Hi,
> That'll probably work with some extra sanity checks on the file name. > Ideally we should just pass the dev-node (empty if unspecified) and type of > device (TAP6 or WINTUN), but that will require a lot of duplication of > code in the service, as you noted. > > One option is to pass the device guid in case of tap or the index in case > of wintun and construct the path in the service. That requires very little > extra code. Otherwise a thorough sanitization of the path is required as > there could be obscure ways of breaking out using "..\" or otherwise, > though I'm not sure. Things like \\.\C:\..\D:\ works on Windows so I won't > take any chances. > You are right, just tested and one can escape global like this: \\.\Global\..\C:\lol.tap I'll do as you've proposed - pass a string which is either guid or number, a boolean flag (wintun/tap6) and add some validation. > PS. Just noticed you've already posted a v4 -- I haven't looked at it yet. > v5 is coming! -- -Lev
_______________________________________________ Openvpn-devel mailing list Openvpn-devel@lists.sourceforge.net https://lists.sourceforge.net/lists/listinfo/openvpn-devel
