Fix crash if no tls-auth section is present in the config

We are now only initializing TLS-related objects if TLS auth mode is enabled. This fixes internal Jira issue PG-122. Signed-off-by: Razvan Cojocaru <[email protected]>
OpenVPN · Jul 12, 2024 · f15261b · f15261b
1 parent e929058
commit f15261b
Showing 1 changed file with 4 additions and 3 deletions.
diff --git a/openvpn/ssl/psid_cookie_impl.hpp b/openvpn/ssl/psid_cookie_impl.hpp
@@ -65,13 +65,14 @@ class PsidCookieImpl : public PsidCookie
     PsidCookieImpl(ServerProto::Factory *psfp)
         : pcfg_(*psfp->proto_context_config),
           not_tls_auth_mode_(!pcfg_.tls_auth_enabled()),
-          now_(pcfg_.now), handwindow_(pcfg_.handshake_window),
-          ta_hmac_recv_(pcfg_.tls_auth_context->new_obj()),
-          ta_hmac_send_(pcfg_.tls_auth_context->new_obj())
+          now_(pcfg_.now), handwindow_(pcfg_.handshake_window)
     {
         if (not_tls_auth_mode_)
             return;
 
+        ta_hmac_recv_ = pcfg_.tls_auth_context->new_obj();
+        ta_hmac_send_ = pcfg_.tls_auth_context->new_obj();
+
         // init tls_auth hmac (see ProtoContext.reset() case TLS_AUTH; also TLSAuthPreValidate ctor)
         if (pcfg_.key_direction >= 0)
         {