diff options
Diffstat (limited to 'debian/patches/wipe_tokens_on_de-auth.patch')
-rw-r--r-- | debian/patches/wipe_tokens_on_de-auth.patch | 118 |
1 files changed, 118 insertions, 0 deletions
diff --git a/debian/patches/wipe_tokens_on_de-auth.patch b/debian/patches/wipe_tokens_on_de-auth.patch new file mode 100644 index 0000000..8db560f --- /dev/null +++ b/debian/patches/wipe_tokens_on_de-auth.patch @@ -0,0 +1,118 @@ +From daab0a9fa8ff4f40e8a34707db0ac156d49fbfcb Mon Sep 17 00:00:00 2001 +From: David Sommerseth <davids@openvpn.net> +Date: Tue, 28 Mar 2017 22:53:46 +0200 +Subject: [PATCH] auth-token: Ensure tokens are always wiped on de-auth + +If tls_deauthenticate() was called, it could in some scenarios leave the +authentication token for a session in memory. This change just ensures +auth-tokens are always wiped as soon as a TLS session is considered +broken. + +Signed-off-by: David Sommerseth <davids@openvpn.net> + +Acked-by: Steffan Karger <steffan@karger.me> +Message-Id: <20170328205346.18844-1-davids@openvpn.net> +URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14344.html +Signed-off-by: David Sommerseth <davids@openvpn.net> +--- + src/openvpn/ssl_verify.c | 47 +++++++++++++++++++++++++++-------------------- + 1 file changed, 27 insertions(+), 20 deletions(-) + +Index: openvpn-2.4.0/src/openvpn/ssl_verify.c +=================================================================== +--- openvpn-2.4.0.orig/src/openvpn/ssl_verify.c ++++ openvpn-2.4.0/src/openvpn/ssl_verify.c +@@ -80,6 +80,28 @@ setenv_untrusted(struct tls_session *ses + setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT); + } + ++ ++/** ++ * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags ++ * ++ * @param multi Pointer to a multi object holding the auth_token variables ++ */ ++static void ++wipe_auth_token(struct tls_multi *multi) ++{ ++ if(multi) ++ { ++ if (multi->auth_token) ++ { ++ secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE); ++ free(multi->auth_token); ++ } ++ multi->auth_token = NULL; ++ multi->auth_token_sent = false; ++ } ++} ++ ++ + /* + * Remove authenticated state from all sessions in the given tunnel + */ +@@ -88,10 +110,14 @@ tls_deauthenticate(struct tls_multi *mul + { + if (multi) + { +- int i, j; +- for (i = 0; i < TM_SIZE; ++i) +- for (j = 0; j < KS_SIZE; ++j) ++ wipe_auth_token(multi); ++ for (int i = 0; i < TM_SIZE; ++i) ++ { ++ for (int j = 0; j < KS_SIZE; ++j) ++ { + multi->session[i].key[j].authenticated = false; ++ } ++ } + } + } + +@@ -1213,21 +1239,6 @@ verify_user_pass_management(struct tls_s + } + #endif /* ifdef MANAGEMENT_DEF_AUTH */ + +-/** +- * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags +- * +- * @param multi Pointer to a multi object holding the auth_token variables +- */ +-static void +-wipe_auth_token(struct tls_multi *multi) +-{ +- secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE); +- free(multi->auth_token); +- multi->auth_token = NULL; +- multi->auth_token_sent = false; +-} +- +- + /* + * Main username/password verification entry point + */ +@@ -1279,7 +1290,7 @@ verify_user_pass(struct user_pass *up, s + /* Ensure that the username has not changed */ + if (!tls_lock_username(multi, up->username)) + { +- wipe_auth_token(multi); ++ /* auth-token cleared in tls_lock_username() on failure */ + ks->authenticated = false; + goto done; + } +@@ -1300,7 +1311,6 @@ verify_user_pass(struct user_pass *up, s + if (memcmp_constant_time(multi->auth_token, up->password, + strlen(multi->auth_token)) != 0) + { +- wipe_auth_token(multi); + ks->authenticated = false; + tls_deauthenticate(multi); + +@@ -1472,6 +1482,7 @@ verify_final_auth_checks(struct tls_mult + if (!cn || !strcmp(cn, CCD_DEFAULT) || !test_file(path)) + { + ks->authenticated = false; ++ wipe_auth_token(multi); + msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'", + session->common_name, + path ? path : "UNDEF"); |