The username environment variable is already set by the
set_verify_user_pass_env function before the verify_user_pass_script
function is called, so this call is not doing anything but might erroneously
made people think that this needs to be cleaned up.
Also ensure that the password is clean from the env even in an error case.
Reported-by: Joshua Rogers <contact@joshua.hu>
Found-by: ZeroPath (https://zeropath.com/)
Change-Id: I6c502508026c6b85bb092ada4d16d985b20dd41f
Signed-off-by: Arne Schwabe <arne-openvpn@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1326
Message-Id: <
20251030194402.1729-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34069.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
}
else
{
- setenv_str(session->opt->es, "username", up->username);
+ /* username env is already set by set_verify_user_pass_env */
setenv_str(session->opt->es, "password", up->password);
}
/* purge auth control filename (and file itself) for non-deferred returns */
key_state_rm_auth_control_files(&ks->script_auth);
}
- if (!session->opt->auth_user_pass_verify_script_via_file)
- {
- setenv_del(session->opt->es, "password");
- }
done:
if (tmp_file && strlen(tmp_file) > 0)
}
error:
+ if (!session->opt->auth_user_pass_verify_script_via_file)
+ {
+ setenv_del(session->opt->es, "password");
+ }
+
argv_free(&argv);
gc_free(&gc);
return retval;
projects / thirdparty / openvpn.git / commitdiff
