PUSH_UPDATE server: bug-fix, reset buffer after processing

In the send_single_push_update() function the buffer containing
the message was not reset after processing, so o in a push-update-broad
the messages sent starting from the second client would have been
shrunk (offset advanced and size decreased).

Change-Id: I41d08a9a2e79ac1f1104e72dd5b7b7617e2071a0
Signed-off-by: Marco Baffo <marco@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1264
Message-Id: <20251010142002.27308-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59244933/
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/push_util.c b/src/openvpn/push_util.c
index f306104237e3978e02a032b89251fc6d4c853dd7..b475d2eccc23dafcadd4318c7002c3acae2d4476 100644 (file)
--- a/src/openvpn/push_util.c
+++ b/src/openvpn/push_util.c
@@ -170,9 +170,12 @@ send_single_push_update(struct context *c, struct buffer *msgs, unsigned int *op
          * inside `process_incoming_push_msg()`. However, we don't need
          * to check the return value here because we just want to `advance`,
          * meaning we skip the `push_update_cmd' we added earlier.
+         * Also we need to make a temporary copy so we can buf_advance()
+         * without modifying original buffer.
          */
-        buf_string_compare_advance(&msgs[i], push_update_cmd);
-        if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &msgs[i], true) == PUSH_MSG_ERROR)
+        struct buffer tmp_msg = msgs[i];
+        buf_string_compare_advance(&tmp_msg, push_update_cmd);
+        if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &tmp_msg, true) == PUSH_MSG_ERROR)
         {
             msg(M_WARN, "Failed to process push update message sent to client ID: %u",
                 c->c2.tls_multi ? c->c2.tls_multi->peer_id : UINT32_MAX);