fix key_state_gen_auth_control_files probably checking file creation

When the auth_failed_reason_file was added, it was forgotten to also add it
to the conditions that determine if the file creation was successful.

Reported-by: Joshua Rogers <contact@joshua.hu>
Found-by: ZeroPath (https://zeropath.com/)
Change-Id: I94d2bdd234a1c416b78924d044bf7e57f1bed8c4
Signed-off-by: Arne Schwabe <arne@rfc2549.org>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1327
Message-Id: <20251030193940.1295-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34067.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>

diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c
index 993d22c2b8ce38d4169c31296647cbb0f7bf5aa9..a16f5fad1b584176c21545498ce1babd918b7676 100644 (file)
--- a/src/openvpn/ssl_verify.c
+++ b/src/openvpn/ssl_verify.c
@@ -992,7 +992,7 @@ key_state_gen_auth_control_files(struct auth_deferred_status *ads, const struct
     const char *apf = platform_create_temp_file(opt->tmp_dir, "apf", &gc);
     const char *afr = platform_create_temp_file(opt->tmp_dir, "afr", &gc);
 
-    if (acf && apf)
+    if (acf && apf && afr)
     {
         ads->auth_control_file = string_alloc(acf, NULL);
         ads->auth_pending_file = string_alloc(apf, NULL);
@@ -1004,7 +1004,7 @@ key_state_gen_auth_control_files(struct auth_deferred_status *ads, const struct
     }
 
     gc_free(&gc);
-    return (acf && apf);
+    return (acf && apf && afr);
 }
 
 /**