svn commit: r513668 - in head/net/ocserv: . files
Kyle Evans
kevans at FreeBSD.org
Thu Oct 3 14:46:02 UTC 2019
Author: kevans (src committer)
Date: Thu Oct 3 14:46:00 2019
New Revision: 513668
URL: https://svnweb.freebsd.org/changeset/ports/513668
Log:
net/ocserv: fix tun handoff between parent and worker process
ocserv hands off a tun fd to a worker process, but the worker process never
claims the tun with TUNSIFPID. The parent then closes the tunnel and leaves
it in a nasty state.
Bump PORTREVISION, as this is runtime breakage.
PR: 238500
Approved by: bapt (ports), cpm (maintainer, e-mail)
MFH: 2019Q4 (blanket, runtime fix)
Added:
head/net/ocserv/files/patch-src_tun.c (contents, props changed)
head/net/ocserv/files/patch-src_tun.h (contents, props changed)
head/net/ocserv/files/patch-src_worker-auth.c (contents, props changed)
Modified:
head/net/ocserv/Makefile
Modified: head/net/ocserv/Makefile
==============================================================================
--- head/net/ocserv/Makefile Thu Oct 3 14:36:47 2019 (r513667)
+++ head/net/ocserv/Makefile Thu Oct 3 14:46:00 2019 (r513668)
@@ -3,7 +3,7 @@
PORTNAME= ocserv
PORTVERSION= 0.12.4
-PORTREVISION= 1
+PORTREVISION= 2
CATEGORIES= net net-vpn security
MASTER_SITES= ftp://ftp.infradead.org/pub/ocserv/
Added: head/net/ocserv/files/patch-src_tun.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/ocserv/files/patch-src_tun.c Thu Oct 3 14:46:00 2019 (r513668)
@@ -0,0 +1,25 @@
+--- src/tun.c.orig 2018-04-14 07:52:35 UTC
++++ src/tun.c
+@@ -895,3 +895,22 @@ ssize_t tun_read(int sockfd, void *buf, size_t len)
+ return read(sockfd, buf, len);
+ }
+ #endif
++
++#ifndef __FreeBSD__
++int tun_claim(int sockfd)
++{
++
++ return (0);
++}
++#else
++/*
++ * FreeBSD has a mechanism by which a tunnel has a single controlling process,
++ * and only that one process may close it. When the controlling process closes
++ * the tunnel, the state is torn down.
++ */
++int tun_claim(int sockfd)
++{
++
++ return (ioctl(sockfd, TUNSIFPID, 0));
++}
++#endif /* !__FreeBSD__ */
Added: head/net/ocserv/files/patch-src_tun.h
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/ocserv/files/patch-src_tun.h Thu Oct 3 14:46:00 2019 (r513668)
@@ -0,0 +1,9 @@
+--- src/tun.h.orig 2018-01-13 18:43:41 UTC
++++ src/tun.h
+@@ -35,5 +35,6 @@ struct tun_lease_st {
+
+ ssize_t tun_write(int sockfd, const void *buf, size_t len);
+ ssize_t tun_read(int sockfd, void *buf, size_t len);
++int tun_claim(int sockfd);
+
+ #endif
Added: head/net/ocserv/files/patch-src_worker-auth.c
==============================================================================
--- /dev/null 00:00:00 1970 (empty, because file is newly added)
+++ head/net/ocserv/files/patch-src_worker-auth.c Thu Oct 3 14:46:00 2019 (r513668)
@@ -0,0 +1,14 @@
+--- src/worker-auth.c.orig 2019-01-19 18:47:47 UTC
++++ src/worker-auth.c
+@@ -605,7 +605,10 @@ static int recv_cookie_auth_reply(worker_st * ws)
+ case AUTH__REP__OK:
+ if (socketfd != -1) {
+ ws->tun_fd = socketfd;
+-
++ if (tun_claim(ws->tun_fd) != 0) {
++ ret = ERR_AUTH_FAIL;
++ goto cleanup;
++ }
+ if (msg->vname == NULL || msg->config == NULL || msg->user_name == NULL || msg->sid.len != sizeof(ws->sid)) {
+ ret = ERR_AUTH_FAIL;
+ goto cleanup;
More information about the svn-ports-head
mailing list