OpenVPN
Infinite loop after user disconnection while in resolve address state
Hi
I am using OpenVPN in a closed private network with a server that its address could only be resolved using our DNS server. In cases like the DNS server isn't working or the client is connected to a different network rather than our local network, the client tries to resolve the address infinitely with a 5 seconds timeout because of having resolv-retry infinite in the configuration. But if the user tries to disconnect and discard the connection in this state, the client will try to resolve the server address infinitely with no wait or timeout between each try that causes the client not to respond.
I tried to debug the code and found the cause which I am going to explain:
In the process of connection the code will reach to this method: https://github.com/OpenVPN/openvpn/blob/4a48841da2d4179a96348994f841661ec9e5ce1d/src/openvpn/socket.c#L343
Then it continues here:
https://github.com/OpenVPN/openvpn/blob/4a48841da2d4179a96348994f841661ec9e5ce1d/src/openvpn/socket.c#L382
It will enters this function with flags the same as preresolve_flags with no change.
Continuing to here entering openvpn_getaddrinfo with sig_info being NULL:
https://github.com/OpenVPN/openvpn/blob/4a48841da2d4179a96348994f841661ec9e5ce1d/src/openvpn/socket.c#L309
The openvpn_getaddrinfo has an infinite loop tries to resolve the server address and checks for having any signal or not:
https://github.com/OpenVPN/openvpn/blob/4a48841da2d4179a96348994f841661ec9e5ce1d/src/openvpn/socket.c#L612
But since we entered this function with sig_info being NULL, there will be no signal at all while signal_received in management_event_loop_n_seconds is correct and stops the timer and causing openvpn_getaddrinfo to loop infinitely without timer waits between each try.
https://github.com/OpenVPN/openvpn/blob/4a48841da2d4179a96348994f841661ec9e5ce1d/src/openvpn/manage.c#L3474
Because we enter openvpn_getaddrinfo with sig_info being NULL I could not expect other behavior.
Just to make sure of this I removed the condition here and always filled sig_info and the client discards the connection fine.
https://github.com/OpenVPN/openvpn/blob/4a48841da2d4179a96348994f841661ec9e5ce1d/src/openvpn/socket.c#L504
I know the way I did is not the proper way so for now added preresolve_flags in that condition to check for them and then assign &sigrec to sig_info.
I should note that If I wait long enough, resolve_retries will reach zero and code will stop but that will take a really long time.
I hope I described problem well
