]> git.ipfire.org Git - thirdparty/openvpn.git/commit
projects / thirdparty / openvpn.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 2e2ac94) | patch
Harden interactive service pipe
authorSelva Nair <selva.nair@gmail.com>
Mon, 24 Nov 2025 16:53:06 +0000 (17:53 +0100)
committerGert Doering <gert@greenie.muc.de>
Mon, 24 Nov 2025 17:34:51 +0000 (18:34 +0100)
commit05d0808ee65d68691b0133f5fc3c09bfdba5259d
treec46ee83c55c96cc8e5be88e46fee27555bf4f45ftree | snapshot
parent2e2ac94e9cf3d0bdb28339594c8236fa98784967commit | diff
Harden interactive service pipe

- Append a version 4 uuid to ovpn_pipe_name to make it less
  predictable
- Do not allow remote access to the pipe

This greatly reduces the possibility of a rogue process racing to
open the pipe before CreateFile() is called in the worker thread.

Reported-by: Marc Heuse <marc@srlabs.de>
Change-Id: Ie66a142751354e421d48b273784fc79bcb9f7208
Signed-off-by: Selva Nair <selva.nair@gmail.com>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1396
Message-Id: <20251124165311.14859-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34638.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
src/openvpnserv/interactive.c diff | blob | blame | history
Mirror of https://github.com/OpenVPN/openvpn.git