Fix crash on DTLS resumption

If the mainloop is paused and then resumed, DTLS will attempt to reconnect at the same time as CSTP. When DTLS-PSK is in use, gnutls_prf() will be called on a NULL vpninfo->https_sess pointer. Avoid this by deferring DTLS resumption until CSTP has reconnected, if DTLS-PSK is in use. Signed-off-by: Kevin Cernekee <cernekee@gmail.com>
sailfishos-mirror · Feb 12, 2018 · c032fcd · c032fcd
1 parent fdaba77
commit c032fcd
Show file tree

Hide file tree

Showing 2 changed files with 8 additions and 1 deletion.
diff --git a/dtls.c b/dtls.c
@@ -265,7 +265,8 @@ int dtls_mainloop(struct openconnect_info *vpninfo, int *timeout)
 
 		if (when <= 0) {
 			vpn_progress(vpninfo, PRG_DEBUG, _("Attempt new DTLS connection\n"));
-			connect_dtls_socket(vpninfo);
+			if (connect_dtls_socket(vpninfo) < 0)
+				*timeout = 1000;
 		} else if ((when * 1000) < *timeout) {
 			*timeout = when * 1000;
 		}

diff --git a/gnutls-dtls.c b/gnutls-dtls.c
@@ -161,6 +161,12 @@ static int start_dtls_psk_handshake(struct openconnect_info *vpninfo, int dtls_f
 	struct oc_text_buf *prio;
 	int err;
 
+	if (!vpninfo->https_sess) {
+		vpn_progress(vpninfo, PRG_INFO,
+			     _("Deferring DTLS resumption until CSTP generates a PSK\n"));
+		return -EAGAIN;
+	}
+
 	prio = buf_alloc();
 	buf_append(prio, "%s:-VERS-TLS-ALL:+VERS-DTLS-ALL:-KX-ALL:+PSK", vpninfo->gnutls_prio);
 	if (buf_error(prio)) {