From: Gert Doering Date: Mon, 27 Jul 2020 18:34:36 +0000 (+0200) Subject: Abort client-connect handler loop after first handler sets 'disable'. X-Git-Tag: v2.5_beta1~26 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=20b394746a7a351d892bb8c21beb66dd138631d9;p=thirdparty%2Fopenvpn.git Abort client-connect handler loop after first handler sets 'disable'. The old code would run all (succeeding) handlers, then discover "one of them set the 'disable' flag for this client", and then unroll all the handlers. Moving the 'disable' check into the loop makes it stop after the first handler that fails or (succeeds and sets 'disable'). This is a bit more logical in the log files, and has less potential side effects due to running "later" client-connect handlers when we already know they will have to be unrolled. Signed-off-by: Gert Doering Acked-by: Arne Schwabe Message-Id: <20200727183436.6625-2-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg20612.html Signed-off-by: Gert Doering --- diff --git a/src/openvpn/multi.c b/src/openvpn/multi.c index cfb34720d..0f9c586be 100644 --- a/src/openvpn/multi.c +++ b/src/openvpn/multi.c @@ -2617,18 +2617,18 @@ multi_connection_established(struct multi_context *m, struct multi_instance *mi) ASSERT(0); } - (*cur_handler_index)++; - } + /* + * Check for "disable" directive in client-config-dir file + * or config file generated by --client-connect script. + */ + if (mi->context.options.disable) + { + msg(D_MULTI_ERRORS, "MULTI: client has been rejected due to " + "'disable' directive"); + cc_succeeded = false; + } - /* - * Check for "disable" directive in client-config-dir file - * or config file generated by --client-connect script. - */ - if (mi->context.options.disable) - { - msg(D_MULTI_ERRORS, "MULTI: client has been rejected due to " - "'disable' directive"); - cc_succeeded = false; + (*cur_handler_index)++; } if (cc_succeeded)