]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 0ffa7b5) | patch
dco-win: Fix crash when cancelling pending operation
authorLev Stipakov <lev@openvpn.net>
Tue, 1 Apr 2025 18:15:30 +0000 (20:15 +0200)
committerGert Doering <gert@greenie.muc.de>
Tue, 1 Apr 2025 18:37:50 +0000 (20:37 +0200)
commitf60a49362515a87ccf8db406ef422499adf34eb7
treec0a74e1f053a5d76debd99175c831be83e25d7f7tree | snapshot
parent0ffa7b57fdfb2658ae326baea0871ccca2c01b7dcommit | diff
dco-win: Fix crash when cancelling pending operation

The OVERLAPPED structure must remain valid for the entire duration of an
asynchronous operation. Previously, when a TCP connection was pending
inside the NEW_PEER call, the OVERLAPPED structure was defined as a
local variable within dco_p2p_new_peer().

When CancelIo() was called later from close_tun_handle(), the OVERLAPPED
structure was already out of scope, resulting in undefined behavior and
stack corruption.

This fix moves the OVERLAPPED structure to the tuntap struct, ensuring
it remains valid throughout the operation's lifetime.

Github: closes OpenVPN/openvpn#715

Change-Id: Ib1db457c42a80f6b8fc0e3ceb4a895d4cf7f0155
Signed-off-by: Lev Stipakov <lev@openvpn.net>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20250401181535.7854-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59168247/
URL: https://gerrit.openvpn.net/c/openvpn/+/928
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpn/dco_win.c diff | blob | blame | history
src/openvpn/dco_win.h diff | blob | blame | history
src/openvpn/socket.c diff | blob | blame | history
src/openvpn/tun.h diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git