interactive.c: harden pipe handling against misbehaving clients
- Handle ConnectNamedPipe ERROR_NO_DATA as a normal
connect/drop race: log the drop, disconnect/reset
that instance, and keep listening instead of letting
a trivial local DoS stop the service.
- Add a timed peek for startup data so a client that
connects and sends nothing is timed out (IO_TIMEOUT)
and rejected, instead of leaving a worker thread blocked
forever and piling up handles.
- Protect the accept loop from resource exhaustion: before
spawning a worker, check the wait set and reject the client
if adding another handle would exceed MAXIMUM_WAIT_OBJECTS;
also skip FlushFileBuffers when no startup data was received
to avoid hangs on silent clients.
Without these fixes, a malicious local windows user can make the OpenVPN
Interactive Service exit-on-error, thus breaking all OpenVPN connections
until the service is restarted (or the system rebooted). Thus this has
been classified as "local denial of service" and CVE-2025-13751 has been
assigned.
projects / 0xmirror / openvpn.git / commit