OpenVPN would segfault unexpectedly if it would be compiled against
PolarSSL
and the plug-in would expect OpenSSL, or vice-versa. This segfault would
not appear before the plug-in would try to access functions which would
be available if the plug-in and OpenVPN uses the same SSL implementation.
This patch adds a member to the plug-in initialisation function, which
identifies the SSL implementation.
The log_v3 plug-in is updated accordingly + a simple fix to make it
buildable again using the ./build script.
A minor documentation error in the openvpn-plugin.h was also
corrected, where it mentioned OPENVPN_PLUGIN_VERSION instead of
OPENVPN_PLUGINv3_STRUCTVER.
v2 - add const ovpnSSLAPI ssl_api at the end of
struct openvpn_plugin_args_open_in and not in the "middle"
v3 - fix bug in plug-in init, as the SSLAPI was located wrong in the
args struct sent to the openvpn_plugin_open_v3() function.
v4 - Ensure SSLAPI got a sane/known value if SSL is disabled or unknown
Signed-off-by: David Sommerseth <davids@redhat.com>
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <1372879030-10576-1-git-send-email-dazo@users.sourceforge.net>
URL: http://article.gmane.org/gmane.network.openvpn.devel/7754
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -201,10 +201,15 @@ struct openvpn_plugin_string_list |
201 | 201 |
* |
202 | 202 |
* Version Comment |
203 | 203 |
* 1 Initial plugin v3 structures providing the same API as |
204 |
- * the v2 plugin interface + X509 certificate information. |
|
204 |
+ * the v2 plugin interface, X509 certificate information + |
|
205 |
+ * a logging API for plug-ins. |
|
206 |
+ * |
|
207 |
+ * 2 Added ssl_api member in struct openvpn_plugin_args_open_in |
|
208 |
+ * which identifies the SSL implementation OpenVPN is compiled |
|
209 |
+ * against. |
|
205 | 210 |
* |
206 | 211 |
*/ |
207 |
-#define OPENVPN_PLUGINv3_STRUCTVER 1 |
|
212 |
+#define OPENVPN_PLUGINv3_STRUCTVER 2 |
|
208 | 213 |
|
209 | 214 |
/** |
210 | 215 |
* Definitions needed for the plug-in callback functions. |
... | ... |
@@ -260,6 +265,18 @@ struct openvpn_plugin_callbacks |
260 | 260 |
}; |
261 | 261 |
|
262 | 262 |
/** |
263 |
+ * Used by the openvpn_plugin_open_v3() function to indicate to the |
|
264 |
+ * plug-in what kind of SSL implementation OpenVPN uses. This is |
|
265 |
+ * to avoid SEGV issues when OpenVPN is complied against PolarSSL |
|
266 |
+ * and the plug-in against OpenSSL. |
|
267 |
+ */ |
|
268 |
+typedef enum { |
|
269 |
+ SSLAPI_NONE, |
|
270 |
+ SSLAPI_OPENSSL, |
|
271 |
+ SSLAPI_POLARSSL |
|
272 |
+} ovpnSSLAPI; |
|
273 |
+ |
|
274 |
+/** |
|
263 | 275 |
* Arguments used to transport variables to the plug-in. |
264 | 276 |
* The struct openvpn_plugin_args_open_in is only used |
265 | 277 |
* by the openvpn_plugin_open_v3() function. |
... | ... |
@@ -286,6 +303,7 @@ struct openvpn_plugin_args_open_in |
286 | 286 |
const char ** const argv; |
287 | 287 |
const char ** const envp; |
288 | 288 |
struct openvpn_plugin_callbacks *callbacks; |
289 |
+ const ovpnSSLAPI ssl_api; |
|
289 | 290 |
}; |
290 | 291 |
|
291 | 292 |
|
... | ... |
@@ -557,7 +575,8 @@ OPENVPN_PLUGIN_DEF int OPENVPN_PLUGIN_FUNC(openvpn_plugin_func_v2) |
557 | 557 |
* ARGUMENTS |
558 | 558 |
* |
559 | 559 |
* version : fixed value, defines the API version of the OpenVPN plug-in API. The plug-in |
560 |
- * should validate that this value is matching the OPENVPN_PLUGIN_VERSION value. |
|
560 |
+ * should validate that this value is matching the OPENVPN_PLUGINv3_STRUCTVER |
|
561 |
+ * value. |
|
561 | 562 |
* |
562 | 563 |
* arguments : Structure with all arguments available to the plug-in. |
563 | 564 |
* |
... | ... |
@@ -85,6 +85,11 @@ openvpn_plugin_open_v3 (const int v3structver, |
85 | 85 |
return OPENVPN_PLUGIN_FUNC_ERROR; |
86 | 86 |
} |
87 | 87 |
|
88 |
+ if( args->ssl_api != SSLAPI_OPENSSL ) { |
|
89 |
+ printf("This plug-in can only be used against OpenVPN with OpenSSL\n"); |
|
90 |
+ return OPENVPN_PLUGIN_FUNC_ERROR; |
|
91 |
+ } |
|
92 |
+ |
|
88 | 93 |
/* Which callbacks to intercept. */ |
89 | 94 |
ret->type_mask = |
90 | 95 |
OPENVPN_PLUGIN_MASK (OPENVPN_PLUGIN_UP) | |
... | ... |
@@ -40,8 +40,8 @@ |
40 | 40 |
#include "error.h" |
41 | 41 |
#include "misc.h" |
42 | 42 |
#include "plugin.h" |
43 |
+#include "ssl_backend.h" |
|
43 | 44 |
#include "win32.h" |
44 |
- |
|
45 | 45 |
#include "memdbg.h" |
46 | 46 |
|
47 | 47 |
#define PLUGIN_SYMBOL_REQUIRED (1<<0) |
... | ... |
@@ -374,7 +374,8 @@ plugin_open_item (struct plugin *p, |
374 | 374 |
struct openvpn_plugin_args_open_in args = { p->plugin_type_mask, |
375 | 375 |
(const char ** const) o->argv, |
376 | 376 |
(const char ** const) envp, |
377 |
- &callbacks }; |
|
377 |
+ &callbacks, |
|
378 |
+ SSLAPI }; |
|
378 | 379 |
struct openvpn_plugin_args_open_return retargs; |
379 | 380 |
|
380 | 381 |
CLEAR(retargs); |
... | ... |
@@ -36,10 +36,17 @@ |
36 | 36 |
#ifdef ENABLE_CRYPTO_OPENSSL |
37 | 37 |
#include "ssl_openssl.h" |
38 | 38 |
#include "ssl_verify_openssl.h" |
39 |
+#define SSLAPI SSLAPI_OPENSSL |
|
39 | 40 |
#endif |
40 | 41 |
#ifdef ENABLE_CRYPTO_POLARSSL |
41 | 42 |
#include "ssl_polarssl.h" |
42 | 43 |
#include "ssl_verify_polarssl.h" |
44 |
+#define SSLAPI SSLAPI_POLARSSL |
|
45 |
+#endif |
|
46 |
+ |
|
47 |
+/* Ensure that SSLAPI got a sane value if SSL is disabled or unknown */ |
|
48 |
+#ifndef SSLAPI |
|
49 |
+#define SSLAPI SSLAPI_NONE |
|
43 | 50 |
#endif |
44 | 51 |
|
45 | 52 |
/** |