From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Mon, 19 Jan 2026 17:12:11 +0000 (+0100)
Subject: port-share: Check return value of fork()
X-Git-Tag: v2.7_rc6~15
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=1a31efb4950a48913e1a79dc948c6a173d744fb7;p=thirdparty%2Fopenvpn.git

port-share: Check return value of fork()

While here, do some small C11 code cleanup.

Reported-By: Joshua Rogers <contact@joshua.hu>
Found-By: ZeroPath (https://zeropath.com)
Github: openvpn-private-issues#12
Change-Id: I5eac1b31ae40eb957e2c12ca6c37b491fef32847
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1470
Message-Id: <20260119171216.6100-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg35337.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/ps.c b/src/openvpn/ps.c
index ed2d5c9fc..e4c579437 100644
--- a/src/openvpn/ps.c
+++ b/src/openvpn/ps.c
@@ -800,12 +800,9 @@ struct port_share *
 port_share_open(const char *host, const char *port, const int max_initial_buf,
                 const char *journal_dir)
 {
-    pid_t pid;
     socket_descriptor_t fd[2];
     struct openvpn_sockaddr hostaddr;
     struct port_share *ps;
-    int status;
-    struct addrinfo *ai;
 
     ALLOC_OBJ_CLEAR(ps, struct port_share);
     ps->foreground_fd = -1;
@@ -814,9 +811,9 @@ port_share_open(const char *host, const char *port, const int max_initial_buf,
     /*
      * Get host's IP address
      */
-
-    status =
-        openvpn_getaddrinfo(GETADDR_RESOLVE | GETADDR_FATAL, host, port, 0, NULL, AF_UNSPEC, &ai);
+    struct addrinfo *ai;
+    int status = openvpn_getaddrinfo(GETADDR_RESOLVE | GETADDR_FATAL, host, port,
+                                     0, NULL, AF_UNSPEC, &ai);
     ASSERT(status == 0);
     ASSERT(sizeof(hostaddr.addr) >= ai->ai_addrlen);
     memcpy(&hostaddr.addr.sa, ai->ai_addr, ai->ai_addrlen);
@@ -836,19 +833,22 @@ port_share_open(const char *host, const char *port, const int max_initial_buf,
      */
     if (socketpair(PF_UNIX, SOCK_DGRAM, 0, fd) == -1)
     {
-        msg(M_WARN, "PORT SHARE: socketpair call failed");
+        msg(M_WARN | M_ERRNO, "PORT SHARE: socketpair call failed");
         goto error;
     }
 
     /*
      * Fork off background proxy process.
      */
-    pid = fork();
+    pid_t pid = fork();
 
-    if (pid)
+    if (pid < 0)
+    {
+        msg(M_WARN | M_ERRNO, "PORT SHARE: fork failed");
+        goto error;
+    }
+    else if (pid)
     {
-        int status;
-
         /*
          * Foreground Process
          */
@@ -862,7 +862,7 @@ port_share_open(const char *host, const char *port, const int max_initial_buf,
         set_cloexec(fd[0]);
 
         /* wait for background child process to initialize */
-        status = recv_control(fd[0]);
+        int status = recv_control(fd[0]);
         if (status == RESPONSE_INIT_SUCCEEDED)
         {
             /* note that this will cause possible EAGAIN when writing to