From: Frank Lichtenheld <frank@lichtenheld.com>
Date: Thu, 14 May 2026 19:27:21 +0000 (+0200)
Subject: options: Move <= 0 check for keepalive settings earlier
X-Git-Url: http://git.ipfire.org/gitweb.cgi?a=commitdiff_plain;p=thirdparty%2Fopenvpn.git

options: Move <= 0 check for keepalive settings earlier

Use the atoi_constrained function.

Change-Id: Ic9ac18f730e6035126ccf1cf19799548e5fd9316
Signed-off-by: Frank Lichtenheld <frank@lichtenheld.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1155
Message-Id: <20260514192727.31903-1-gert@greenie.muc.de>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg36939.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
---

diff --git a/src/openvpn/helper.c b/src/openvpn/helper.c
index 9e7ad9324..4c540a672 100644
--- a/src/openvpn/helper.c
+++ b/src/openvpn/helper.c
@@ -552,14 +552,10 @@ helper_keepalive(struct options *o)
         /*
          * Sanity checks.
          */
-        if (o->keepalive_ping <= 0 || o->keepalive_timeout <= 0)
-        {
-            msg(M_USAGE, "--keepalive parameters must be > 0");
-        }
         if (o->keepalive_ping * 2 > o->keepalive_timeout)
         {
             msg(M_USAGE,
-                "the second parameter to --keepalive (restart timeout=%d) must be at least twice the value of the first parameter (ping interval=%d).  A ratio of 1:5 or 1:6 would be even better.  Recommended setting is --keepalive 10 60.",
+                "The second parameter to --keepalive (restart timeout=%d) must be at least twice the value of the first parameter (ping interval=%d).  A ratio of 1:5 or 1:6 would be even better.  Recommended setting is --keepalive 10 60.",
                 o->keepalive_timeout, o->keepalive_ping);
         }
         if (o->ping_send_timeout || o->ping_rec_timeout)
diff --git a/src/openvpn/options.c b/src/openvpn/options.c
index 62c0bbb88..80121923d 100644
--- a/src/openvpn/options.c
+++ b/src/openvpn/options.c
@@ -6777,8 +6777,8 @@ add_option(struct options *options, char *p[], bool is_inline, const char *file,
     else if (streq(p[0], "keepalive") && p[1] && p[2] && !p[3])
     {
         VERIFY_PERMISSION(OPT_P_GENERAL);
-        options->keepalive_ping = atoi_warn(p[1], msglevel);
-        options->keepalive_timeout = atoi_warn(p[2], msglevel);
+        atoi_constrained(p[1], &options->keepalive_ping, "keepalive ping", 1, INT_MAX, msglevel);
+        atoi_constrained(p[2], &options->keepalive_timeout, "keepalive timeout", 1, INT_MAX, msglevel);
     }
     else if (streq(p[0], "ping") && p[1] && !p[2])
     {