]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: bd9aa06) | patch
Disallow lameduck's float to an address taken by another client
authorLev Stipakov <lstipakov@gmail.com>
Wed, 7 Jan 2015 19:26:38 +0000 (21:26 +0200)
committerGert Doering <gert@greenie.muc.de>
Thu, 22 Jan 2015 10:34:04 +0000 (11:34 +0100)
commit0c0c178a3d3bc541ccf076f99c54d5aa6908cbcb
treeabd99b85161c92b77fa757e304e684c90a96f8d3tree
parentbd9aa06feb41838689ed01f79845bc765f887ae3commit | diff
Disallow lameduck's float to an address taken by another client

Existing check didn't take into account the case when floated client is
lame duck (CN for lame duck is NULL), which allowed lame duck to float
to an address taken by another client.

As a fix we use cert_hash_compare function which, besides fixing
mentioned case, also allows lame duck to float to an address already
taken by the same client.
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1420658798-29943-1-git-send-email-lstipakov@gmail.com>
URL: http://article.gmane.org/gmane.network.openvpn.devel/9386

Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/multi.c diff | blob | blame | history
src/openvpn/ssl_verify.c diff | blob | blame | history
src/openvpn/ssl_verify.h diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git