fixes for session id

--HG--
extra : rebase_source : 2e61ba41bbfe03c9bb6c3d402151ec4466270fb2

3 files changed, 6 insertions, 4 deletions

diff --git a/main/openvpn/config-version.h b/main/openvpn/config-version.h
index 762b9dc6..ff7575de 100644
--- a/main/openvpn/config-version.h
+++ b/main/openvpn/config-version.h
@@ -1,2 +1,2 @@
-#define CONFIGURE_GIT_REVISION "icsopenvpn_618-e63b88d330782d14"
+#define CONFIGURE_GIT_REVISION "icsopenvpn_619-c77887f504ec4f11"
 #define CONFIGURE_GIT_FLAGS ""
diff --git a/main/openvpn/src/openvpn/crypto.c b/main/openvpn/src/openvpn/crypto.c
index 62c4ab28..59a6c737 100644
--- a/main/openvpn/src/openvpn/crypto.c
+++ b/main/openvpn/src/openvpn/crypto.c
@@ -430,7 +430,7 @@ crypto_test_hmac (struct buffer *buf, const struct crypto_options *opt)
 	  hmac_ctx_final (ctx->hmac, local_hmac);
 
 	  /* Compare locally computed HMAC with packet HMAC */
-	  if (memcmp (local_hmac, BPTR (buf) + offset, hmac_len))
+	  if (memcmp_constant_time (local_hmac, BPTR (buf) + offset, hmac_len))
 	    {
 	      gc_free (&gc);
 	      return false;
diff --git a/main/openvpn/src/openvpn/mudp.c b/main/openvpn/src/openvpn/mudp.c
index 7a6911ca..f6349dbf 100644
--- a/main/openvpn/src/openvpn/mudp.c
+++ b/main/openvpn/src/openvpn/mudp.c
@@ -119,8 +119,10 @@ multi_get_create_instance_udp (struct multi_context *m)
 
 	      if (!link_socket_actual_match(&mi->context.c2.from, &m->top.c2.from))
 		{
-		  msg(D_MULTI_MEDIUM, "floating detected from %s to %s",
-		      print_link_socket_actual (&mi->context.c2.from, &gc), print_link_socket_actual (&m->top.c2.from, &gc));
+		  msg(D_MULTI_MEDIUM, "floating detected from %s to %s (session id: %d)",
+		      print_link_socket_actual (&mi->context.c2.from, &gc),
+              print_link_socket_actual (&m->top.c2.from, &gc),
+              sess_id);
 
 		  /* session-id is not trusted, so check hmac */
 		  session_forged = !(crypto_test_hmac(&m->top.c2.buf, &mi->context.c2.crypto_options));