From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Wed, 24 Sep 2025 12:18:55 +0000 (+0200)
Subject: dns: Fix bug in error handling when talking to script
X-Git-Tag: v2.7_beta2~6
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=bd27319f2afae4c990502a434df425ff23e1e031;p=thirdparty%2Fopenvpn.git

dns: Fix bug in error handling when talking to script

Comparing the result of read/write to a size_t value
is dangerous C. Since ssize_t and size_t have the same
size ssize_t is promoted to size_t, so -1 becomes
size_t max value and is not smaller than the expected
length.

Make sure to compare ssize_t to ssize_t to avoid any
suprises.

Change-Id: Ic395b6d1dce510bb4b499c5beba61f033a2a860b
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Heiko Hund <heiko@openvpn.net>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1208
Message-Id: <20250924121901.13532-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59238099/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/dns.c b/src/openvpn/dns.c
index efb888ad1..2a9e60b31 100644
--- a/src/openvpn/dns.c
+++ b/src/openvpn/dns.c
@@ -642,11 +642,10 @@ run_updown_runner(bool up, struct options *o, const struct tuntap *tt,
 
         while (1)
         {
-            ssize_t rlen, wlen;
             char path[PATH_MAX];
 
             /* Block here until parent sends a path */
-            rlen = read(dns_pipe_fd[0], &path, sizeof(path));
+            ssize_t rlen = read(dns_pipe_fd[0], &path, sizeof(path));
             if (rlen < 1)
             {
                 if (rlen == -1 && errno == EINTR)
@@ -665,8 +664,8 @@ run_updown_runner(bool up, struct options *o, const struct tuntap *tt,
             /* Unblock parent process */
             while (1)
             {
-                wlen = write(ack_pipe_fd[1], &res, sizeof(res));
-                if ((wlen == -1 && errno != EINTR) || wlen < sizeof(res))
+                ssize_t wlen = write(ack_pipe_fd[1], &res, sizeof(res));
+                if ((wlen == -1 && errno != EINTR) || wlen < (ssize_t)sizeof(res))
                 {
                     /* Not much we can do about errors but exit */
                     close(dns_pipe_fd[0]);
@@ -727,7 +726,7 @@ run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
         env_set_write_file(dvf, es);
 
         int wfd = updown_runner->fds[1];
-        size_t dvf_size = strlen(dvf) + 1;
+        ssize_t dvf_size = strlen(dvf) + 1;
         while (1)
         {
             ssize_t len = write(wfd, dvf, dvf_size);
@@ -746,7 +745,7 @@ run_up_down_command(bool up, struct options *o, const struct tuntap *tt,
         while (1)
         {
             ssize_t len = read(rfd, &status, sizeof(status));
-            if (len < sizeof(status))
+            if (len < (ssize_t)sizeof(status))
             {
                 if (len == -1 && errno == EINTR)
                 {