From: Lev Stipakov <lev@openvpn.net>
Date: Thu, 31 Jul 2025 12:24:05 +0000 (+0200)
Subject: Fix DNS options duplication on PUSH_UPDATE
X-Git-Tag: v2.7_alpha3~2
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=70d4c6776bd563f487add399bd4acf58c5e22334;p=thirdparty%2Fopenvpn.git

Fix DNS options duplication on PUSH_UPDATE

Commit

    2dfc4f ("dns: deal with --dhcp-options when --dns is active")

has removed reset of tuntap DNS options. Due to that, incoming --dns
options are added to existing ones instead of overwriting them.

It has also added a new storage for --dhcp-option. The push-update
code didn't clear it and as a result, incoming --dhcp-option options
were added to existing ones instead of overwriting them.

Fixed by:

 - resetting tuntap DNS options (regression from abovementioned commit)
 - clearing dhcp options storage in push-update code

GitHub: fixes OpenVPN/openvpn#804

Change-Id: Ife4d8fc5f8e2183e61226d66a76bbaa02c06f787
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Heiko Hund <heiko@openvpn.net>
Message-Id: <20250731122410.12200-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32448.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 3753810f1..3ceada0cd 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -3527,7 +3527,13 @@ tuntap_options_postprocess_dns(struct options *o)
 #endif /* if defined(_WIN32) */
 
     /* Copy --dns options to tuntap_options */
+
     const struct dns_domain *d = dns->search_domains;
+    if (d)
+    {
+        tt->domain_search_list_len = 0;
+    }
+
     while (d && tt->domain_search_list_len + 1 < N_SEARCH_LIST_LEN)
     {
         tt->domain_search_list[tt->domain_search_list_len++] = d->name;
@@ -3538,6 +3544,9 @@ tuntap_options_postprocess_dns(struct options *o)
         msg(M_WARN, "WARNING: couldn't copy all --dns search-domains to TUN/TAP");
     }
 
+    tt->dns_len = 0;
+    tt->dns6_len = 0;
+
     const struct dns_server *s = dns->servers;
     while (s)
     {
@@ -6212,6 +6221,8 @@ update_option(struct context *c,
             }
             o->disable_nbt = 0;
             o->dhcp_options = 0;
+
+            CLEAR(options->dns_options.from_dhcp);
 #if defined(TARGET_ANDROID)
             o->http_proxy_port = 0;
             o->http_proxy = NULL;