Handle exceeding 'max-clients'

If 'max-clients' is set multi_create_instance() can return NULL (for any
client that would take us over the client limit).

If mi is NULL we don't add it to the hash map, but we do potentially
dereference it to increment the session count.
Do not attempt to do so if 'mi == NULL'.

Signed-off-by: Kristof Provost <kprovost@netgate.com>
Acked-by: Arne Schwabe <arne@rfc2549.org>
Message-Id: <20220713083404.13227-2-kprovost@netgate.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24678.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/mudp.c b/src/openvpn/mudp.c
index 0810fada52ae6e50a2339eed04fc0a43fc938624..0cbca1a9ec7e5b2cc33707631fee5bbf85c68bbf 100644 (file)
--- a/src/openvpn/mudp.c
+++ b/src/openvpn/mudp.c
@@ -241,15 +241,16 @@ multi_get_create_instance_udp(struct multi_context *m, bool *floated)
                         hash_add_fast(hash, bucket, &mi->real, hv, mi);
                         mi->did_real_hash = true;
                         multi_assign_peer_id(m, mi);
-                    }
-                    /* If we have a session id already, ensure that the
-                     * state is using the same */
-                    if (session_id_defined(&state.server_session_id)
-                        && session_id_defined((&state.peer_session_id)))
-                    {
-                        mi->context.c2.tls_multi->n_sessions++;
-                        struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE];
-                        session_skip_to_pre_start(session, &state, &m->top.c2.from);
+
+                        /* If we have a session id already, ensure that the
+                         * state is using the same */
+                        if (session_id_defined(&state.server_session_id)
+                            && session_id_defined((&state.peer_session_id)))
+                        {
+                            mi->context.c2.tls_multi->n_sessions++;
+                            struct tls_session *session = &mi->context.c2.tls_multi->session[TM_ACTIVE];
+                            session_skip_to_pre_start(session, &state, &m->top.c2.from);
+                        }
                     }
                 }
                 else