Re: [Openvpn-devel] [PATCH v2] Exclude peer-id from pulled options digest

Wed, 05 Oct 2016 05:33:07 -0700 

On 04-10-16 22:20, Lev Stipakov wrote:
> v2:
>  - Move digest update to separate method
> 
> Peer-id might change on restart and this should not trigger reopening
> tun.
> 
> Trac #649
> ---
>  src/openvpn/push.c | 45 ++++++++++++++++++++++++++++++---------------
>  1 file changed, 30 insertions(+), 15 deletions(-)
> 
> diff --git a/src/openvpn/push.c b/src/openvpn/push.c
> index a1b999e..c0c78a0 100644
> --- a/src/openvpn/push.c
> +++ b/src/openvpn/push.c
> @@ -597,6 +597,20 @@ process_incoming_push_request (struct context *c)
>  }
>  #endif
>  
> +static void
> +push_update_digest(md_ctx_t *ctx, struct buffer *buf)
> +{
> +  char line[OPTION_PARM_SIZE];
> +  while (buf_parse (buf, ',', line, sizeof (line)))
> +    {
> +      /* peer-id might change on restart and this should not trigger 
> reopening tun */
> +      if (strstr (line, "peer-id ") != line)
> +     {
> +       md_ctx_update (ctx, (const uint8_t *) line, strlen(line));
> +     }
> +    }
> +}
> +
>  int
>  process_incoming_push_msg (struct context *c,
>                          const struct buffer *buffer,
> @@ -636,21 +650,22 @@ process_incoming_push_msg (struct context *c,
>                                 permission_mask,
>                                 option_types_found,
>                                 c->c2.es))
> -         switch (c->options.push_continuation)
> -           {
> -           case 0:
> -           case 1:
> -             md_ctx_update (&c->c2.pulled_options_state, BPTR(&buf_orig), 
> BLEN(&buf_orig));
> -             md_ctx_final (&c->c2.pulled_options_state, 
> c->c2.pulled_options_digest.digest);
> -             md_ctx_cleanup (&c->c2.pulled_options_state);
> -             c->c2.pulled_options_md5_init_done = false;
> -             ret = PUSH_MSG_REPLY;
> -             break;
> -           case 2:
> -             md_ctx_update (&c->c2.pulled_options_state, BPTR(&buf_orig), 
> BLEN(&buf_orig));
> -             ret = PUSH_MSG_CONTINUATION;
> -             break;
> -           }
> +         {
> +           push_update_digest (&c->c2.pulled_options_state, &buf_orig);
> +           switch (c->options.push_continuation)
> +             {
> +               case 0:
> +               case 1:
> +                 md_ctx_final (&c->c2.pulled_options_state, 
> c->c2.pulled_options_digest.digest);
> +                 md_ctx_cleanup (&c->c2.pulled_options_state);
> +                 c->c2.pulled_options_md5_init_done = false;
> +                 ret = PUSH_MSG_REPLY;
> +                 break;
> +               case 2:
> +                 ret = PUSH_MSG_CONTINUATION;
> +                 break;
> +             }
> +         }
>       }
>        else if (ch == '\0')
>       {
> 

ACK

-Steffan

------------------------------------------------------------------------------
Check out the vibrant tech community on one of the world's most 
engaging tech sites, SlashDot.org! http://sdm.link/slashdot
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel

Reply via email to