1 files changed, 37 insertions, 0 deletions

diff --git a/debian/patches/CVE-2020-15078.patch b/debian/patches/CVE-2020-15078.patch
new file mode 100644
index 0000000..b3b9613
--- /dev/null
+++ b/debian/patches/CVE-2020-15078.patch
@@ -0,0 +1,37 @@
+From 0e5516a9d656ce86f7fb370c824344ea1760c255 Mon Sep 17 00:00:00 2001
+From: Arne Schwabe <arne@rfc2549.org>
+Date: Tue, 6 Apr 2021 00:05:21 +0200
+Subject: [PATCH] Ensure key state is authenticated before sending push reply
+
+This ensures that the key state is authenticated when sending
+a push reply.
+---
+ src/openvpn/push.c | 8 +++++++-
+ 1 file changed, 7 insertions(+), 1 deletion(-)
+
+diff --git a/src/openvpn/push.c b/src/openvpn/push.c
+index 002be2332..52c6e8200 100644
+--- a/src/openvpn/push.c
++++ b/src/openvpn/push.c
+@@ -652,6 +652,7 @@ int
+ process_incoming_push_request(struct context *c)
+ {
+     int ret = PUSH_MSG_ERROR;
++    struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
+ 
+ #ifdef ENABLE_ASYNC_PUSH
+     c->c2.push_request_received = true;
+@@ -662,7 +663,12 @@ process_incoming_push_request(struct context *c)
+         send_auth_failed(c, client_reason);
+         ret = PUSH_MSG_AUTH_FAILURE;
+     }
+-    else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
++    else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED
++             && ks->authenticated
++ #ifdef ENABLE_DEF_AUTH
++             && !ks->auth_deferred
++ #endif
++             )
+     {
+         time_t now;
+