File openvpn-CVE-2020-15078.patch of Package openvpn.23378
Index: src/openvpn/push.c
===================================================================
--- src/openvpn/push.c (revision a7263a125199c6d11710ecf50f9a07424369fdbc)
+++ src/openvpn/push.c (revision 0e5516a9d656ce86f7fb370c824344ea1760c255)
@@ -653,4 +653,5 @@
{
int ret = PUSH_MSG_ERROR;
+ struct key_state *ks = &c->c2.tls_multi->session[TM_ACTIVE].key[KS_PRIMARY];
#ifdef ENABLE_ASYNC_PUSH
@@ -663,5 +664,10 @@
ret = PUSH_MSG_AUTH_FAILURE;
}
- else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED)
+ else if (!c->c2.push_reply_deferred && c->c2.context_auth == CAS_SUCCEEDED
+ && ks->authenticated
+ #ifdef ENABLE_DEF_AUTH
+ && !ks->auth_deferred
+ #endif
+ )
{
time_t now;