1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
64
65
66
67
68
69
70
71
72
73
74
75
76
77
78
79
80
81
82
83
84
85
86
87
88
89
90
91
92
93
94
95
96
97
98
99
100
101
102
103
104
105
106
107
108
109
110
111
112
113
114
115
116
117
118
|
From daab0a9fa8ff4f40e8a34707db0ac156d49fbfcb Mon Sep 17 00:00:00 2001
From: David Sommerseth <davids@openvpn.net>
Date: Tue, 28 Mar 2017 22:53:46 +0200
Subject: [PATCH] auth-token: Ensure tokens are always wiped on de-auth
If tls_deauthenticate() was called, it could in some scenarios leave the
authentication token for a session in memory. This change just ensures
auth-tokens are always wiped as soon as a TLS session is considered
broken.
Signed-off-by: David Sommerseth <davids@openvpn.net>
Acked-by: Steffan Karger <steffan@karger.me>
Message-Id: <20170328205346.18844-1-davids@openvpn.net>
URL: https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg14344.html
Signed-off-by: David Sommerseth <davids@openvpn.net>
---
src/openvpn/ssl_verify.c | 47 +++++++++++++++++++++++++++--------------------
1 file changed, 27 insertions(+), 20 deletions(-)
Index: openvpn-2.4.0/src/openvpn/ssl_verify.c
===================================================================
--- openvpn-2.4.0.orig/src/openvpn/ssl_verify.c
+++ openvpn-2.4.0/src/openvpn/ssl_verify.c
@@ -80,6 +80,28 @@ setenv_untrusted(struct tls_session *ses
setenv_link_socket_actual(session->opt->es, "untrusted", &session->untrusted_addr, SA_IP_PORT);
}
+
+/**
+ * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags
+ *
+ * @param multi Pointer to a multi object holding the auth_token variables
+ */
+static void
+wipe_auth_token(struct tls_multi *multi)
+{
+ if(multi)
+ {
+ if (multi->auth_token)
+ {
+ secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE);
+ free(multi->auth_token);
+ }
+ multi->auth_token = NULL;
+ multi->auth_token_sent = false;
+ }
+}
+
+
/*
* Remove authenticated state from all sessions in the given tunnel
*/
@@ -88,10 +110,14 @@ tls_deauthenticate(struct tls_multi *mul
{
if (multi)
{
- int i, j;
- for (i = 0; i < TM_SIZE; ++i)
- for (j = 0; j < KS_SIZE; ++j)
+ wipe_auth_token(multi);
+ for (int i = 0; i < TM_SIZE; ++i)
+ {
+ for (int j = 0; j < KS_SIZE; ++j)
+ {
multi->session[i].key[j].authenticated = false;
+ }
+ }
}
}
@@ -1213,21 +1239,6 @@ verify_user_pass_management(struct tls_s
}
#endif /* ifdef MANAGEMENT_DEF_AUTH */
-/**
- * Wipes the authentication token out of the memory, frees and cleans up related buffers and flags
- *
- * @param multi Pointer to a multi object holding the auth_token variables
- */
-static void
-wipe_auth_token(struct tls_multi *multi)
-{
- secure_memzero(multi->auth_token, AUTH_TOKEN_SIZE);
- free(multi->auth_token);
- multi->auth_token = NULL;
- multi->auth_token_sent = false;
-}
-
-
/*
* Main username/password verification entry point
*/
@@ -1279,7 +1290,7 @@ verify_user_pass(struct user_pass *up, s
/* Ensure that the username has not changed */
if (!tls_lock_username(multi, up->username))
{
- wipe_auth_token(multi);
+ /* auth-token cleared in tls_lock_username() on failure */
ks->authenticated = false;
goto done;
}
@@ -1300,7 +1311,6 @@ verify_user_pass(struct user_pass *up, s
if (memcmp_constant_time(multi->auth_token, up->password,
strlen(multi->auth_token)) != 0)
{
- wipe_auth_token(multi);
ks->authenticated = false;
tls_deauthenticate(multi);
@@ -1472,6 +1482,7 @@ verify_final_auth_checks(struct tls_mult
if (!cn || !strcmp(cn, CCD_DEFAULT) || !test_file(path))
{
ks->authenticated = false;
+ wipe_auth_token(multi);
msg(D_TLS_ERRORS, "TLS Auth Error: --client-config-dir authentication failed for common name '%s' file='%s'",
session->common_name,
path ? path : "UNDEF");
|
