When select() returns with errno == EINTR, that isn't an error
This stopped us from actually sending the BYE packet and closing the
session cleanly on exit.
Fixes: a07183b79f ("Check select() return value in main loop") et al.
This is why we don't blindly "fix warnings" reported by tools like
Coverity, and should sometimes be a little more reticent, and only
actually fix *bugs* that are highlighted.
Signed-off-by: David Woodhouse <email address hidden>
Fixing leaks is good. Fixing them by freeing a string we were about to
use and then setting it to NULL, thus triggering a later check to report
-ENOMEM, less good.
Stupid dwmw2, no biscuit.
Fixes: 097586fe ("Fix leaks in Pulse duplicate session handling")
Signed-off-by: David Woodhouse <email address hidden>
rather than hardcoding version numbers with ifdefs, we simply check
whether the functionality is available or not.
[dwmw2: Use #ifndef instead of #if !HAVE_SSL_CIPHER_FIND]
Signed-off-by: John Spencer <email address hidden>
Signed-off-by: David Woodhouse <email address hidden>
GlobalProtect: Ensure timeout is less than DPD when DTLS connecting
When transitioning from DTLS_CONNECTING to DTLS_CONNECTED ensure that
the current timeout is less than or equal to 10-second DTLS DPD
otherwise timeout might be greater than 2x DPD, eg set to 60-second
DTLS attempt period from the ESP main loop where we were "connecting",
and we might sleep right through the DTLS DPD period and falsely
detect a dead peer and needlessly fall back to HTTPS.
This is only relevant to reconnects because during the initial
connection the timeout is artificially set low, ie 1 second, by the
OpenConnect mainloop because the TUN device is not yet up.