[Openvpn-devel] [XS] Change in openvpn[master]: dco_linux: validate tun interface before fetching stats

Tue, 02 Sep 2025 20:55:50 -0700 

cron2 has submitted this change. ( 
http://gerrit.openvpn.net/c/openvpn/+/1166?usp=email )

Change subject: dco_linux: validate tun interface before fetching stats
......................................................................

dco_linux: validate tun interface before fetching stats

If dco_get_peer_stats() is called with an uninitialized c->c1.tuntap it
results in a segfault. This issue happens when a client who has not
connected to any server:
  - has --management and exits,
  - has --management and a management interface client issues either
    `bytecount` or `status` or
  - if SIGUSR2 is sent to it.

Add a check to ensure the tun interface was set up before attempting to
retrieve peer statistics.

Change-Id: I40c11864745cc1619cb9cbf490b168f90feb5eac
Signed-off-by: Ralf Lici <r...@mandelbit.com>
Acked-by: Gert Doering <g...@greenie.muc.de>
Message-Id: <20250902164521.23145-1-g...@greenie.muc.de>
URL: 
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32768.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
---
M src/openvpn/dco_linux.c
1 file changed, 7 insertions(+), 0 deletions(-)




diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c
index 6115d51..40674e7 100644
--- a/src/openvpn/dco_linux.c
+++ b/src/openvpn/dco_linux.c
@@ -1139,6 +1139,8 @@
 static int
 dco_get_peer(dco_context_t *dco, int peer_id, const bool raise_sigusr1_on_err)
 {
+    ASSERT(dco);
+
     /* peer_id == -1 means "dump all peers", but this is allowed in MP mode 
only.
      * If it happens in P2P mode it means that the DCO peer was deleted and we
      * can simply bail out
@@ -1182,6 +1184,11 @@
 int
 dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err)
 {
+    if (!c->c1.tuntap || c->c1.tuntap->dco.ifindex == 0)
+    {
+        return -1;
+    }
+
     return dco_get_peer(&c->c1.tuntap->dco, c->c2.tls_multi->dco_peer_id, 
raise_sigusr1_on_err);
 }


--
To view, visit http://gerrit.openvpn.net/c/openvpn/+/1166?usp=email
To unsubscribe, or for help writing mail filters, visit 
http://gerrit.openvpn.net/settings

Gerrit-Project: openvpn
Gerrit-Branch: master
Gerrit-Change-Id: I40c11864745cc1619cb9cbf490b168f90feb5eac
Gerrit-Change-Number: 1166
Gerrit-PatchSet: 3
Gerrit-Owner: ralf_lici <r...@mandelbit.com>
Gerrit-Reviewer: cron2 <g...@greenie.muc.de>
Gerrit-Reviewer: flichtenheld <fr...@lichtenheld.com>
Gerrit-Reviewer: plaisthos <arne-open...@rfc2549.org>
Gerrit-CC: openvpn-devel <openvpn-devel@lists.sourceforge.net>
Gerrit-MessageType: merged

_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel






















					Reply via email to