From: Antonio Quartulli <a@unstable.cc>
Date: Fri, 5 Aug 2022 15:08:37 +0000 (+0200)
Subject: dco: perform pull options check only if we pulled any option
X-Git-Tag: v2.6_beta1~134
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=f9ef554a5bda5c354e59261f9dbf6519e2815388;p=thirdparty%2Fopenvpn.git

dco: perform pull options check only if we pulled any option

The do_deferred_options() function is invoked also on the server side in
order to process all negotiated bits.

However, in this case we should not perform any pull options check, as
it's required only on the client side.

Move check within the "if (options.pull)" block to ensure we perform the
check only when required.

Reported-By: Gert Doering <gert@greenie.muc.de>
Signed-off-by: Antonio Quartulli <a@unstable.cc>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20220805150837.8169-1-a@unstable.cc>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg24824.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/init.c b/src/openvpn/init.c
index 2e7544de3..b6705921a 100644
--- a/src/openvpn/init.c
+++ b/src/openvpn/init.c
@@ -2402,22 +2402,23 @@ do_deferred_options(struct context *c, const unsigned int found)
         c->c2.tls_multi->peer_id = c->options.peer_id;
     }
 
-    /* process (potentially pushed) crypto options */
+    /* process (potentially) pushed options */
     if (c->options.pull)
     {
         if (!check_pull_client_ncp(c, found))
         {
             return false;
         }
-    }
 
-    /* Check if pushed options are compatible with DCO, if enabled */
-    if (dco_enabled(&c->options)
-        && !dco_check_pull_options(D_PUSH_ERRORS, &c->options))
-    {
-        msg(D_PUSH_ERRORS, "OPTIONS ERROR: pushed options are incompatible with "
-            "data channel offload. Use --disable-dco to connect to this server");
-        return false;
+        /* Check if pushed options are compatible with DCO, if enabled */
+        if (dco_enabled(&c->options)
+            && !dco_check_pull_options(D_PUSH_ERRORS, &c->options))
+        {
+            msg(D_PUSH_ERRORS, "OPTIONS ERROR: pushed options are incompatible "
+                "with data channel offload. Use --disable-dco to connect to "
+                "this server");
+            return false;
+        }
     }
 
     return true;