Exclude peer-id from pulled options digest

v2:
 - Move digest update to separate method

Peer-id might change on restart and this should not trigger reopening
tun.

Trac #649
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1475612403-1266-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12599.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index a1b999e2d97b0a799ce88090976888e136c3c35a..c0c78a0295580e81f6744d19f3460bd994cc3583 100644 (file)
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -597,6 +597,20 @@ process_incoming_push_request (struct context *c)
 }
 #endif
 
+static void
+push_update_digest(md_ctx_t *ctx, struct buffer *buf)
+{
+  char line[OPTION_PARM_SIZE];
+  while (buf_parse (buf, ',', line, sizeof (line)))
+    {
+      /* peer-id might change on restart and this should not trigger reopening tun */
+      if (strstr (line, "peer-id ") != line)
+       {
+         md_ctx_update (ctx, (const uint8_t *) line, strlen(line));
+       }
+    }
+}
+
 int
 process_incoming_push_msg (struct context *c,
                           const struct buffer *buffer,
@@ -636,21 +650,22 @@ process_incoming_push_msg (struct context *c,
                                  permission_mask,
                                  option_types_found,
                                  c->c2.es))
-           switch (c->options.push_continuation)
-             {
-             case 0:
-             case 1:
-               md_ctx_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig));
-               md_ctx_final (&c->c2.pulled_options_state, c->c2.pulled_options_digest.digest);
-               md_ctx_cleanup (&c->c2.pulled_options_state);
-               c->c2.pulled_options_md5_init_done = false;
-               ret = PUSH_MSG_REPLY;
-               break;
-             case 2:
-               md_ctx_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig));
-               ret = PUSH_MSG_CONTINUATION;
-               break;
-             }
+           {
+             push_update_digest (&c->c2.pulled_options_state, &buf_orig);
+             switch (c->options.push_continuation)
+               {
+                 case 0:
+                 case 1:
+                   md_ctx_final (&c->c2.pulled_options_state, c->c2.pulled_options_digest.digest);
+                   md_ctx_cleanup (&c->c2.pulled_options_state);
+                   c->c2.pulled_options_md5_init_done = false;
+                   ret = PUSH_MSG_REPLY;
+                   break;
+                 case 2:
+                   ret = PUSH_MSG_CONTINUATION;
+                   break;
+               }
+           }
        }
       else if (ch == '\0')
        {