From: Kevin Cernekee <cernekee@gmail.com>
Date: Mon, 12 Feb 2018 03:34:22 +0000 (-0800)
Subject: Fix crash on DTLS resumption
X-Git-Tag: v8.00~126^2~12
X-Git-Url: https://www.infradead.org/git/?a=commitdiff_plain;h=c032fcd93af02859d8de10a54c0e069581e12b59;p=users%2Fdwmw2%2Fopenconnect.git

Fix crash on DTLS resumption

If the mainloop is paused and then resumed, DTLS will attempt to
reconnect at the same time as CSTP.  When DTLS-PSK is in use,
gnutls_prf() will be called on a NULL vpninfo->https_sess pointer.
Avoid this by deferring DTLS resumption until CSTP has reconnected, if
DTLS-PSK is in use.

Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
---

diff --git a/dtls.c b/dtls.c
index 80d6c05a..4ce74dcc 100644
--- a/dtls.c
+++ b/dtls.c
@@ -265,7 +265,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 
 		if (when <= 0) {
 			vpn_progress(vpninfo, PRG_DEBUG, _("Attempt new DTLS connection\n"));
-			connect_dtls_socket(vpninfo);
+			if (connect_dtls_socket(vpninfo) < 0)
+				*timeout = 1000;
 		} else if ((when * 1000) < *timeout) {
 			*timeout = when * 1000;
 		}
diff --git a/gnutls-dtls.c b/gnutls-dtls.c
index 7d15be6c..b30abb29 100644
--- a/gnutls-dtls.c
+++ b/gnutls-dtls.c
@@ -161,6 +161,12 @@ static int start_dtls_psk_handshake(struct openconnect_info *vpninfo, int dtls_f
 	struct oc_text_buf *prio;
 	int err;
 
+	if (!vpninfo->https_sess) {
+		vpn_progress(vpninfo, PRG_INFO,
+			     _("Deferring DTLS resumption until CSTP generates a PSK\n"));
+		return -EAGAIN;
+	}
+
 	prio = buf_alloc();
 	buf_append(prio, "%s:-VERS-TLS-ALL:+VERS-DTLS-ALL:-KX-ALL:+PSK", vpninfo->gnutls_prio);
 	if (buf_error(prio)) {