Opened 10 years ago

Closed 10 years ago

#64 closed Bug / Defect (fixed)

LOTS of bogus routes added on client connect

Reported by: agi Owned by: David Sommerseth
Priority: critical Milestone: beta 2.2
Component: Networking Version: OpenVPN 2.1.2 / 2.1.3 (Community Ed)
Severity: Patch Queue: In progress Keywords: route
Cc:

Description

As reported here:
http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166

When I client connects lots of routes (that make no sense) get added when the server config file contains:
push "route remote_host 255.255.255.255 net_gateway"

Changing "remote_host" with the actual IP, fixes it.

(14:47) <@ dazo> add git commit f9b2ada0eece06158cc3ce6f6348bd431dfd7f0a / svn -r 6291 as the offending commit

Attachments (2)

0001-Fix-problem-with-special-case-route-targets-remote_h.patch (670 bytes) - added by Gert Döring 10 years ago.
proposed patch
0001-use-CLEAR-to-clear-all-of-netlist-more-in-line-with-.patch (761 bytes) - added by Gert Döring 10 years ago.
same effect, but with CLEAR() [on top of first patch]

Download all attachments as: .zip

Change History (6)

comment:1 Changed 10 years ago by David Sommerseth

agi reported that removing the changes from the referenced git/svn commits in route.c only resolves the issue.

Changed 10 years ago by Gert Döring

proposed patch

comment:2 Changed 10 years ago by Gert Döring

Owner: set to Gert Döring
Severity: Not set (if unsure, select this one)Patch Queue: New / awaiting ACK
Status: newaccepted

Could you please try the patch I have attached (and sent to the openvpn-devel list)?

I think I have spotted the problem (netlist is using uninitialized stack garbage as "len" for this sort of special-case routes), and the patch is quite trivial...

gert

Changed 10 years ago by Gert Döring

same effect, but with CLEAR() [on top of first patch]

comment:3 Changed 10 years ago by Gert Döring

Owner: changed from Gert Döring to David Sommerseth
Severity: Patch Queue: New / awaiting ACKPatch Queue: In progress
Status: acceptedassigned

over to dazo: patch has been successfully tested and ACKed on the mailing list.

Please include in bugfix2.1 (rebased to svn-BETA21 :-) ) and I assume that this also need patching in 2.2beta3

comment:4 Changed 10 years ago by David Sommerseth

Milestone: beta 2.2
Resolution: fixed
Status: assignedclosed

Applied to the openvpn-testing.git tree (allmerged and beta2.2 branch). Prepared a patch for James for inclusion into a potential 2.1.4 release.

commit 59afc4a5f72e22b850cfa2845385172623a38e77
Author: Gert Doering <gert@greenie.muc.de>
Date:   Thu Oct 21 10:35:29 2010 +0200

    Fix problem with special case route targets ('remote_host')
    
    The init_route() function will leave &netlist untouched for
    get_special_addr() routes ("remote_host" being one of them).
    netlist is on stack,  contains random garbage, and netlist.len
    will not be 0 - thus, random stack data is copied from
    netlist.data[] until the route_list is full.
    
    This issue has been reported several places lately:
       http://bugs.debian.org/cgi-bin/bugreport.cgi?bug=600166
       http://thread.gmane.org/gmane.network.openvpn.devel/4083
       https://forums.openvpn.net/viewtopic.php?f=1&t=7201&p=8168
    
    Signed-off-by: Gert Doering <gert@greenie.muc.de>
    Acked-by: David Sommerseth <dazo@users.sourceforge.net>
    Acked-by: James Yonan <james@openvpn.net>
    Signed-off-by: David Sommerseth <dazo@users.sourceforge.net>
Note: See TracTickets for help on using tickets.