Thanks for taking up the challenge :-) - and I think the approach is
quite reasonable, and also extensible should one of the other OSes come
up with a similar memory protection function one day ("crypt with a key
outside the program's own memory").
I have test compiled this "for windows" via GHA/MSVC and locally with
MinGW. Haven't actually tested the windows binary.
More important, since this adds an ASSERT() to a few server-side code path,
fed to the server-side testbed which has user+pass & auth-token instances,
and this all still works :-)
Your patch has been applied to the master and release/2.6 branch
(security hardening). 2.6 lacks the test_user_pass.c file, so that
hunk was omitted.
commit 12a9c357b6a7b55bea929eb5d9669e6386ab0d0e (master)
commit 9e1598de43383ac655fd71bd34021026ac105f23 (release/2.6)
Author: Selva Nair
Date: Fri Sep 6 13:29:08 2024 +0200
Protect cached username, password and token on client
Signed-off-by: Selva Nair <selva.n...@gmail.com>
Acked-by: Frank Lichtenheld <fr...@lichtenheld.com>
Message-Id: <20240906112908.1009-1-g...@greenie.muc.de>
URL:
https://www.mail-archive.com/openvpn-devel@lists.sourceforge.net/msg29079.html
Signed-off-by: Gert Doering <g...@greenie.muc.de>
--
kind regards,
Gert Doering
_______________________________________________
Openvpn-devel mailing list
Openvpn-devel@lists.sourceforge.net
https://lists.sourceforge.net/lists/listinfo/openvpn-devel
