From: Lev Stipakov <lstipakov@gmail.com>
Date: Tue, 4 Oct 2016 19:53:06 +0000 (+0300)
Subject: Exclude peer-id from pulled options digest
X-Git-Tag: contains~2
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=84022030dc2af8606e6a11c3dca1780419e7a534;p=thirdparty%2Fopenvpn.git

Exclude peer-id from pulled options digest

v2:
 - Use md5_* methods
 - Move digest update to separate method

Peer-id might change on restart and this should not trigger reopening
tun.

Trac #649
Acked-by: Steffan Karger <steffan.karger@fox-it.com>
Message-Id: <1475610786-25781-1-git-send-email-lstipakov@gmail.com>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg12598.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/push.c b/src/openvpn/push.c
index 71f39c1ba..402c15841 100644
--- a/src/openvpn/push.c
+++ b/src/openvpn/push.c
@@ -407,6 +407,20 @@ push_reset (struct options *o)
 }
 #endif
 
+static void
+push_update_digest(struct md5_state *ctx, struct buffer *buf)
+{
+  char line[OPTION_PARM_SIZE];
+  while (buf_parse (buf, ',', line, sizeof (line)))
+    {
+      /* peer-id might change on restart and this should not trigger reopening tun */
+      if (strstr (line, "peer-id ") != line)
+	{
+	  md5_state_update (ctx, line, strlen(line));
+	}
+    }
+}
+
 int
 process_incoming_push_msg (struct context *c,
 			   const struct buffer *buffer,
@@ -473,20 +487,21 @@ process_incoming_push_msg (struct context *c,
 				  permission_mask,
 				  option_types_found,
 				  c->c2.es))
-	    switch (c->options.push_continuation)
-	      {
-	      case 0:
-	      case 1:
-		md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig));
-		md5_state_final (&c->c2.pulled_options_state, &c->c2.pulled_options_digest);
-	        c->c2.pulled_options_md5_init_done = false;
-		ret = PUSH_MSG_REPLY;
-		break;
-	      case 2:
-		md5_state_update (&c->c2.pulled_options_state, BPTR(&buf_orig), BLEN(&buf_orig));
-		ret = PUSH_MSG_CONTINUATION;
-		break;
-	      }
+	    {
+	      push_update_digest (&c->c2.pulled_options_state, &buf_orig);
+	      switch (c->options.push_continuation)
+		{
+		  case 0:
+		  case 1:
+		    md5_state_final (&c->c2.pulled_options_state, &c->c2.pulled_options_digest);
+		    c->c2.pulled_options_md5_init_done = false;
+		    ret = PUSH_MSG_REPLY;
+		    break;
+		  case 2:
+		    ret = PUSH_MSG_CONTINUATION;
+		    break;
+		}
+	    }
 	}
       else if (ch == '\0')
 	{