From 14ced61eef89797e606c3b7600adc4da83a336f4 Mon Sep 17 00:00:00 2001 From: Ralf Lici Date: Tue, 2 Sep 2025 18:45:15 +0200 Subject: [PATCH] dco_linux: validate tun interface before fetching stats If dco_get_peer_stats() is called with an uninitialized c->c1.tuntap it results in a segfault. This issue happens when a client who has not connected to any server: - has --management and exits, - has --management and a management interface client issues either `bytecount` or `status` or - if SIGUSR2 is sent to it. Add a check to ensure the tun interface was set up before attempting to retrieve peer statistics. Change-Id: I40c11864745cc1619cb9cbf490b168f90feb5eac Signed-off-by: Ralf Lici Acked-by: Gert Doering Message-Id: <20250902164521.23145-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg32768.html Signed-off-by: Gert Doering --- src/openvpn/dco_linux.c | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/src/openvpn/dco_linux.c b/src/openvpn/dco_linux.c index 6115d5175..40674e7f4 100644 --- a/src/openvpn/dco_linux.c +++ b/src/openvpn/dco_linux.c @@ -1139,6 +1139,8 @@ dco_do_read(dco_context_t *dco) static int dco_get_peer(dco_context_t *dco, int peer_id, const bool raise_sigusr1_on_err) { + ASSERT(dco); + /* peer_id == -1 means "dump all peers", but this is allowed in MP mode only. * If it happens in P2P mode it means that the DCO peer was deleted and we * can simply bail out @@ -1182,6 +1184,11 @@ nla_put_failure: int dco_get_peer_stats(struct context *c, const bool raise_sigusr1_on_err) { + if (!c->c1.tuntap || c->c1.tuntap->dco.ifindex == 0) + { + return -1; + } + return dco_get_peer(&c->c1.tuntap->dco, c->c2.tls_multi->dco_peer_id, raise_sigusr1_on_err); } -- 2.47.3