GitList

Browse code

Ensure tls session is authenticated before sending push reply

We ensure here that the tls session is authenticated before sending
a push_reply

This the final part of the fix for CVE-2020-15078 in the master branch.

CVE: 2020-15078
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210624130840.2583433-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22587.html

Signed-off-by: Gert Doering <gert@greenie.muc.de>

Arne Schwabe authored on 2021/06/24 22:08:40
Showing 1 changed files

src/openvpn/push.c index f3a0054..f4957f1 100644

src/openvpn/push.c

History View file @ 87c8c08

@@ -867,7 +867,8 @@ process_incoming_push_request(struct context *c)
         send_auth_failed(c, client_reason);
         ret = PUSH_MSG_AUTH_FAILURE;
     }
-    else if (c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE)
+    else if (tls_authentication_status(c->c2.tls_multi) == TLS_AUTHENTICATION_SUCCEEDED
+             && c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE)
     {
         time_t now;
 

...	...	@@ -867,7 +867,8 @@ process_incoming_push_request(struct context *c)
867	867	send_auth_failed(c, client_reason);
868	868	ret = PUSH_MSG_AUTH_FAILURE;
869	869	}
870		- else if (c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE)
	870	+ else if (tls_authentication_status(c->c2.tls_multi) == TLS_AUTHENTICATION_SUCCEEDED
	871	+ && c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE)
871	872	{
872	873	time_t now;
873	874