From 5bc0eae87ccf1abd6c400cb27d8e51819feb2036 Mon Sep 17 00:00:00 2001 From: Arne Schwabe Date: Tue, 28 Oct 2025 12:59:47 +0100 Subject: [PATCH] Add ASSERT to afunix code that dev_node is always set up the way we expect The calling code only calls tun_afunix_exec_child if is_tun_afunix is true, which checks that the path is having unix: as prefix. But since adding an ASSERT here to ensure that it is really the case does not cost us anything, just add the ASSERT. Reported-By: Joshua Rogers Found-By: Zeropath Change-Id: Idbb7bf279eb467fc1d56ab75a50b5eb2c8d0a57e Signed-off-by: Arne Schwabe Acked-by: Gert Doering Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1320 Message-Id: <20251028115953.22487-1-gert@greenie.muc.de> URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg33934.html Signed-off-by: Gert Doering --- src/openvpn/tun_afunix.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/openvpn/tun_afunix.c b/src/openvpn/tun_afunix.c index 124db6d98..42bcd0d44 100644 --- a/src/openvpn/tun_afunix.c +++ b/src/openvpn/tun_afunix.c @@ -53,6 +53,8 @@ tun_afunix_exec_child(const char *dev_node, struct tuntap *tt, struct env_set *e const char *msgprefix = "ERROR: failure executing process for tun:"; struct argv argv = argv_new(); + /* we should always called with a proper unix: dev node string */ + ASSERT(dev_node && strncmp(dev_node, "unix:", strlen("unix:")) == 0); /* since we know that dev-node starts with unix: we can just skip that * to get the program name */ const char *program = dev_node + strlen("unix:"); -- 2.47.3