Acked-by: Gert Doering <g...@greenie.muc.de>
As agreed on the security@ list - this covers all possible leaks, and
is fully "normal OpenVPN style". I didn't test actual file creation
failures, but I *did* test regular server operation with plugins and
scripts, and that all still works fine.
As instructed, I've fixed the "Trial" to read "Trail of Bits" :-)
Your patch has been applied to the master and release/2.6 branch.
release/2.5 and older do not contain this code (no async/deferred
--verify-auth-user-pass scripts yet) - that was only added in 2021
via commit 28e6103096ae8.
commit 0567da5377704cf64bd2599f2d49aa478d386941 (master)
commit cdfdfb3da0ce714f43b23f679a8ef9b36ab9f370 (release/2.6)
Author: David Sommerseth
Date: Thu Dec 15 20:01:37 2022 +0100
ssl_verify: Fix memleak if creating deferred auth control files fails
Signed-off-by: David Sommerseth <dav...@openvpn.net>
Signed-off-by: Arne Schwabe <a...@rfc2549.org>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20221215190143.2107896-3-a...@rfc2549.org>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25737.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
