Merge branch 'TinCanTech-win-secure_session-fix-mkdir'

Signed-off-by: Richard T Bonhomme <[email protected]>
OpenVPN · Aug 10, 2024 · 772e274 · 772e274
2 parents 0081fca + 371a998
commit 772e274
Showing 1 changed file with 8 additions and 0 deletions.
diff --git a/easyrsa3/easyrsa b/easyrsa3/easyrsa
@@ -785,10 +785,18 @@ secure_session() {
 		secured_session="${EASYRSA_TEMP_DIR}/${session}"
 
 		# atomic:
+		# ONLY effects Windows 11 "broken" mkdir.exe
+		# The procedure now is a "poor man's" version
+		# of an atomic directory creation call.
+		# The "race condition" still exists but is minimized.
+		# What remains is equivalent to 32bit hash collision.
+		[ -d "$secured_session" ] && continue
 		if mkdir "$secured_session"; then
 			# Check mkdir.exe has created the directory
 			[ -d "$secured_session" ] || \
 				die "secure_session - mkdir FAILED"
+			[ -f "$secured_session"/temp.0.1 ] && \
+				die "secure_session - temp-file EXISTS"
 
 			# New session requires safe-ssl conf
 			unset -v OPENSSL_CONF safe_ssl_cnf_tmp \