Re: [Openvpn-devel] [PATCH v2] block-dns using iservice: fix a potential double free

Hi, Stared at the code and tested with/without Citrix DME (which caused crash) - code is now cleaner (add/delete separation) and no crash anymore. Next we will fix the driver :) Acked-by: Lev Stipakov ___ Openvpn-devel mailing list

Re: [Openvpn-devel] [PATCH 4/4] cryptoapi.c: simplify parsing of thumbprint hex string

Hi, On Wed, Feb 1, 2023 at 6:56 AM Frank Lichtenheld wrote: > On Sat, Jan 28, 2023 at 05:34:21PM -0500, selva.n...@gmail.com wrote: > > From: Selva Nair > > > > Signed-off-by: Selva Nair > > --- > > src/openvpn/cryptoapi.c | 44 +++-- > > 1 file changed,

[Openvpn-devel] [PATCH v2 3/4] cryptoapi.c: remove pre OpenSSL-3.01 support

From: Selva Nair - Require xkey-provider (thus OpenSSL 3.01+) for --cryptoapicert Note: Ideally we should also make ENABLE_CRYPTOAPI conditional on HAVE_XKEY_PROVIDER but that looks hard unless we can agree to move HAVE_XKEY_PROVIDER to configure/config.h. v2: use "binary" instead of

[Openvpn-devel] [PATCH v2] block-dns using iservice: fix a potential double free

From: Selva Nair - An item added to undo-list was not removed on error, causing attempt to free again in Undo(). Also fix a memory leak possibility in the same context. Github: fixes OpenVPN/openvpn#232 v2: Split add and delete functions and reuse the delete function for cleanup.

Re: [Openvpn-devel] [PATCH] block-dns using iservice: fix a potential double free

> > > Also I replaced 0x%x with %u in win_block_dns_service() for > consistency. You may want to do it in your patch too :) > We have at least another place where it's %x, so will leave that for another day. btw, shouldn't it be %d? Selva ___

[Openvpn-devel] [PATCH applied] Re: Changes.rst: document removal of --keysize

Acked-by: Gert Doering Does what it says on the lid, not much to test here :-) Your patch has been applied to the master branch. commit b2e49465e6b837d97ecb3a4edbc06aba00584381 (master) commit c8e94242e31cf94a12f6e897191548be5c4893fe (release/2.6) Author: Frank Lichtenheld Date: Wed Feb 1

[Openvpn-devel] [PATCH applied] Re: Add printing USAN stack trace on github actions

I haven't tested it yet, but will have a close look at the GH test runs after I push this - the route.c fix hasn't been merged yet (want to stare more at it) so the MacOS/ASAN build should trigger something now... non-fatal, but red :-) Your patch has been applied to the master and release/2.6

[Openvpn-devel] [PATCH applied] Re: Update LibreSSL to 3.7.0 in Github actions

Your patch has been applied to the master and release/2.6 branch. commit dc8f1f3963af8bce5e03c333dce9a0b252f6e1fd (master) commit 3973845ea5bc3fdc15a158917d819b5e9bd92635 (release/2.6) Author: Arne Schwabe Date: Mon Jan 30 18:29:34 2023 +0100 Update LibreSSL to 3.7.0 in Github actions

[Openvpn-devel] [PATCH applied] Re: Fix unaligned access in auth-token

This one is fairly straightforward. We had discussions on IRC if we really need to make this network byte order ("the data in the token is only for the server, nobody else needs to care") but then decided that if someone wants to run a cluster of an intel + a s390 host, they need to be compatible

Re: [Openvpn-devel] [PATCH] block-dns using iservice: fix a potential double free

Hi, > Good point. I have a version that splits "add" and "delete" actions into > separate functions and does something like this. > > Please take a look here: > https://github.com/selvanair/openvpn/tree/block-dns-fix > The add and delete functions are in that order (with a forward declaration)

Re: [Openvpn-devel] [PATCH] block-dns using iservice: fix a potential double free

Hi, On Wed, Feb 1, 2023 at 4:37 AM Lev Stipakov wrote: > Hi, > > I made a slightly different fix but then noticed your mail. > > Indeed the problem is that get/set_interface_metric fails, > and we call FwpmEngineClose0 after updating the undo list. When > openvpn process exits, we execute

[Openvpn-devel] [PATCH v3] Get rid of unused 'bool tuntap_buffer' arguments.

overlapped_io_init() has a "bool tuntap_buffer" argument which is only passed onwards to alloc_buf_sock_tun(), which does nothing with it. Remove from both functions. v2: move alloc_buf_sock_tun() to win32.c v3: leave alloc_buf_sock_tun() where it is, and fix non-WIN32 call from socket.c

[Openvpn-devel] [PATCH] Changes.rst: document removal of --keysize

When reviweing OpenVPN/openvpn#231 I noticed this was missing from Changes.rst. Signed-off-by: Frank Lichtenheld --- Changes.rst | 5 + src/openvpn/options.c | 1 - 2 files changed, 5 insertions(+), 1 deletion(-) diff --git a/Changes.rst b/Changes.rst index 4942a580..dc829032

Re: [Openvpn-devel] [PATCH 3/4] cryptoapi.c: remove pre OpenSSL-3.01 support

On Sat, Jan 28, 2023 at 05:34:20PM -0500, selva.n...@gmail.com wrote: > From: Selva Nair > > - Require xkey-provider (thus OpenSSL 3.01+) for --cryptoapicert > > Note: > Ideally we should also make ENABLE_CRYPTOAPI conditional > on HAVE_XKEY_PROVIDER but that looks hard unless we can agree

Re: [Openvpn-devel] [PATCH 4/4] cryptoapi.c: simplify parsing of thumbprint hex string

On Sat, Jan 28, 2023 at 05:34:21PM -0500, selva.n...@gmail.com wrote: > From: Selva Nair > > Signed-off-by: Selva Nair > --- > src/openvpn/cryptoapi.c | 44 +++-- > 1 file changed, 12 insertions(+), 32 deletions(-) > > diff --git a/src/openvpn/cryptoapi.c

Re: [Openvpn-devel] [PATCH] block-dns using iservice: fix a potential double free

Hi, I made a slightly different fix but then noticed your mail. Indeed the problem is that get/set_interface_metric fails, and we call FwpmEngineClose0 after updating the undo list. When openvpn process exits, we execute commands in undo list, and second call to FwpmEngineClose0 causes Access