Also drop incoming dco packet content when dropping the packet

If we get a message from a mismatched packet we need to clear
the incoming message buffer to ensure we can receive another
packet.

Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20221224194253.3202231-6-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg25797.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/forward.c b/src/openvpn/forward.c
index 64c8ee6a02e56b1a4b9a43b26648cf47b8f8cc60..af4ed05da0f6dba64e015588484fe84db54db581 100644 (file)
--- a/src/openvpn/forward.c
+++ b/src/openvpn/forward.c
@@ -1194,6 +1194,8 @@ process_incoming_dco(struct context *c)
         msg(D_DCO_DEBUG, "%s: received message for mismatching peer-id %d, "
             "expected %d", __func__, dco->dco_message_peer_id,
             c->c2.tls_multi->dco_peer_id);
+        /* ensure we also drop a message if there is one in the buffer */
+        buf_init(&dco->dco_packet_in, 0);
         return;
     }
 

diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c
index fcb308151777a45084ada1ac1905401f42732b70..9a20112e2d925041caa089086bf54534deae2c64 100644 (file)
--- a/src/openvpn/multi.c
+++ b/src/openvpn/multi.c
@@ -3276,6 +3276,8 @@ multi_process_incoming_dco(struct multi_context *m)
     else
     {
         msg(D_DCO, "Received packet for peer-id unknown to OpenVPN: %d", peer_id);
+        /* Also clear the buffer if this was incoming packet for a dropped peer */
+        buf_init(&dco->dco_packet_in, 0);
     }
 
     dco->dco_message_type = 0;