Browse code
PUSH_UPDATE server: bug-fix, reset buffer after processing
In the send_single_push_update() function the buffer containing
the message was not reset after processing, so o in a push-update-broad
the messages sent starting from the second client would have been
shrunk (offset advanced and size decreased).
Change-Id: I41d08a9a2e79ac1f1104e72dd5b7b7617e2071a0
Signed-off-by: Marco Baffo <marco@mandelbit.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Gerrit URL: https://gerrit.openvpn.net/c/openvpn/+/1264
Message-Id: <20251010142002.27308-1-gert@greenie.muc.de>
URL: https://sourceforge.net/p/openvpn/mailman/message/59244933/
Signed-off-by: Gert Doering <gert@greenie.muc.de>
Marco Baffo authored on 2025/10/10 23:19:56Showing 1 changed files
| ... | ... |
@@ -170,9 +170,12 @@ send_single_push_update(struct context *c, struct buffer *msgs, unsigned int *op |
| 170 | 170 |
* inside `process_incoming_push_msg()`. However, we don't need |
| 171 | 171 |
* to check the return value here because we just want to `advance`, |
| 172 | 172 |
* meaning we skip the `push_update_cmd' we added earlier. |
| 173 |
+ * Also we need to make a temporary copy so we can buf_advance() |
|
| 174 |
+ * without modifying original buffer. |
|
| 173 | 175 |
*/ |
| 174 |
- buf_string_compare_advance(&msgs[i], push_update_cmd); |
|
| 175 |
- if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &msgs[i], true) == PUSH_MSG_ERROR) |
|
| 176 |
+ struct buffer tmp_msg = msgs[i]; |
|
| 177 |
+ buf_string_compare_advance(&tmp_msg, push_update_cmd); |
|
| 178 |
+ if (process_incoming_push_update(c, pull_permission_mask(c), option_types_found, &tmp_msg, true) == PUSH_MSG_ERROR) |
|
| 176 | 179 |
{
|
| 177 | 180 |
msg(M_WARN, "Failed to process push update message sent to client ID: %u", |
| 178 | 181 |
c->c2.tls_multi ? c->c2.tls_multi->peer_id : UINT32_MAX); |