diff options
Diffstat (limited to 'debian/patches/wipe_tokens_on_de-auth.patch')
| -rw-r--r-- | debian/patches/wipe_tokens_on_de-auth.patch | 118 |
1 files changed, 0 insertions, 118 deletions
diff --git a/debian/patches/wipe_tokens_on_de-auth.patch b/debian/patches/wipe_tokens_on_de-auth.patch deleted file mode 100644 index 8db560f..0000000 --- a/debian/patches/wipe_tokens_on_de-auth.patch +++ /dev/null @@ -1,118 +0,0 @@ -From daab0a9fa8ff4f40e8a34707db0ac156d49fbfcb Mon Sep 17 00:00:00 2001 -From: David Sommerseth <davids@openvpn.net> -Date: Tue, 28 Mar 2017 22:53:46 +0200 -Subject: [PATCH] auth-token: Ensure tokens are always wiped on de-auth - -If tls_deauthenticate() was called, it could in some scenarios leave the -authentication token for a session in memory. This change just ensures -auth-tokens are always wiped as soon as a TLS session is considered -broken. - -Signed-off-by: David Sommerseth <davids@openvpn.net> - -Acked-by: Steffan Karger <steffan@karger.me> -Message-Id: <20170328205346.18844-1-davids@openvpn.net> -URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14344.html -Signed-off-by: David Sommerseth <davids@openvpn.net> ---- - src/openvpn/ssl_verify.c | 47 +++++++++++++++++++++++++++-------------------- - 1 file changed, 27 insertions(+), 20 deletions(-) - -Index: openvpn-2.4.0/src/openvpn/ssl_verify.c -=================================================================== ---- openvpn-2.4.0.orig/src/openvpn/ssl_verify.c -+++ openvpn-2.4.0/src/openvpn/ssl_verify.c -@@ -80,6 +80,28 @@ setenv_untrusted(struct tls_session *ses - setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT); - } - -+ -+/** -+ * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags -+ * -+ * @param multi Pointer to a multi object holding the auth_token variables -+ */ -+static void -+wipe_auth_token(struct tls_multi *multi) -+{ -+ if(multi) -+ { -+ if (multi->auth_token) -+ { -+ secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE); -+ free(multi->auth_token); -+ } -+ multi->auth_token = NULL; -+ multi->auth_token_sent = false; -+ } -+} -+ -+ - /* - * Remove authenticated state from all sessions in the given tunnel - */ -@@ -88,10 +110,14 @@ tls_deauthenticate(struct tls_multi *mul - { - if (multi) - { -- int i, j; -- for (i = 0; i < TM_SIZE; ++i) -- for (j = 0; j < KS_SIZE; ++j) -+ wipe_auth_token(multi); -+ for (int i = 0; i < TM_SIZE; ++i) -+ { -+ for (int j = 0; j < KS_SIZE; ++j) -+ { - multi->session[i].key[j].authenticated = false; -+ } -+ } - } - } - -@@ -1213,21 +1239,6 @@ verify_user_pass_management(struct tls_s - } - #endif /* ifdef MANAGEMENT_DEF_AUTH */ - --/** -- * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags -- * -- * @param multi Pointer to a multi object holding the auth_token variables -- */ --static void --wipe_auth_token(struct tls_multi *multi) --{ -- secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE); -- free(multi->auth_token); -- multi->auth_token = NULL; -- multi->auth_token_sent = false; --} -- -- - /* - * Main username/password verification entry point - */ -@@ -1279,7 +1290,7 @@ verify_user_pass(struct user_pass *up, s - /* Ensure that the username has not changed */ - if (!tls_lock_username(multi, up->username)) - { -- wipe_auth_token(multi); -+ /* auth-token cleared in tls_lock_username() on failure */ - ks->authenticated = false; - goto done; - } -@@ -1300,7 +1311,6 @@ verify_user_pass(struct user_pass *up, s - if (memcmp_constant_time(multi->auth_token, up->password, - strlen(multi->auth_token)) != 0) - { -- wipe_auth_token(multi); - ks->authenticated = false; - tls_deauthenticate(multi); - -@@ -1472,6 +1482,7 @@ verify_final_auth_checks(struct tls_mult - if (!cn || !strcmp(cn, CCD_DEFAULT) || !test_file(path)) - { - ks->authenticated = false; -+ wipe_auth_token(multi); - msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'", - session->common_name, - path ? path : "UNDEF"); |