From 2f8cbf5bc95b80832c84b0396cb7851bf5a2c579 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Thu, 30 Oct 2025 20:39:34 +0100 Subject: [PATCH] fix key_state_gen_auth_control_files probably checking file creation When the auth_failed_reason_file was added, it was forgotten to also add it to the conditions that determine if the file creation was successful. Reported-by: Joshua Rogers Found-by: ZeroPath (https://zeropath.com/) Change-Id: I94d2bdd234a1c416b78924d044bf7e57f1bed8c4 Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1327 Message-Id: <20251030193940.1295-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg34067.html Signed-off-by: Gert Doering --- src/openvpn/ssl_verify.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/src/openvpn/ssl_verify.c b/src/openvpn/ssl_verify.c index 993d22c2b..a16f5fad1 100644 --- a/src/openvpn/ssl_verify.c +++ b/src/openvpn/ssl_verify.c @@ -992,7 +992,7 @@ key_state_gen_auth_control_files(struct auth_deferred_status *ads, const struct const char *apf = platform_create_temp_file(opt->tmp_dir, "apf", &gc); const char *afr = platform_create_temp_file(opt->tmp_dir, "afr", &gc); - if (acf && apf) + if (acf && apf && afr) { ads->auth_control_file = string_alloc(acf, NULL); ads->auth_pending_file = string_alloc(apf, NULL); @@ -1004,7 +1004,7 @@ key_state_gen_auth_control_files(struct auth_deferred_status *ads, const struct } gc_free(&gc); - return (acf && apf); + return (acf && apf && afr); } /** -- 2.47.3