Squashed 'Sources/OpenVPNAdapter/Libraries/Vendors/openvpn/' changes from cc90cde57..6608878d5

6608878d5 [OVPN3-341] implement mssfix support 1bf3fc0e4 win: update project files f8d209435 travis: update to default osx image: xcode9.4 31eb246a8 travis.yml: align deps version to lib-version 996f86635 RunContext: fixed rebase issue that added two "default: signal_rearm();" clauses aebea6456 build script: minor changes to Cityhash inclusion 1d754072c modstat: make update_file_mod_time_nanoseconds() a no-op on non-Linux 7974c9867 Fixed some breakage caused by recent endian/ffs commits a0dd7fe8b endian.hpp: break out endian compile-time tests to endian_platform.hpp c8bdf5a34 ffs.hpp: support additional numeric types dcb0c9452 BufferType: append() argument can now be a flexible buffer type 2009a8a25 Added AsioTimerSafe 39e71b7dd event_loop_wait_barrier: use a longer default timeout when running under valgrind 8b7e08e9b string::contains_non_space_ctrl: consider ASCII char 127 (DEL) to be a control char e43024d7c RunContext: rearm non-terminating signals 6ab379323 write_binary_atomic: remove temporary file on move failure 55dc653cd path: added is_contained() 02bf235c6 Reverted previous commit: "ReplyParser: added undefined status" 84dbc5b9b Allow test/cli.cpp to be used with NetCfg Tunbuilder client 80fed2c55 Allow updating auth-token during session ad7da751e don't print time in debug message and use OPENVPN_LOG_PROTO_VERBOSE 981407994 tls-crypt-v2: implement abstract metadata parser be38bbeb8 tls-crypt-v2: test/ssl/proto.cpp - extend protocol test 60fcf374f tls-crypt-v2: implement WKc appending/unwrapping logic 51f4a3a29 tls-crypt-v2: introduce CONTROL_HARD_RESET_V3 packet type 156a6e58b tls-crypt-v2: implement client key parser and renderer 54a97b381 ssl: add support for encoding/decoding PEM format f090fcda4 tls-crypt: make HMAC API more generic d87f5bbc0 OpenSSL: init library 2ea88a93b Add Remote endpoint information to protect_socket call 0a081ee17 [OVPN3-315] cli/go: add option to compile SITNL component 5bbfb57c0 [OVPN3-315] TunLinux::Client: allow user to select netlink at compile time e8458a68e [OVPN3-315] GW: add netlink support 4e77edb9e [OVPN3-315] TunLinux: add Netlink implementation for Tun setup methods 68508fe56 bigmutex: include missing extern.hpp header a7b923e1e Fix logic inversion from commit 2de9aebc 923e10d13 runcontext: arrange members to allow inheritance 2de9aebc7 Replace deprecated mbedtls_sha1 with mbedtls_sha1_ret e9c0bd00b Remove unused private field ee17c33c2 Add virtual deconstructor to TransportClientParent fab64ba0f Fix clang warning about unused attributes and missing overrides 2624d9ddf Also parse dhcp-option DNS6 as DNS server for compatibility with OpenVPN 2 6d12c9cc2 Refuse external pki with non RSA keys 4a25059f5 test/ovpncli: Don't override PROF env variable f241c4c5f scripts: Add tool to update copyright years 27beeb03d Update lz4 version to 1.8.3 17e356858 Define DASIO_HAS_STD_STRING_VIEW on Android build b107fd994 Remove unsupported platforms from Android build 6a200f72e Ensure all Android components are always installed fbcd374a4 [OVPN3-327] OpenSSL: ensure >TLS1.0 is negotiated by default d9b1f78b6 JSON: #define OPENVPN_JSON_INTERNAL when internal JSON library is used 39290f19d Fix build issues with #if macro on big-endian hardware d4f62d9ed Fix instantiating a new URL instead of parsing the URL git-subtree-dir: Sources/OpenVPNAdapter/Libraries/Vendors/openvpn git-subtree-split: 6608878d57eec1c64c16c5a13ee65b2cf0418ca1
2026-04-24 00:00:05 +08:00 · 2019-01-13 13:08:42 +03:00
parent a01ecd6c88
commit f5fda0fa73
72 changed files with 3685 additions and 490 deletions
@@ -34,11 +34,13 @@

 #include <mutex>

+#include <openvpn/common/extern.hpp>
+
 namespace openvpn {
  namespace bigmutex {
    OPENVPN_EXTERN std::recursive_mutex the_recursive_mutex;
  }
-  
+
  #ifdef OPENVPN_ENABLE_BIGMUTEX
    #define OPENVPN_ASYNC_HANDLER \
      std::lock_guard<std::recursive_mutex> lg(bigmutex::the_recursive_mutex);
@@ -19,25 +19,13 @@
 //    along with this program in the COPYING file.
 //    If not, see <http://www.gnu.org/licenses/>.

-#ifndef OPENVPN_COMMON_ENDIAN_H
-#define OPENVPN_COMMON_ENDIAN_H
+#pragma once

-#include <openvpn/common/size.hpp>
-
-// test for machine endiannes
-#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && defined(__ORDER_LITTLE_ENDIAN__)
-#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
-#define OPENVPN_BIG_ENDIAN
-#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
-#define OPENVPN_LITTLE_ENDIAN
-#endif
-#elif defined(_WIN32)
-#define OPENVPN_LITTLE_ENDIAN // assume that Windows is always little-endian
-#endif
+#include <openvpn/common/endian_platform.hpp>

 namespace openvpn {
  namespace Endian {
-#   ifdef OPENVPN_LITTLE_ENDIAN
+#   if defined(OPENVPN_LITTLE_ENDIAN)
    inline size_t e16(const size_t v)
    {
      return v;
@@ -62,7 +50,7 @@ namespace openvpn {
    {
      return 1-v;
    }
-#   elif OPENVPN_BIG_ENDIAN
+#   elif defined(OPENVPN_BIG_ENDIAN)
    inline size_t e16rev(const size_t v)
    {
      return v;
@@ -92,5 +80,3 @@ namespace openvpn {
 #   endif
  }
 } // namespace openvpn
-
-#endif // OPENVPN_COMMON_ENDIAN_H
@@ -0,0 +1,35 @@
+//    OpenVPN -- An application to securely tunnel IP networks
+//               over a single port, with support for SSL/TLS-based
+//               session authentication and key exchange,
+//               packet encryption, packet authentication, and
+//               packet compression.
+//
+//    Copyright (C) 2012-2018 OpenVPN Inc.
+//
+//    This program is free software: you can redistribute it and/or modify
+//    it under the terms of the GNU Affero General Public License Version 3
+//    as published by the Free Software Foundation.
+//
+//    This program is distributed in the hope that it will be useful,
+//    but WITHOUT ANY WARRANTY; without even the implied warranty of
+//    MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE.  See the
+//    GNU Affero General Public License for more details.
+//
+//    You should have received a copy of the GNU Affero General Public License
+//    along with this program in the COPYING file.
+//    If not, see <http://www.gnu.org/licenses/>.
+
+#pragma once
+
+#include <openvpn/common/size.hpp>
+
+// test for machine endiannes
+#if defined(__BYTE_ORDER__) && defined(__ORDER_BIG_ENDIAN__) && defined(__ORDER_LITTLE_ENDIAN__)
+#if __BYTE_ORDER__ == __ORDER_BIG_ENDIAN__
+#define OPENVPN_BIG_ENDIAN
+#elif __BYTE_ORDER__ == __ORDER_LITTLE_ENDIAN__
+#define OPENVPN_LITTLE_ENDIAN
+#endif
+#elif defined(_WIN32)
+#define OPENVPN_LITTLE_ENDIAN // assume that Windows is always little-endian
+#endif
@@ -32,18 +32,88 @@ namespace openvpn {

 #if defined(__GNUC__)

-  inline int find_first_set(unsigned int v)
+  template <typename T>
+  inline constexpr int n_bits_type()
+  {
+    return sizeof(T) * 8;
+  }
+
+  template <typename T>
+  inline constexpr int n_bits_type(const T& v)
+  {
+    return sizeof(v) * 8;
+  }
+
+  inline int find_first_set(const unsigned int v)
  {
    if (!v)
      return 0;
    return __builtin_ffs(v);
  }

-  inline int find_last_set(unsigned int v)
+  inline int find_first_set(const int v)
+  {
+    return find_first_set(static_cast<unsigned int>(v));
+  }
+
+  inline int find_last_set(const unsigned int v)
  {
    if (!v)
      return 0;
-    return 32 - __builtin_clz(v);
+    return n_bits_type(v) - __builtin_clz(v);
+  }
+
+  inline int find_last_set(const int v)
+  {
+    return find_last_set(static_cast<unsigned int>(v));
+  }
+
+  inline int find_first_set(const unsigned long v)
+  {
+    if (!v)
+      return 0;
+    return __builtin_ffsl(v);
+  }
+
+  inline int find_first_set(const long v)
+  {
+    return find_first_set(static_cast<unsigned long>(v));
+  }
+
+  inline int find_last_set(const unsigned long v)
+  {
+    if (!v)
+      return 0;
+    return n_bits_type(v) - __builtin_clzl(v);
+  }
+
+  inline int find_last_set(const long v)
+  {
+    return find_last_set(static_cast<unsigned long>(v));
+  }
+
+  inline int find_first_set(const unsigned long long v)
+  {
+    if (!v)
+      return 0;
+    return __builtin_ffsll(v);
+  }
+
+  inline int find_first_set(const long long v)
+  {
+    return find_first_set(static_cast<unsigned long long>(v));
+  }
+
+  inline int find_last_set(const unsigned long long v)
+  {
+    if (!v)
+      return 0;
+    return n_bits_type(v) - __builtin_clzll(v);
+  }
+
+  inline int find_last_set(const long long v)
+  {
+    return find_last_set(static_cast<unsigned long long>(v));
  }

 #elif defined(_MSC_VER)
@@ -30,7 +30,8 @@
 #error atomic file methods not supported on Windows
 #endif

-#include <stdio.h> // for rename()
+#include <stdio.h>  // for rename()
+#include <unistd.h> // for unlink()
 #include <errno.h>
 #include <cstring>

@@ -63,6 +64,7 @@ namespace openvpn {
    if (::rename(tfn.c_str(), fn.c_str()) == -1)
      {
 	const int eno = errno;
+	::unlink(tfn.c_str());  // move failed, so delete the temporary file
 	OPENVPN_THROW(file_unix_error, "error moving '" << tfn << "' -> '" << fn << "' : " << strerror_str(eno));
      }
  }
@@ -26,5 +26,6 @@
 #include "json/json.h"             // JsonCpp library
 #elif defined(HAVE_OPENVPN_COMMON)
 #define HAVE_JSON
+#define OPENVPN_JSON_INTERNAL
 #include <openvpn/common/json.hpp> // internal OpenVPN JSON implementation
 #endif
@@ -28,8 +28,12 @@

 #include <string>

+#include <openvpn/common/platform.hpp>
+
 namespace openvpn {

+#if defined(OPENVPN_PLATFORM_LINUX)
+
  inline int update_file_mod_time_nanoseconds(const std::string& filename,
 					      const std::uint64_t nanoseconds_since_epooch)
  {
@@ -54,4 +58,20 @@ namespace openvpn {
    return 0;
  }

+#else
+
+  inline int update_file_mod_time_nanoseconds(const std::string& filename,
+					      const std::uint64_t nanoseconds_since_epooch)
+  {
+    return 0;
+  }
+
+  inline int update_file_mod_time_nanoseconds(const int fd,
+					      const std::uint64_t nanoseconds_since_epooch)
+  {
+    return 0;
+  }
+
+#endif
+
 }
@@ -113,6 +113,56 @@ namespace openvpn {
 	return "";
    }

+    // return true if path is a regular file that doesn't try to traverse via ".." or "/..."
+    inline bool is_contained(const std::string& path)
+    {
+      if (path.empty())
+	return false;
+      if (win_dev(path, false))
+	return false;
+      if (is_dirsep(path[0]))
+	return false;
+
+      // look for ".." in path
+      enum State {
+	SEP,           // immediately after separator
+	MID,           // middle of dir
+	DOT_2,         // looking for second '.'
+	POST_DOT_2,    // after ".."
+      };
+      State state = SEP;
+      for (const auto c : path)
+	{
+	  switch (state)
+	    {
+	    case SEP:
+	      if (c == '.')
+		state = DOT_2;
+	      else if (!is_dirsep(c))
+		state = MID;
+	      break;
+	    case MID:
+	      if (is_dirsep(c))
+		state = SEP;
+	      break;
+	    case DOT_2:
+	      if (c == '.')
+		state = POST_DOT_2;
+	      else if (is_dirsep(c))
+		state = SEP;
+	      else
+		state = MID;
+	      break;
+	    case POST_DOT_2:
+	      if (is_dirsep(c))
+		return false;
+	      state = MID;
+	      break;
+	    }
+	}
+      return state != POST_DOT_2;
+    }
+
    inline std::string ext(const std::string& basename)
    {
      const size_t pos = basename.find_last_of('.');
@@ -325,7 +325,8 @@ namespace openvpn {
 	cancel();
    }

-    void signal(const openvpn_io::error_code& error, int signum)
+  protected:
+    virtual void signal(const openvpn_io::error_code& error, int signum)
    {
      if (!error && !halt)
 	{
@@ -346,10 +347,14 @@ namespace openvpn {
 	      signal_rearm();
 	      break;
 #endif
+	    default:
+	      signal_rearm();
+	      break;
 	    }
 	}
    }

+  private:
    void signal_rearm()
    {
      signals->register_signals_all([self=Ptr(this)](const openvpn_io::error_code& error, int signal_number)
@@ -392,7 +397,6 @@ namespace openvpn {
    // servlist and related vars protected by mutex
    std::vector<ServerThread*> servlist;
    int thread_count = 0;
-    volatile bool halt = false;

    // stop
    Stop* async_stop_ = nullptr;
@@ -404,6 +408,9 @@ namespace openvpn {
    // logging
    Log::Context log_context;
    Log::Context::Wrapper log_wrap; // must be constructed after log_context
+
+  protected:
+    volatile bool halt = false;
  };

 }
@@ -296,7 +296,7 @@ namespace openvpn {
    inline bool contains_non_space_ctrl(const std::string& str)
    {
      for (auto &c : str)
-	if (!is_space(c) && is_ctrl(c))
+	if ((!is_space(c) && is_ctrl(c)) || c == 127)
 	  return true;
      return false;
    }
@@ -26,9 +26,16 @@
 #include <openvpn/common/pthreadcond.hpp>

 namespace openvpn {
+
+#ifdef HAVE_VALGRIND
+  static constexpr unsigned int WAIT_BARRIER_TIMEOUT = 300;
+#else
+  static constexpr unsigned int WAIT_BARRIER_TIMEOUT = 30;
+#endif
+
  template <typename THREAD_COMMON>
  inline void event_loop_wait_barrier(THREAD_COMMON& tc,
-				      const unsigned int seconds=30)
+				      const unsigned int seconds=WAIT_BARRIER_TIMEOUT)
  {
    // barrier prior to event-loop entry
    switch (tc.event_loop_bar.wait(seconds))