a pointer to a const-qualified type when the input argument is a pointer to a const-qualified type. fixes: src/openvpn/ntlm.c: In function 'ntlm_phase_3': src/openvpn/ntlm.c:241:15: warning: assignment discards 'const' qualifier from pointer target type [-Wdiscarded-qualifiers] 241 | separator = strchr(p->up.username, '\\'); | ^ Change-Id: I2703f15144661f9cadfc8750884db270f3a5bfc6 Signed-off-by: Rudi Heitbaum <rudi@heitbaum.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1546 (cherry picked from commit 720c2e97f609bf7bb7e628ddfa7d3e3783afa676) Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20260218214437.26912-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35723.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-02-19 10:17:06 +01:00
Gert Doering	172fe07129	tunnel_server_*(): close correct inotify fd ... On a full SIGUSR1 restart of a p2mp server compiled with --enable-async-push, tunnel_server_{udp,tcp}() will try to close and reopen the "inotify" control file descriptor. For whatever reason, the original code referenced the wrong context, always closing fd 0. As a consequence of this, on the second SIGUSR1 restart, the server will close() the first active socket file descriptor, and if there are active DCO clients, the resulting event confusion will lead to an ASSERT(!mi->halt). Fix by closing the correct FD. Add logging. This is a backport of commit 5521872f80 to the "old p2mp code" with a separate mudp.c and mtcp.c for UDP and TCP servers, respectively. Github: fixes OpenVPN/openvpn#966 Change-Id: Idcb1421b9f7fcbee9620fd1d45cceab050751373 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1499 Message-Id: <20260128150640.13867-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35493.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-29 18:28:32 +01:00
Frank Lichtenheld	bb27e40799	manage: Do not trigger actions on management disconnect if not authenticated ... If the management interface requires authentication via password and the remote did not specify it, do not do trigger actions requested by --management-forget-disconnect and --management-signal on disconnect. Reported-By: Joshua Rogers <contact@joshua.hu> Found-By: ZeroPath (https://zeropath.com) Github: openvpn-private-issues#5 Change-Id: I575d65912ce9065a0b0868e73998b4a9aece62af Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1484 Message-Id: <20260122125707.108048-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35390.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 4bf05d487c)	2026-01-27 15:22:05 +01:00
Brandon Currell	30041d6c40	Add check for bind-dev in DCO options ... Github: OpenVPN/openvpn#683 Change-Id: I5d5fca3f5f7a724b4f9ec98832d3a785459f36a5 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1447 Message-Id: <20260114160238.31321-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35260.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2026-01-14 19:31:32 +01:00
Gert Doering	fae4a9e3f5	Repair interaction between DCO and persist-tun after reconnection ... When --persist-tun is active, openvpn userland on Linux and FreeBSD fails to re-enable "poll for DCO events" after a reconnect (e.g. triggered by a ping timeout). The reconnect will still work fine, but the *next* DCO event notification from the kernel will not be received by OpenVPN userland, and so the system will get into an inconsistent state (Userland assumes "all is well", kernel DCO has disconnected the peer, connection is broken until the next tls-renegotion and/or manual restart, *and* the next DCO key setup might fail due to "peer id gone"). This only affects client side, --server tun is always "persistent", and there is no "full restart" (and the code path in question is also only used for client and p2p server). The root cause is an incorrect check for "is this interface up?" when calling dco_event_set() in forard.c::io_wait() - "c2.did_open_tun" is only true if the tun interface was actually configured on this reconnect, which it isn't if --persist-tun is active. Replace with a check for "do we have a tuntap structure, and if yes, do we have active DCO?" which reflects the original intent much better. The original code also had a check for "out_socket & EVENT_READ" there, which did to some extend avoid calling dco_event_set() for every single UDP packet sent and received by userland - but this only worked on initial connection, and is always true on reconnect, so this condition was removed for simplicity. We should come back here... v2: - some language fixes on the commit message - do not check ->dco.open in forward.c, as this is not available if not on FreeBSD, or if compiled with --disable-dco. FreeBSD DCO does the "if (!dco || !dco->open)" check in dco_event_set() anyway, so it's not needed, and Linux DCO has "dco->nl_sock", which is also reliably set/unset, and checked by dco_event_set() already. Github: OpenVPN/openvpn#947 Change-Id: Idbd0a47ba4d297a833a350611a23f19fd9a797b5 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1473 Message-Id: <20260114112403.7046-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35239.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 52c3b435b1)	2026-01-14 12:37:28 +01:00
Frank Lichtenheld	d8a30a5bf2	multi: Warn about failing read in multi_process_file_closed() ... Handle failure explicitly instead of the implicit handling by "while (buffer_i < r)". Backport of 18d1b1fe00 and the relevant type fix of 5e5ead5ba0 Reported-by: Marc Heuse <marc@srlabs.de> Github: openvpn-private-issues#101 Change-Id: I950863eeba67b8c006c794245a1a08752cd79fb0 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1444 Message-Id: <20251216111544.27133-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35113.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-12-29 17:09:38 +01:00
Lev Stipakov	3aacb621b5	tun.c: set IPv4 address temporary on Windows ... Use store=active to set IPv4 address temporary so that it will be removed on reboot. This makes the behavior consistent with deletion and IPv6, where we already use store=active. https://learn.microsoft.com/en-us/windows-server/administration/windows-commands/netsh-interface GitHub: fixes OpenVPN/openvpn#915 Change-Id: I07311f397e6cd278b90c33f024e927c282cd03e4 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1430 Message-Id: <20251210075906.27693-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34975.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 93c9b47cb0)	2025-12-10 10:01:50 +01:00
Klemens Nanni	09c35f8421	Prevent crash on invalid server-ipv6 argument ... `get_addr_generic()` expects `openvpn_getaddrinfo()` to return a newly allocated struct, but getaddrinfo(3) failure leaves `*ai = NULL` as-is. On OpenBSD, unlike free(3), freegetaddrinfo(3) requires a valid struct, thus callers must check the argument to avoid NULL-deref or double-free: ``` $ openvpn --server-ipv6 '' 2025-12-06 11:59:18 RESOLVE: Cannot resolve host address: :[AF_INET6] (no address associated with name) Segmentation fault (core dumped) ``` Guard against empty `ai`, i.e. failure, like similar code already does: ``` $ ./openvpn --server-ipv6 '' 2025-12-06 12:05:11 RESOLVE: Cannot resolve host address: :[AF_INET6] (no address associated with name) Options error: error parsing --server-ipv6 parameter Use --help for more information. ``` Spotted through a configuration typo "server-ipv6 fd00:/64" with 2.6.17, reproduced with and tested against 2.7rc3 on OpenBSD/amd64 7.8-current. NB: Standards are unclear wrt. freeaddrinfo(3)'s NULL handling; Linux, FreeBSD and illumos do check it and thus not crash. Github: fixes OpenVPN/openvpn#930 Change-Id: I99a6604fdfc682f9609bfe7672aa78285084dcb9 Signed-off-by: Klemens Nanni <kn@openbsd.org> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1418 Message-Id: <20251207210529.9949-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34870.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 0ff66c056f)	2025-12-08 12:32:48 +01:00
Lev Stipakov	29d8eccfac	interactive.c: harden pipe handling against misbehaving clients ... - Handle ConnectNamedPipe ERROR_NO_DATA as a normal connect/drop race: log the drop, disconnect/reset that instance, and keep listening instead of letting a trivial local DoS stop the service. - Add a timed peek for startup data so a client that connects and sends nothing is timed out (IO_TIMEOUT) and rejected, instead of leaving a worker thread blocked forever and piling up handles. - Protect the accept loop from resource exhaustion: before spawning a worker, check the wait set and reject the client if adding another handle would exceed MAXIMUM_WAIT_OBJECTS; also skip FlushFileBuffers when no startup data was received to avoid hangs on silent clients. Without these fixes, a malicious local windows user can make the OpenVPN Interactive Service exit-on-error, thus breaking all OpenVPN connections until the service is restarted (or the system rebooted). Thus this has been classified as "local denial of service" and CVE-2025-13751 has been assigned. The patch in release/2.6 and release/2.5 is identical to the commit in 2.7_rc3, except for context diffs (formatting change) and L"" to TEXT("") adjustments. CVE: 2025-13751 Change-Id: Id6a13b0c8124117bcea2926b16607ef39344015a Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Selva Nair <selva.nair@gmail.com>	2025-11-27 12:04:19 +01:00
Selva Nair	f410584205	Restrict access to the service pipe to SYSTEM and owner ... Access is restricted to SYSTEM and pipe client user (the user starting openvpn.exe). The default is full access to Administrtors, owner, and read access to everyone. This hardens the pipe further. Change-Id: I8aa1cf1585e2320fca9329bdd0227976606fe71e Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1402 Message-Id: <20251124183911.24851-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34656.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-11-25 09:59:47 +01:00
Selva Nair	a8fb9f6443	Harden interactive service pipe ... - Append a version 4 uuid to ovpn_pipe_name to make it less predictable - Do not allow remote access to the pipe This greatly reduces the possibility of a rogue process racing to open the pipe before CreateFile() is called in the worker thread. Reported-by: Marc Heuse <marc@srlabs.de> Change-Id: Ie66a142751354e421d48b273784fc79bcb9f7208 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1401 Message-Id: <20251124183839.24803-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34654.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-11-25 09:50:26 +01:00
Arne Schwabe	fa6a1824b0	Fix memcmp check for the hmac verification in the 3way handshake being inverted ... This is a stupid mistake but causes all hmac cookies to be accepted, thus breaking source IP address validation. As a consequence, TLS sessions can be openend and state can be consumed in the server from IP addresses that did not initiate an initial connection. While at it, fix check to only allow [t-2;t] timeslots, disallowing HMACs coming in from a future timeslot. Github: OpenVPN/openvpn-private-issues#56 CVE: 2025-13086 Reported-By: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Reported-By: stefan@srlabs.de Change-Id: I9cbe2bf535575b47ddd7f34e985c5c1c6953a6fc Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Max Fillinger <max@max-fillinger.net> (cherry picked from commit 68ec931e7fb4af11d5ba0d4283df0350083fd373)	2025-11-17 09:36:46 +01:00
Arne Schwabe	4e31670b1e	Fix construction of invalid pointer in tls_pre_decrypt ... In tls_pre_decrypt we construct a pointer ks with an invalid i if i is TM_SIZE, doing a out-of-bounds read in multi->session. This is a something that exists at least since 2.3.0 (I didn't go further back but probalby exists in earlier version as well as the commits date back to SVN beta21 branch). So we construct the pointer but do not do anything with it if it is invalid as we check i *after* we construct the pointer `ks`. I suspect that the compiler optimises the bug away in any higher optimisation level. Assuming there is no optimisation, let's check what is possible. Since we never use the value `ks` if it is invalid, we do not have worry if it ends up invalid or not. The only thing that we have to worry about is whether `session + offsetof(struct tls_session, key[KS_PRIMARY])` is pointing to memory that is valid to read to construct the `ks` pointer. This is outside the tls_multi struct, so this is not guaranteed to be allocated memory but at the same time it is also only few bytes (or few tens/hundred) after the struct, so it the propability is very high that it will be be in a memory region that will not cause a segfault on read. Every time this condition is hit and we construct the invalid pointer, the log message "TLS Error: Unroutable control packet received" is printed at `verb 1` or higher. And this is a quite common log message, which serves as indication as well that a crash is not something that typically happens but either the optimisation fixes or the memory region of the invalid access is valid to read from. Based on this this was categorized as "bug, but no way to exploit this, thus no CVE". Change-Id: Ided1ac7c804487055b175d8766535bead257b7d5 Reported-By: Jon Chiappetta <root@fossjon.com> Reported-By: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1373 Message-Id: <20251112141335.17417-1-gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 5cdf3f9724)	2025-11-12 15:44:05 +01:00
Selva Nair	21d6b663d3	Use correct undo_list when clearing DNS addresses ... Reported by: <aarnav@srlabs.de> Change-Id: Iafac2b8f319457de8e36b427f26ebc27c040c6f7 Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Lev Stipakov <lstipakov@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1344 Message-Id: <20251103212523.31409-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34171.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 59fed2ad12)	2025-11-04 09:09:08 +01:00
Selva Nair	a7f5f570bf	openvpnserv: Disallow stdin as config unless user is authorized ... Reported by: <stephan@srlabs.de> Change-Id: I356faeebfade1eed9b40d6700b13621c357ec5ac Signed-off-by: Selva Nair <selva.nair@gmail.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1343 Message-Id: <20251103150002.23187-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34156.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit a3d8c40260)	2025-11-03 16:19:25 +01:00
Heiko Hund	e02fa39398	iservice: use interface index with netsh ... We use the interface index with netsh everywhere else, so convert the remaining invocations of netsh to index use as well. Change-Id: I5cf45cfe0567da8fb5d47118a432a35b358f3809 Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Lev Stipakov <lstipakov@gmail.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1337 Message-Id: <20251103091525.22108-1-gert@greenie.muc.de> Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-11-03 13:48:51 +01:00
Heiko Hund	5b5fdb05d9	iservice: check return value of MultiByteToWideChar ... If the first call to MultiByteToWideChar returns 0, something must have failed, because it returns the required buffer size including the terminating zero. When it does return 0, just return NULL and indicate that the call to utf8to16(_size) failed. Found by ZeroPath. Reported-By: Joshua Rogers <contact@joshua.hu> Change-Id: I92804da010bab36cd0326759c04f955f2bda74de Signed-off-by: Heiko Hund <heiko@ist.eigentlich.net> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1306 Message-Id: <20251030194736.2151-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34071.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit fdd4072541)	2025-10-30 22:13:50 +01:00
Arne Schwabe	da394db747	fix key_state_gen_auth_control_files probably checking file creation ... When the auth_failed_reason_file was added, it was forgotten to also add it to the conditions that determine if the file creation was successful. Reported-by: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I94d2bdd234a1c416b78924d044bf7e57f1bed8c4 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1327 Message-Id: <20251030193940.1295-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34067.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 2f8cbf5bc9)	2025-10-30 21:57:23 +01:00
Joshua Rogers	2aa8550d44	tcp: apply CLOEXEC to accepted socket, not listener ... The accept path calls set_cloexec(sd) after accept(). That re-flags the listening socket, which is already CLOEXEC from create_socket_tcp(), and leaves new_sd inheritable. As a result, client-connect and auth scripts spawned after accept can inherit the connected socket and read or write the raw TCP stream. This defeats the stated intent to prevent scripts from accessing the client socket. This bug was found using ZeroPath. Signed-off-by: Joshua Rogers <MegaManSec@users.noreply.github.com> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <-MNw5Hu8h0rHV18x36ISt7V0UHchIO4i-JoAeV_wlxS1AmDIAe7YVYNput3_r2hiu3HhwxkhGyUhv4-iH_E7mf7nGjvocmGXlDq7Tjly5cE=@joshua.hu> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33823.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit c0d96fd873)	2025-10-28 18:13:17 +01:00
Antonio Quartulli	12a2e88b9e	sitnl: set FD_CLOEXEC on socket to prevent abuse ... Since OpenVPN spawns various child processes, it is important that sockets are closed after calling exec. The sitnl socket didn't have the right flag set, resulting in it surviving in, for example, connect/disconnect scripts and giving the latter a chance to abuse the socket. Ensure this doesn't happen by setting FD_CLOEXEC on this socket right after creation. Reported-by: Joshua Rogers <contact@joshua.hu> Found-by: ZeroPath (https://zeropath.com/) Change-Id: I54845bf4dd17d06cfc3b402f188795f74f4b1d3e Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1314 Message-Id: <20251028162843.18189-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33952.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit b9b5470521)	2025-10-28 17:34:22 +01:00
Steffan Karger	e83c63f581	ssl_mbedtls: fix missing perf_pop() call ... This was triggered by a bug report submitted by Joshua Rogers, who used ZeroPath to discover we missed a perf_pop() call in one of the error paths of ssl_mbedtls.c. Move an existing perf_pop call a bit upwards to fix that. The perf code is always disabled by ENABLE_PERFORMANCE_METRICS being commented out in perf.h. There is no configure flag. None of the active developers remembers using it and the git log shows no actual code changes since at least the project structure overhaul of 2012. So this has no real-world impact. Change-Id: I5b6881dc73358c8d1249ee2ceb968ede295105b0 Signed-off-by: Steffan Karger <steffan@karger.me> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1305 Message-Id: <20251026143521.13291-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33870.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-27 10:45:50 +01:00
Arne Schwabe	0848531640	Do not try to use the encrypt-then-mac ciphers from OpenSSL 3.6.0 ... These ciphers claim to be CBC but since they are also include an HMAC are more a mix of AEAD and CBC. Nevertheless, we do not support these and also have no (good) reason to support them. Change-Id: Iafe3c94b952cd3fbecf6f3d05816e5859f425e7d Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1295 Message-Id: <20251023153514.18691-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33849.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-23 17:48:36 +02:00
Frank Lichtenheld	cf6c12f92a	route: Add #endif comment for uncrustify compliance ... Cherry-pick dca6b03098 broke uncrustify compliance. Apparently this one added line pushed it over the limit to require the #endif comment. Change-Id: I46d0e4be82a5cc7e466d6e8f658e5b131b5401c4 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1284 Message-Id: <20251017205730.8450-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33428.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-10-18 18:47:55 +02:00
Frank Lichtenheld	dca6b03098	route: Fix a unused-but-set-variable warning on OpenBSD ... So we could enable -Werror for OpenBSD builds. Change-Id: Ic971604beb1320d7b9d6121cd8e8519ccc1a7eb9 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: MaxF <max@max-fillinger.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1214 Message-Id: <20251004141935.17815-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59242246/ Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 9243ea8891)	2025-10-17 11:28:46 +02:00
Christian Kujau	ca1e632165	doc: HTTPS upgrades and URL fixes throughout the tree ... * HTTPS upgrades * 404 fixes, with hopefully better helpful links to the relevant documentation * some trailing white space fixes * resurrect utun-demo.c from a different source * Don't touch openvpn.doxyfile.in though, as it was autogenerated * Don't touch COPYING as it's an external license file * The openvpn.net URLs will be addressed some other time Signed-off-by: Christian Kujau <github@nerdbynature.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20251006144249.23672-3-lists@nerdbynature.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59242866/ Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 8c53b12ae6)	2025-10-13 17:41:41 +02:00
Sebastian Marsching	4e46e72721	Bugfix: Set broadcast address on interface. ... This fixes a problem that was introduced in OpenVPN 2.5. Previously, the ifconfig utility was used for adding the local address to an interface. This utility automatically sets the correct broadcast address based on the given unicast address and netmask. Due to switching to iproute and Netlink, this does not happen automatically any longer, which means that applications that rely on broadcasts do not work correctly. This patch fixes this issue both when using iproute (by telling iproute to set the broadcast address based on the local address and prefix) and when using Netlink (by calculating the correct broadcast address and setting it). Signed-off-by: Sebastian Marsching <sebastian-git-2016@marsching.com> Acked-by: Antonio Quartulli <antonio@openvpn.net> Message-Id: <20250915110507.20557-1-sebastian-git-2016@marsching.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33131.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 0df0edc49c)	2025-09-21 18:07:04 +02:00
Gert Doering	9d89e750d3	fix building of openvpnsrvmsg.dll from eventmsg.mc in mingw builds ... commit 06919a60ae introduces .mc files that need to be compiled to .h and .bin by the windows "mc.exe" tool, and from there into a new .dll. This worked for MSVC builds, did nothing for cmake/mingw builds, and broke compilation on autoconf/mingw builds. This patch consists of two parts: 1. add building of openvpnsrvmsg.dll to autoconf/mingw builds Add logic to configure.ac to find the "windmc" binary in the linux or mingw variants, add rules to src/openvpnserv/Makefile.am so make knows what to do. Libtool is getting in the way when "openvpnsrvmsg.dll" is created as anything listed in ...BIN or ...LIB, so decare it as "DATA" and make the necessary rules explicit. 2. fix building of openvpnsrvmsg.dll on cmake/mingw builds Fix "find_program()" invocation to avoid using "midnight commander" binary (mc) on Linux (called "windmc" there). Change from "-Wl,--noentry" to linker invocation that works. See also: https://learn.microsoft.com/en-us/cpp/build/creating-a-resource-only-dll?view=msvc-170 Change-Id: I071e8190dac28f429257b8af1c6f9e68f8896bc0 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1197 Message-Id: <20250919112424.24728-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33083.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 744a2bd556)	2025-09-19 13:57:41 +02:00
Lev Stipakov	7f6d228f8d	Makefile: fix 'make dist' ... Commit 6c3afe5 ("Validate DNS domain name before powershell invocation") has introduced a new header file but didn't add it to Makefile's SOURCES, breaking "make dist". Change-Id: I93406dd91694974df4ea087b9312ae2fafbc7fe7 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1201 Message-Id: <20250919113207.25440-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33085.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-19 13:38:23 +02:00
Lev Stipakov	6c3afe508b	Validate DNS domain name before powershell invocation ... Starting from commit d383d6e ("win: replace wmic invocation with powershell") we pass --dhcp-option DOMAIN value to a powershell command to set DNS domain. Without validation this opens the door to a command injection atack. This only allows domain names with characters: [A-Za-z0-9.-_\x80-\0xff] Change-Id: I7a57d7b4e84aa2b9c9e71e30520ed468b0e3c278 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1198 Message-Id: <20250918173447.32466-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33071.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-18 19:49:03 +02:00
Lev Stipakov	cabbf49ba2	openvpnserv: Fix writing messages to the event log ... There are two problems with the current implementation: - due to the code bug, we never display actual error message corresponding to the Windows error code. We use FORMAT_MESSAGE_ALLOCATE_BUFFER, in which case we must pass a pointer to the LPTSTR, not the LPTSTR itself. - The error is not displayed in the "General" tab, which is very confusing. One needs to go to the "Details" tab to see what is wrong. This commit solves both problems. We now display a proper error message in addition to the text provided by the service ("what went wrong"). While on it, remove trailing symbols ín a safer way. To display the message in "General" tab, we create a registered message file (openvpnservmsg.dll), which contains message template. Note that this requires changes to the installer - we need to install the new DLL and add a registry entry. GitHub: https://github.com/OpenVPN/openvpn/issues/842 Change-Id: I9b9f38e11b06701142bdc1339d9bedf080de5f86 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1185 Message-Id: <20250917090653.25510-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33008.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (backported from commit 06919a60ae)	2025-09-17 18:37:17 +02:00
Arne Schwabe	68c01720ee	Check message id/acked ids too when doing sessionid cookie checks ... This fixes that control packets on a floating client can trigger creating a new session in special circumstances: To trigger this circumstance a connection needs to - starts on IP A - successfully floats to IP B by data packet - then has a control packet from IP A before any data packet can trigger the float back to IP A and all of this needs to happen in the 60s time that hmac cookie is valid in the default configuration. In this scenario we would trigger a new connection as the HMAC session id would be valid. This patch adds checking also of the message-id and acked ids to discern packet from the initial three-way handshake where these ids are 0 or 1 from any later packet. This will now trigger (at verb 4 or higher) a messaged like: Packet (P_ACK_V1) with invalid or missing SID instead. Also remove a few duplicated free_tls_pre_decrypt_state in test_ssl. Reported-By: Walter Doekes <walter.openvpn@wjd.nu> Tested-By: Walter Doekes <walter.openvpn@wjd.nu> Change-Id: I6752dcd5aff3e5cea2b439366479e86751a1c403 Signed-off-by: Arne Schwabe <arne@rfc2549.org> Acked-by: MaxF <max@max-fillinger.net> Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1184 Message-Id: <20250916155258.6864-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32990.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (backported from commit 518e122b42)	2025-09-17 11:41:45 +02:00
Lev Stipakov	d383d6ed62	win: replace wmic invocation with powershell ... Since wmic has been recently deprecated and is absent on new systems, replace setting DNS domain "old-style" with powershell. Some changes to the service implementation: - remove action parameter and hardcode Set-DnsClient since this is the only used action - remove support of multiple domains, since we only pass a single domain (tuntap_options.domain) Github: fixes OpenVPN/openvpn#642 Change-Id: Iff2f4ea677fe2d88659d7814dab0f792f5004fb3 Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1183 Signed-off-by: Lev Stipakov <lev@openvpn.net> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20250915062013.2555-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32938.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-15 08:52:53 +02:00
Antonio Quartulli	520a58d51f	dco: add standard mi prefix handling to multi_process_incoming_dco() ... Our code generally expects functions that deal with a multi instance to set up a log prefix at the beginning with set_prefix(mi) and clear it at the end with clear_prefix(). Add the calls to multi_process_incoming_dco() in a similar way to what is done for multi_process_incoming_link() - handling "link events" and "dco events" the same, with correct prefix in the function and no leftover prefix afterwards. Github: closes OpenVPN/openvpn#799 Change-Id: I1ad5df0f6785ffe9becd9f83329a9335d1a36f24 Signed-off-by: Antonio Quartulli <antonio@mandelbit.com> Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Gert Doering <gert@greenie.muc.de> Message-Id: <20250911201222.25382-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32859.html URL: https://gerrit.openvpn.net/c/openvpn/+/1116 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 531fef40b7)	2025-09-12 18:20:09 +02:00
Gert Doering	a88c33f8db	remove newline characters at the end of msg() calls ... Unlike debugging with printf(), or msg() calls do not need or want a '\n' at the end of the string. Remove those that were overlooked. Change-Id: I889b53ed72efaec546a6609491fae9715726ea00 Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Frank Lichtenheld <frank@lichtenheld.com> Message-Id: <20250912131609.43444-1-frank@lichtenheld.com> URL: https://sourceforge.net/p/openvpn/mailman/message/59232448/ URL: https://gerrit.openvpn.net/c/openvpn/+/1180 Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 340b5b2d26)	2025-09-12 18:11:55 +02:00
Gert Doering	2c57936e8f	replace assert() calls with ASSERT() ... OpenVPN's ASSERT() macro will do a bit more than the standard-libc assert() call, namely print out which function and what expression failed, before calling _exit(1). Also, it can not be accidentially compiled-away (-DNDEBUG). Use of ASSERT() is generally only advised in cases of "this must not happen, but if it does, it's a programming or state corruption error that we must know about". Use of assert() is lacking the extra debug info, and as such, not advised at all. Change-Id: I6480d6f741c2368a0d951004b91167d5943f8f9d Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: mandree <matthias.andree@gmx.de> Message-Id: <20250907211252.23924-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32824.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit 88f8edbf75)	2025-09-08 12:21:56 +02:00
Kristof Provost	3c9fe88120	dco: support float notifications on FreeBSD ... this is a backport of commit b66b80b2ab and 796ad2c559 (squashed, as the second commit undoes quite a bit of #ifdef from the first) See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289303 for all the epic details... Change-Id: I53e6d1b31c4f673cb646716dce774ef3210f36bd Signed-off-by: Kristof Provost <kprovost@netgate.com> Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Ralf Lici <ralf@mandelbit.com> (cherry picked from commit b66b80b2ab) (cherry picked from commit 796ad2c559) Message-Id: <20250908083354.19811-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32827.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-08 12:09:29 +02:00
Ralf Lici	b0b123b3a7	dco: backport OS-independent part of peer float support ... This is a backport of commit cb8a0f6f57, which introduces float support for DCO linux, Windows, and the OS-independent parts. DCO linux/windows in 2.6 has no float support kernel-side, so this ignores all OS dependent parts, backporting just enough to add FreeBSD support in the next patch. One notable difference in the backport is that 2.6 has no multi-socket support, so all the "link_sockets[0]" occurances need to be changed back to "link_socket". See https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=289303 for all the epic details... Change-Id: Ib748e726eb84dcbe8a48b297d165dec80c0e578d Signed-off-by: Ralf Lici <ralf@mandelbit.com> Signed-off-by: Gert Doering <gert@greenie.muc.de> Acked-by: Ralf Lici <ralf@mandelbit.com> (cherry picked from commit cb8a0f6f57) Message-Id: <20250908081124.17933-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59230454/ Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-09-08 11:25:42 +02:00
Frank Lichtenheld	1fbbe91d29	dco linux: avoid redefining ovpn enums (2.6) ... Starting with Linux kernel version 6.16, a couple of ovpn-related enum definitions were introduced in the `include/uapi/linux/if_link.h` header. Redefining them in openvpn when they are already present in the system headers can lead to conflicts or build issues. This commit ensures that enum redefinitions are avoided by conditionally using the existing definitions from the system header when available. This is the port to release/2.6 based on commit 1d3c2b67a7. Change-Id: I41c5dfc7489352a9534ff6b1585a5a81e0623ab1 Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Antonio Quartulli <antonio@mandelbit.com> Message-Id: <20250801130302.372311-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32470.html Signed-off-by: Gert Doering <gert@greenie.muc.de>	2025-08-01 15:25:25 +02:00
Frank Lichtenheld	abd2e52a31	Fix compiler warning in reliable.c with --disable-debug ... Use the easy way out. Using pre-compiler to completely avoid n_active seems like overkill. Change-Id: Icad1a52d14311a6f06bda081cab2f4bded8d47ed Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com> Acked-by: Arne Schwabe <arne-openvpn@rfc2549.org> Message-Id: <20250711100405.240625-1-frank@lichtenheld.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32107.html Signed-off-by: Gert Doering <gert@greenie.muc.de> (cherry picked from commit fcd8f0f9fc)	2025-07-31 14:45:34 +02:00