From: Marco Baffo Date: Fri, 10 Oct 2025 14:19:56 +0000 (+0200) Subject: PUSH_UPDATE server: bug-fix, reset buffer after processing X-Git-Tag: v2.7_beta3~7 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=107f80b8e3102cca3a2cc008d37895f96ec2f17c;p=thirdparty%2Fopenvpn.git PUSH_UPDATE server: bug-fix, reset buffer after processing In the send_single_push_update() function the buffer containing the message was not reset after processing, so o in a push-update-broad the messages sent starting from the second client would have been shrunk (offset advanced and size decreased). Change-Id: I41d08a9a2e79ac1f1104e72dd5b7b7617e2071a0 Signed-off-by: Marco Baffo Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1264 Message-Id: <20251010142002.27308-1-gert@greenie.muc.de> URL: https://sourceforge.net/p/openvpn/mailman/message/59244933/ Signed-off-by: Gert Doering --- diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c index f30610423..b475d2ecc 100644 --- a/src/openvpn/push_util.c +++ b/src/openvpn/push_util.c @@ -170,9 +170,12 @@ send_single_push_update(struct context *c, struct buffer *msgs, unsigned int *op * inside `process_incoming_push_msg()`. However, we don't need * to check the return value here because we just want to `advance`, * meaning we skip the `push_update_cmd' we added earlier. + * Also we need to make a temporary copy so we can buf_advance() + * without modifying original buffer. */ - buf_string_compare_advance(&msgs[i], push_update_cmd); - if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &msgs[i], true) == PUSH_MSG_ERROR) + struct buffer tmp_msg = msgs[i]; + buf_string_compare_advance(&tmp_msg, push_update_cmd); + if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &tmp_msg, true) == PUSH_MSG_ERROR) { msg(M_WARN, "Failed to process push update message sent to client ID: %u", c->c2.tls_multi ? c->c2.tls_multi->peer_id : UINT32_MAX);