40 lines
1.2 KiB
Diff
40 lines
1.2 KiB
Diff
From 6b03967183591d8a7e619caaf529f7581619326b Mon Sep 17 00:00:00 2001
|
|
From: Arne Schwabe <arne@rfc2549.org>
|
|
Date: Tue, 6 Apr 2021 00:05:21 +0200
|
|
Subject: [PATCH] Ensure key state is authenticated before sending push reply
|
|
|
|
This ensures that the key state is authenticated when sendinga push reply.
|
|
---
|
|
src/openvpn/push.c | 8 +++++++-
|
|
1 file changed, 7 insertions(+), 1 deletion(-)
|
|
|
|
diff --git a/src/openvpn/push.c b/src/openvpn/push.c
|
|
index dd5bd41..fcdd76b 100644
|
|
--- a/src/openvpn/push.c
|
|
+++ b/src/openvpn/push.c
|
|
@@ -647,6 +647,7 @@ int
|
|
process_incoming_push_request(struct context *c)
|
|
{
|
|
int ret = PUSH_MSG_ERROR;
|
|
+ struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
|
|
|
|
#ifdef ENABLE_ASYNC_PUSH
|
|
c->c2.push_request_received = true;
|
|
@@ -657,7 +658,12 @@ process_incoming_push_request(struct context *c)
|
|
send_auth_failed(c, client_reason);
|
|
ret = PUSH_MSG_AUTH_FAILURE;
|
|
}
|
|
- else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
|
|
+ else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED
|
|
+ && ks->authenticated
|
|
+ #ifdef ENABLE_DEF_AUTH
|
|
+ && !ks->auth_deferred
|
|
+ #endif
|
|
+ )
|
|
{
|
|
time_t now;
|
|
|
|
--
|
|
2.23.0
|
|
|