David Woodhouse dwmw2 at
Wed Sep 17 16:48:35 PDT 2014

On Wed, 2014-09-17 at 16:19 -0700, Kevin Cernekee wrote:
> Oops, should probably make that:
> and keep in mind that a compromised gateway could pass all sorts of
> evil strings to your vpnc-script.

Which reminds me. None of our use of setenv() is safe, now that we could
potentially be running libopenconnect within a multi-threaded process.

We need to keep them around in a list, then set them only after we have
done a fork(), then exec() the vpnc-script.

And do something equivalent on Windows.


-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/x-pkcs7-signature
Size: 5745 bytes
Desc: not available
URL: <>

More information about the openconnect-devel mailing list