Date: Fri, 4 Oct 2019 02:42:19 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-branches@freebsd.org Subject: svn commit: r513744 - in branches/2019Q4/net/ocserv: . files Message-ID: <201910040242.x942gJtu087711@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans (src committer) Date: Fri Oct 4 02:42:19 2019 New Revision: 513744 URL: https://svnweb.freebsd.org/changeset/ports/513744 Log: MFH: r513668 net/ocserv: fix tun handoff between parent and worker process ocserv hands off a tun fd to a worker process, but the worker process never claims the tun with TUNSIFPID. The parent then closes the tunnel and leaves it in a nasty state. Bump PORTREVISION, as this is runtime breakage. PR: 238500 Approved by: bapt (ports), cpm (maintainer, e-mail) Approved by: ports-secteam (miwi) Added: branches/2019Q4/net/ocserv/files/patch-src_tun.c - copied unchanged from r513668, head/net/ocserv/files/patch-src_tun.c branches/2019Q4/net/ocserv/files/patch-src_tun.h - copied unchanged from r513668, head/net/ocserv/files/patch-src_tun.h branches/2019Q4/net/ocserv/files/patch-src_worker-auth.c - copied unchanged from r513668, head/net/ocserv/files/patch-src_worker-auth.c Modified: branches/2019Q4/net/ocserv/Makefile Directory Properties: branches/2019Q4/ (props changed) Modified: branches/2019Q4/net/ocserv/Makefile ============================================================================== --- branches/2019Q4/net/ocserv/Makefile Thu Oct 3 22:27:24 2019 (r513743) +++ branches/2019Q4/net/ocserv/Makefile Fri Oct 4 02:42:19 2019 (r513744) @@ -3,7 +3,7 @@ PORTNAME= ocserv PORTVERSION= 0.12.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net net-vpn security MASTER_SITES= ftp://ftp.infradead.org/pub/ocserv/ Copied: branches/2019Q4/net/ocserv/files/patch-src_tun.c (from r513668, head/net/ocserv/files/patch-src_tun.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q4/net/ocserv/files/patch-src_tun.c Fri Oct 4 02:42:19 2019 (r513744, copy of r513668, head/net/ocserv/files/patch-src_tun.c) @@ -0,0 +1,25 @@ +--- src/tun.c.orig 2018-04-14 07:52:35 UTC ++++ src/tun.c +@@ -895,3 +895,22 @@ ssize_t tun_read(int sockfd, void *buf, size_t len) + return read(sockfd, buf, len); + } + #endif ++ ++#ifndef __FreeBSD__ ++int tun_claim(int sockfd) ++{ ++ ++ return (0); ++} ++#else ++/* ++ * FreeBSD has a mechanism by which a tunnel has a single controlling process, ++ * and only that one process may close it. When the controlling process closes ++ * the tunnel, the state is torn down. ++ */ ++int tun_claim(int sockfd) ++{ ++ ++ return (ioctl(sockfd, TUNSIFPID, 0)); ++} ++#endif /* !__FreeBSD__ */ Copied: branches/2019Q4/net/ocserv/files/patch-src_tun.h (from r513668, head/net/ocserv/files/patch-src_tun.h) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q4/net/ocserv/files/patch-src_tun.h Fri Oct 4 02:42:19 2019 (r513744, copy of r513668, head/net/ocserv/files/patch-src_tun.h) @@ -0,0 +1,9 @@ +--- src/tun.h.orig 2018-01-13 18:43:41 UTC ++++ src/tun.h +@@ -35,5 +35,6 @@ struct tun_lease_st { + + ssize_t tun_write(int sockfd, const void *buf, size_t len); + ssize_t tun_read(int sockfd, void *buf, size_t len); ++int tun_claim(int sockfd); + + #endif Copied: branches/2019Q4/net/ocserv/files/patch-src_worker-auth.c (from r513668, head/net/ocserv/files/patch-src_worker-auth.c) ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ branches/2019Q4/net/ocserv/files/patch-src_worker-auth.c Fri Oct 4 02:42:19 2019 (r513744, copy of r513668, head/net/ocserv/files/patch-src_worker-auth.c) @@ -0,0 +1,14 @@ +--- src/worker-auth.c.orig 2019-01-19 18:47:47 UTC ++++ src/worker-auth.c +@@ -605,7 +605,10 @@ static int recv_cookie_auth_reply(worker_st * ws) + case AUTH__REP__OK: + if (socketfd != -1) { + ws->tun_fd = socketfd; +- ++ if (tun_claim(ws->tun_fd) != 0) { ++ ret = ERR_AUTH_FAIL; ++ goto cleanup; ++ } + if (msg->vname == NULL || msg->config == NULL || msg->user_name == NULL || msg->sid.len != sizeof(ws->sid)) { + ret = ERR_AUTH_FAIL; + goto cleanup;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910040242.x942gJtu087711>