On 10/01/17 22:35, Steffan Karger wrote:
>> @@ -5154,7 +5194,8 @@ add_option(struct options *options,
>> {
>> options->plugin_list = plugin_option_list_new(&options->gc);
>> }
>> - if (!plugin_option_list_add(options->plugin_list, &p[1],
>> &options->gc))
>> + if (!plugin_option_list_add(options->plugin_list, &p[1], is_inline,
>> + &options->gc))
> Can we inline a plugin? I wouldn't think so, but I've been surprised by
> our option parser before ;-) (Arne or David might know this.)Oh dear ... No it should be possible to inline a plug-in. Our code uses dlopen() to load plug-ins, which expects a full path. So I would expect to see dlopen() fail. And no, we should not ever be able to inline a plug-in. I'll probably get nightmares this night due to all the potential security issues related to this. Neither should any of the script-hooks be possible to inline. > If not, you don't need to add the is_inline argument to > plugin_option_list_add(), but just add a 'false' when someone down the > chain calls make_extended_arg_array(). Yes, that sounds reasonable. -- kind regards, David Sommerseth OpenVPN Technologies, Inc
signature.asc
Description: OpenPGP digital signature
------------------------------------------------------------------------------ Developer Access Program for Intel Xeon Phi Processors Access to Intel Xeon Phi processor-based developer platforms. With one year of Intel Parallel Studio XE. Training and support from Colfax. Order your platform today. http://sdm.link/xeonphi
_______________________________________________ Openvpn-devel mailing list [email protected] https://lists.sourceforge.net/lists/listinfo/openvpn-devel
