From dc85dae67ff8afcce2bb07cdbd7bf1750525820a Mon Sep 17 00:00:00 2001 From: James Yonan Date: Tue, 27 Jul 2010 07:10:01 +0000 Subject: Fixed an issue where application payload transmissions on the TLS control channel (such as AUTH_FAILED) that occur during or immediately after a TLS renegotiation might be dropped. Version 2.1.1n git-svn-id: http://svn.openvpn.net/projects/openvpn/branches/BETA21/openvpn@6350 e7ae566f-a301-0410-adde-c780ea21d3b5 --- ssl.c | 22 ++++++++++++++++++++++ 1 file changed, 22 insertions(+) (limited to 'ssl.c') diff --git a/ssl.c b/ssl.c index 9801b0e..a140641 100644 --- a/ssl.c +++ b/ssl.c @@ -2266,6 +2266,7 @@ key_state_free (struct key_state *ks, bool clear) free_buf (&ks->plaintext_read_buf); free_buf (&ks->plaintext_write_buf); free_buf (&ks->ack_write_buf); + buffer_list_free(ks->paybuf); if (ks->send_reliable) { @@ -3064,6 +3065,17 @@ key_source2_read (struct key_source2 *k2, return 1; } +static void +flush_payload_buffer (struct tls_multi *multi, struct key_state *ks) +{ + struct buffer *b; + while ((b = buffer_list_peek (ks->paybuf))) + { + key_state_write_plaintext_const (multi, ks, b->data, b->len); + buffer_list_pop (ks->paybuf); + } +} + /* * Macros for key_state_soft_reset & tls_process */ @@ -3978,6 +3990,9 @@ tls_process (struct tls_multi *multi, /* Set outgoing address for data channel packets */ link_socket_set_outgoing_addr (NULL, to_link_socket_info, &ks->remote_addr, session->common_name, session->opt->es); + /* Flush any payload packets that were buffered before our state transitioned to S_ACTIVE */ + flush_payload_buffer (multi, ks); + #ifdef MEASURE_TLS_HANDSHAKE_STATS show_tls_performance_stats(); #endif @@ -5077,6 +5092,13 @@ tls_send_payload (struct tls_multi *multi, if (key_state_write_plaintext_const (multi, ks, data, size) == 1) ret = true; } + else + { + if (!ks->paybuf) + ks->paybuf = buffer_list_new (0); + buffer_list_push_data (ks->paybuf, data, (size_t)size); + ret = true; + } ERR_clear_error (); -- cgit