Date: Thu, 3 Oct 2019 14:46:00 +0000 (UTC) From: Kyle Evans <kevans@FreeBSD.org> To: ports-committers@freebsd.org, svn-ports-all@freebsd.org, svn-ports-head@freebsd.org Subject: svn commit: r513668 - in head/net/ocserv: . files Message-ID: <201910031446.x93Ek0IM051574@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: kevans (src committer) Date: Thu Oct 3 14:46:00 2019 New Revision: 513668 URL: https://svnweb.freebsd.org/changeset/ports/513668 Log: net/ocserv: fix tun handoff between parent and worker process ocserv hands off a tun fd to a worker process, but the worker process never claims the tun with TUNSIFPID. The parent then closes the tunnel and leaves it in a nasty state. Bump PORTREVISION, as this is runtime breakage. PR: 238500 Approved by: bapt (ports), cpm (maintainer, e-mail) MFH: 2019Q4 (blanket, runtime fix) Added: head/net/ocserv/files/patch-src_tun.c (contents, props changed) head/net/ocserv/files/patch-src_tun.h (contents, props changed) head/net/ocserv/files/patch-src_worker-auth.c (contents, props changed) Modified: head/net/ocserv/Makefile Modified: head/net/ocserv/Makefile ============================================================================== --- head/net/ocserv/Makefile Thu Oct 3 14:36:47 2019 (r513667) +++ head/net/ocserv/Makefile Thu Oct 3 14:46:00 2019 (r513668) @@ -3,7 +3,7 @@ PORTNAME= ocserv PORTVERSION= 0.12.4 -PORTREVISION= 1 +PORTREVISION= 2 CATEGORIES= net net-vpn security MASTER_SITES= ftp://ftp.infradead.org/pub/ocserv/ Added: head/net/ocserv/files/patch-src_tun.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/ocserv/files/patch-src_tun.c Thu Oct 3 14:46:00 2019 (r513668) @@ -0,0 +1,25 @@ +--- src/tun.c.orig 2018-04-14 07:52:35 UTC ++++ src/tun.c +@@ -895,3 +895,22 @@ ssize_t tun_read(int sockfd, void *buf, size_t len) + return read(sockfd, buf, len); + } + #endif ++ ++#ifndef __FreeBSD__ ++int tun_claim(int sockfd) ++{ ++ ++ return (0); ++} ++#else ++/* ++ * FreeBSD has a mechanism by which a tunnel has a single controlling process, ++ * and only that one process may close it. When the controlling process closes ++ * the tunnel, the state is torn down. ++ */ ++int tun_claim(int sockfd) ++{ ++ ++ return (ioctl(sockfd, TUNSIFPID, 0)); ++} ++#endif /* !__FreeBSD__ */ Added: head/net/ocserv/files/patch-src_tun.h ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/ocserv/files/patch-src_tun.h Thu Oct 3 14:46:00 2019 (r513668) @@ -0,0 +1,9 @@ +--- src/tun.h.orig 2018-01-13 18:43:41 UTC ++++ src/tun.h +@@ -35,5 +35,6 @@ struct tun_lease_st { + + ssize_t tun_write(int sockfd, const void *buf, size_t len); + ssize_t tun_read(int sockfd, void *buf, size_t len); ++int tun_claim(int sockfd); + + #endif Added: head/net/ocserv/files/patch-src_worker-auth.c ============================================================================== --- /dev/null 00:00:00 1970 (empty, because file is newly added) +++ head/net/ocserv/files/patch-src_worker-auth.c Thu Oct 3 14:46:00 2019 (r513668) @@ -0,0 +1,14 @@ +--- src/worker-auth.c.orig 2019-01-19 18:47:47 UTC ++++ src/worker-auth.c +@@ -605,7 +605,10 @@ static int recv_cookie_auth_reply(worker_st * ws) + case AUTH__REP__OK: + if (socketfd != -1) { + ws->tun_fd = socketfd; +- ++ if (tun_claim(ws->tun_fd) != 0) { ++ ret = ERR_AUTH_FAIL; ++ goto cleanup; ++ } + if (msg->vname == NULL || msg->config == NULL || msg->user_name == NULL || msg->sid.len != sizeof(ws->sid)) { + ret = ERR_AUTH_FAIL; + goto cleanup;
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?201910031446.x93Ek0IM051574>