We ensure here that the tls session is authenticated before sending
a push_reply
This the final part of the fix for CVE-2020-15078 in the master branch.
CVE: 2020-15078
Acked-by: Gert Doering <gert@greenie.muc.de>
Message-Id: <20210624130840.2583433-1-arne@rfc2549.org>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg22587.html
Signed-off-by: Gert Doering <gert@greenie.muc.de>
... | ... |
@@ -867,7 +867,8 @@ process_incoming_push_request(struct context *c) |
867 | 867 |
send_auth_failed(c, client_reason); |
868 | 868 |
ret = PUSH_MSG_AUTH_FAILURE; |
869 | 869 |
} |
870 |
- else if (c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE) |
|
870 |
+ else if (tls_authentication_status(c->c2.tls_multi) == TLS_AUTHENTICATION_SUCCEEDED |
|
871 |
+ && c->c2.tls_multi->multi_state >= CAS_CONNECT_DONE) |
|
871 | 872 |
{ |
872 | 873 |
time_t now; |
873 | 874 |
|