]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: d816207) | patch
plug-ins: Disallow multiple deferred authentication plug-ins
authorDavid Sommerseth <davids@openvpn.net>
Sun, 13 Mar 2022 19:31:53 +0000 (20:31 +0100)
committerGert Doering <gert@greenie.muc.de>
Tue, 15 Mar 2022 16:51:48 +0000 (17:51 +0100)
commit282ddbac54f8d4923844f69983b38dd2b813a00a
treec26a1996a75bba6d61d9dd225b226e71f87c1eaetree | snapshot
parentd816207bc2fe1ee5a04c394b215d50123cb25aadcommit | diff
plug-ins: Disallow multiple deferred authentication plug-ins

The plug-in API in OpenVPN 2.x is not designed for running multiple
deferred authentication processes in parallel. The authentication
results of such configurations are not to be trusted.  For now we bail
out when this is discovered with an error in the log.

CVE: 2022-0547
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Antonio Quartulli <antonio@openvpn.net>
Message-Id: <20220313193154.9350-3-openvpn@sf.lists.topphemmelig.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg23931.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
doc/man-sections/plugin-options.rst diff | blob | blame | history
src/openvpn/plugin.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git