From: Kristof Provost Date: Wed, 13 Jul 2022 08:34:04 +0000 (+0200) Subject: Handle exceeding 'max-clients' X-Git-Tag: v2.6_beta1~169 X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=ac14d90e7e5a80c57d064b1d3a5deb1db63b0911;p=thirdparty%2Fopenvpn.git Handle exceeding 'max-clients' If 'max-clients' is set multi_create_instance() can return NULL (for any client that would take us over the client limit). If mi is NULL we don't add it to the hash map, but we do potentially dereference it to increment the session count. Do not attempt to do so if 'mi == NULL'. Signed-off-by: Kristof Provost Acked-by: Arne Schwabe Message-Id: <20220713083404.13227-2-kprovost@netgate.com> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24678.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c index 0810fada5..0cbca1a9e 100644 --- a/src/openvpn/mudp.c +++ b/src/openvpn/mudp.c @@ -241,15 +241,16 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated) hash_add_fast(hash, bucket, &mi->real, hv, mi); mi->did_real_hash = true; multi_assign_peer_id(m, mi); - } - /* If we have a session id already, ensure that the - * state is using the same */ - if (session_id_defined(&state.server_session_id) - && session_id_defined((&state.peer_session_id))) - { - mi->context.c2.tls_multi->n_sessions++; - struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; - session_skip_to_pre_start(session, &state, &m->top.c2.from); + + /* If we have a session id already, ensure that the + * state is using the same */ + if (session_id_defined(&state.server_session_id) + && session_id_defined((&state.peer_session_id))) + { + mi->context.c2.tls_multi->n_sessions++; + struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE]; + session_skip_to_pre_start(session, &state, &m->top.c2.from); + } } } else