From: James Yonan Date: Fri, 18 Mar 2011 04:51:59 +0000 (+0000) Subject: Fixed issue where a client might receive multiple push replies from X-Git-Tag: v2.3-alpha1~211^2^2~23 X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=ac0aaac662b07b3f0eb248cd74a20e3e5d8f9875;p=thirdparty%2Fopenvpn.git Fixed issue where a client might receive multiple push replies from a server if it sent multiple push requests due to the server being slow to respond. This could cause the client to process pushed options twice, leading to duplicate pushed routes, among other issues. The fix, implemented server-side, is to reply only once to a push request even if multiple requests are received. git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@7060 e7ae566f-a301-0410-adde-c780ea21d3b5 --- diff --git a/openvpn.h b/openvpn.h index 0c4ff1acd..47c9734b3 100644 --- a/openvpn.h +++ b/openvpn.h @@ -414,6 +414,7 @@ struct context_2 /* --ifconfig endpoints to be pushed to client */ bool push_reply_deferred; bool push_ifconfig_defined; + bool sent_push_reply; in_addr_t push_ifconfig_local; in_addr_t push_ifconfig_remote_netmask; #ifdef ENABLE_CLIENT_NAT diff --git a/push.c b/push.c index 298031d10..f7b7d17b9 100644 --- a/push.c +++ b/push.c @@ -331,8 +331,18 @@ process_incoming_push_msg (struct context *c, } else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED) { - if (send_push_reply (c)) - ret = PUSH_MSG_REQUEST; + if (c->c2.sent_push_reply) + { + ret = PUSH_MSG_ALREADY_REPLIED; + } + else + { + if (send_push_reply (c)) + { + ret = PUSH_MSG_REQUEST; + c->c2.sent_push_reply = true; + } + } } else { diff --git a/push.h b/push.h index 089cf45b5..b5d1fbf3d 100644 --- a/push.h +++ b/push.h @@ -35,6 +35,7 @@ #define PUSH_MSG_REQUEST_DEFERRED 3 #define PUSH_MSG_AUTH_FAILURE 4 #define PUSH_MSG_CONTINUATION 5 +#define PUSH_MSG_ALREADY_REPLIED 6 void incoming_push_message (struct context *c, const struct buffer *buffer);