Ensure key state is authenticated before sending push reply

author Arne Schwabe <arne@rfc2549.org>

Mon, 5 Apr 2021 22:05:21 +0000 (00:05 +0200)

committer Gert Doering <gert@greenie.muc.de>

Tue, 20 Apr 2021 13:26:39 +0000 (15:26 +0200)
author Arne Schwabe <arne@rfc2549.org>
Mon, 5 Apr 2021 22:05:21 +0000 (00:05 +0200)
committer Gert Doering <gert@greenie.muc.de>
Tue, 20 Apr 2021 13:26:39 +0000 (15:26 +0200)
diff --git a/src/openvpn/push.c b/src/openvpn/push.c

index 002be23327cba569111bb5052d14c443be394ba4..52c6e8200dcb9c4d78aedd10c72dfc0035d2fa5c 100644 (file)
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -652,6 +652,7 @@ int
  process_incoming_push_request(struct context *c)
  {
      int ret = PUSH_MSG_ERROR;
+    struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
  
  #ifdef ENABLE_ASYNC_PUSH
      c->c2.push_request_received = true;
@@ -662,7 +663,12 @@ process_incoming_push_request(struct context *c)
          send_auth_failed(c, client_reason);
          ret = PUSH_MSG_AUTH_FAILURE;
      }
-    else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
+    else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED
+             && ks->authenticated
+ #ifdef ENABLE_DEF_AUTH
+             && !ks->auth_deferred
+ #endif
+             )
      {
          time_t now;
author	Arne Schwabe <arne@rfc2549.org>
	Mon, 5 Apr 2021 22:05:21 +0000 (00:05 +0200)
committer	Gert Doering <gert@greenie.muc.de>
	Tue, 20 Apr 2021 13:26:39 +0000 (15:26 +0200)