From c032fcd93af02859d8de10a54c0e069581e12b59 Mon Sep 17 00:00:00 2001 From: Kevin Cernekee Date: Sun, 11 Feb 2018 19:34:22 -0800 Subject: [PATCH] Fix crash on DTLS resumption If the mainloop is paused and then resumed, DTLS will attempt to reconnect at the same time as CSTP. When DTLS-PSK is in use, gnutls_prf() will be called on a NULL vpninfo->https_sess pointer. Avoid this by deferring DTLS resumption until CSTP has reconnected, if DTLS-PSK is in use. Signed-off-by: Kevin Cernekee --- dtls.c | 3 ++- gnutls-dtls.c | 6 ++++++ 2 files changed, 8 insertions(+), 1 deletion(-) diff --git a/dtls.c b/dtls.c index 80d6c05a..4ce74dcc 100644 --- a/dtls.c +++ b/dtls.c @@ -265,7 +265,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout) if (when <= 0) { vpn_progress(vpninfo, PRG_DEBUG, _("Attempt new DTLS connection\n")); - connect_dtls_socket(vpninfo); + if (connect_dtls_socket(vpninfo) < 0) + *timeout = 1000; } else if ((when * 1000) < *timeout) { *timeout = when * 1000; } diff --git a/gnutls-dtls.c b/gnutls-dtls.c index 7d15be6c..b30abb29 100644 --- a/gnutls-dtls.c +++ b/gnutls-dtls.c @@ -161,6 +161,12 @@ static int start_dtls_psk_handshake(struct openconnect_info *vpninfo, int dtls_f struct oc_text_buf *prio; int err; + if (!vpninfo->https_sess) { + vpn_progress(vpninfo, PRG_INFO, + _("Deferring DTLS resumption until CSTP generates a PSK\n")); + return -EAGAIN; + } + prio = buf_alloc(); buf_append(prio, "%s:-VERS-TLS-ALL:+VERS-DTLS-ALL:-KX-ALL:+PSK", vpninfo->gnutls_prio); if (buf_error(prio)) { -- 2.49.0