git.ipfire.org Git - thirdparty/openvpn.git/commit

author	Steffan Karger <steffan@karger.me>
	Thu, 15 Dec 2016 21:46:06 +0000 (22:46 +0100)
committer	David Sommerseth <davids@openvpn.net>
	Fri, 16 Dec 2016 10:51:35 +0000 (11:51 +0100)
commit	ec4dff3bbdcc9fedf7844701dc5aa2679d503667
tree	2f97160eb3f56470d588d1e3db7d74ed11ddfeeb	tree
parent	1f004b2f06e987d73e48f7fd7b96b0b248274f58	commit \| diff

Don't reopen tun if cipher changes

When the pulled options change, OpenVPN will attempt to reopen the tun
device.  That might fail if the process has already dropper privileges,
and is not needed unless the tun MTU is changed.  This patch therefore
ignores the cipher value for the digest if a fixed tun-mtu is used.

Additionally, this patch changes the md_ctx_update() call to include the
trailing zero byte of each option, to make sure that parsing "foo,bar"
results in a different hash than "foobar".  (Sorry for not catching that
during the review...)

The unit tests are a bit lame, but it secretly serves as a way to lower
the bar for adding more buffer.c unit tests.

Trac: #761
Signed-off-by: Steffan Karger <steffan@karger.me>
Acked-by: David Sommerseth <davids@openvpn.net>
Message-Id: <1481838366-32335-1-git-send-email-steffan@karger.me>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg13579.html
Signed-off-by: David Sommerseth <davids@openvpn.net>

src/openvpn/buffer.h		diff \| blob \| blame \| history
src/openvpn/push.c		diff \| blob \| blame \| history
tests/unit_tests/openvpn/Makefile.am		diff \| blob \| blame \| history
tests/unit_tests/openvpn/test_buffer.c	[new file with mode: 0644]	blob