1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-25 10:59:53 +03:00
Commit Graph

37 Commits

Author SHA1 Message Date
Davide Beatrici
a6ba9b8788 Include headers properly 2021-04-05 04:48:25 +02:00
Davide Beatrici
5cab279a8c Cedar, Mayaqua: Set minimum Windows version to Vista 2021-04-03 02:25:19 +02:00
PeTeeR
b890c7d813 Cedar: DHCP server now assigns static IPv4 address, if present in user note
This works for all VPN protocols.

In SessionMain(): for DHCPDISCOVER and DHCPREQUEST frames, write the static IP address (which is retrieved from the user notes) in the SIADDR field of DHCPHEADER.

In VirtualDhcpServer(): for DHCPDISCOVER and DHCPREQUEST frames, read the static IP address from the SIADDR field of DHCPHEADER and assign it to the client.
2020-10-12 04:56:33 +02:00
Evengard
f2fee4d32c Preliminary implementation of IPv6CP and IPv6 for PPP (untested) 2020-05-12 18:05:18 +03:00
Evengard
1d6a4d3ec8 Preliminary IPC IPv6 implementation (untested) 2020-05-12 17:59:24 +03:00
Daiyuu Nobori
a4f87565ae Bugfix: Fix the SecureNAT connection problem with ignoring TCP ECN bit enabled packets 2020-01-01 17:51:38 +09:00
stffabi
850a5faa0d Fix buffer overflow during NETBIOS name resolution
If SecureNAT is enabled and the hostname of the server
is longer than 16characters, every NETBIOS name resolution
query triggers the buffer overflow. If the server was built
with stack protection, the process will be killed.
2019-09-04 14:32:19 +02:00
Davide Beatrici
d6cf1b85a9 Virtual: fix race condition in DHCP server which resulted in multiple clients receiving the same IP
A race condition in the DHCP server caused it to offer the same IP address to multiple clients when they connected at the same time, because an offered IP address was considered free until the final step (DHCP_ACK).

This commit introduces a list to keep track of the pending leases created during DHCP_OFFER, so that an IP address is guaranteed to be offered to a single client.
2019-07-13 23:29:16 +02:00
Daiyuu Nobori
881f34ac56 Compacting headers, updating trivial texts to fit to the license change from GPLv2 to Apache License 2.0. 2019-01-14 12:25:53 +09:00
Daiyuu Nobori
ee9990317b Fix bugs reported by Coverity Scan. 2018-09-28 22:39:38 +09:00
Davide Beatrici
3f5f716357 Revamp digest functions
- Hash() has been removed because it was ambiguous, Md5() and Sha0() are proper replacements.
- HMacMd5() and HMacSha1() now share a common implementation handled by the new Internal_HMac() function.
- NewMd() and MdProcess() now support plain hashing (without the key).
- NewMd(), SetMdKey() and MdProcess() now check the OpenSSL functions' return value and in case of failure a debug message is printed along with the error string, if available.
- SetMdKey()'s return value has been changed from void to bool, so that it's possible to know whether the function succeeded or not.
- MdProcess()' return value has been changed from void to UINT (unsigned int) and the function now returns the number of bytes written by HMAC_Final() or EVP_DigestFinal_ex().
2018-09-22 06:36:09 +02:00
Ilya Shipitsin
5ecc80a14e src/Cedar/Virtual: coverity suspects null pointer dereference here
however, both Cancel() and ReleaseCancel() checks for NULL themselves,
so we can remove this check
2018-08-22 10:33:29 +05:00
Davide Beatrici
233b525d0e
Merge PR #662: Fix that virtual NAT session is closed even if data remains. 2018-08-21 13:04:06 +02:00
MtCedarNet
f9de4a06aa Fix that virtual NAT session is closed even if data remains. 2018-08-21 18:54:07 +09:00
Ilya Shipitsin
c98c7858bd src/Cedar/Virtual: resolve null pointer dereference
found by coverity
2018-08-21 11:36:01 +05:00
Davide Beatrici
02db806181 Remove SSLv3 support 2018-08-09 00:25:40 +02:00
Daiyuu Nobori
ab54b73737
Merge pull request #511 from dnobori/b4_mac
Improving the compliance of Virtual Network Adapters with the local address bit of the MAC address rule.
2018-05-24 18:04:32 +09:00
Josh Soref
ac865f04fc Correct Spelling (#458)
* spelling: accepts

* spelling: account

* spelling: accept

* spelling: accumulate

* spelling: adapter

* spelling: address

* spelling: additional

* spelling: aggressive

* spelling: adhered

* spelling: allowed

* spelling: ambiguous

* spelling: amount

* spelling: anonymous

* spelling: acquisition

* spelling: assemble

* spelling: associated

* spelling: assigns

* spelling: attach

* spelling: attempt

* spelling: attribute

* spelling: authenticate

* spelling: authentication

* spelling: available

* spelling: bridging

* spelling: cascade

* spelling: cancel

* spelling: check

* spelling: challenge

* spelling: changing

* spelling: characters

* spelling: cloud

* spelling: compare

* spelling: communication

* spelling: compatible

* spelling: compatibility

* spelling: completion

* spelling: complete

* spelling: computers

* spelling: configure

* spelling: configuration

* spelling: conformant

* spelling: connection

* spelling: contains

* spelling: continuously

* spelling: continue

* spelling: convert

* spelling: counters

* spelling: create

* spelling: created

* spelling: cumulate

* spelling: currently

* spelling: debugging

* spelling: decryption

* spelling: description

* spelling: default

* spelling: driver

* spelling: delete

* spelling: destination

* spelling: disabled

* spelling: different

* spelling: dynamically

* spelling: directory

* spelling: disappeared

* spelling: disable

* spelling: doesn't

* spelling: download

* spelling: dropped

* spelling: enable

* spelling: established

* spelling: ether

* spelling: except

* spelling: expired

* spelling: field

* spelling: following

* spelling: forever

* spelling: firewall

* spelling: first

* spelling: fragment

* spelling: function

* spelling: gateway

* spelling: identifier

* spelling: identify

* spelling: incoming

* spelling: information

* spelling: initialize

* spelling: injection

* spelling: inner

* spelling: instead

* spelling: installation

* spelling: inserted

* spelling: integer

* spelling: interrupt

* spelling: intuitive

* spelling: interval

* spelling: january

* spelling: keybytes

* spelling: know

* spelling: language

* spelling: length

* spelling: library

* spelling: listener

* spelling: maintain

* spelling: modified

* spelling: necessary

* spelling: number

* spelling: obsoleted

* spelling: occurred

* spelling: occurring

* spelling: occur

* spelling: original

* spelling: omittable

* spelling: omit

* spelling: opening

* spelling: operation

* spelling: packet

* spelling: parameters

* spelling: pointed

* spelling: popupmenuopen

* spelling: privilege

* spelling: product

* spelling: protection

* spelling: promiscuous

* spelling: prompt

* spelling: query

* spelling: random

* spelling: reconnection

* spelling: revocation

* spelling: received

* spelling: red hat

* spelling: registry

* spelling: release

* spelling: retrieve
2018-05-16 23:47:10 +02:00
Daiyuu Nobori
683aecaaec Improving the compliance of Virtual Network Adapters with the local address bit of the MAC address rule.
When installing a new device driver of the Virtual Network Driver card, we changed the initial random MAC address from 00-AC-xx-xx-xx-xx to 5E-xx-xx-xx-xx-xx. This realizes the compliance with the local address bit of the MAC address rule.
2018-04-22 18:24:29 +09:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
Daiyuu Nobori
97e7a82be2 Added the function to save the DNS query log on the packet logs. 2017-12-21 23:23:17 +09:00
Daiyuu Nobori
9f9dc459a7 Preparing the development branch 2017-10-19 15:00:41 +09:00
dnobori
faee11ff09 v4.23-9647-beta 2017-10-18 18:24:21 +09:00
dnobori
4df2eb4f9c v4.22-9634-beta 2016-11-27 17:43:14 +09:00
Daiyuu Nobori
5cae447c79 Merge pull request #229 from chipitsine/master
cppcheck issues
2016-11-27 17:25:03 +09:00
ajeecai
9bc67cc293 Fix that ParseTcpOption doesn't work correctly
Suppose there is a TCP SYN or SYN-ACK packet taking options as:
    02 04 05 b4 01 01 04 02 01 03 03 04 
which is 
Options: (12 bytes)
    >Maximum segment size: 1460 bytes
    >No-Operation (NOP)
    >No-Operation (NOP)
    >TCP SACK Permitted Option: True
    >No-Operation (NOP)
    >Window scale: 4 (multiply by 16)

Then the original parse function only returns MSS 1460 while WSS is 0.
2016-08-04 17:33:18 +08:00
Ilya Shipitsin
556ea647e3 cppcheck issues:
[src/Cedar/Virtual.c:2389] -> [src/Cedar/Virtual.c:2398]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
[src/Cedar/Virtual.c:4000] -> [src/Cedar/Virtual.c:4004]: (warning) Either the condition 'n==0' is redundant or there is possible null pointer dereference: n.
[src/Cedar/Virtual.c:4203] -> [src/Cedar/Virtual.c:4207]: (warning) Either the condition 'n==0' is redundant or there is possible null pointer dereference: n.
2016-04-30 00:03:35 +05:00
dnobori
17e624ac26 v4.19-9605-beta 2016-03-06 23:16:01 +09:00
dnobori
4e862a7e40 v4.19-9582-beta 2015-10-06 20:18:00 +09:00
dnobori
860f743dd7 v4.17-9566-beta 2015-07-17 00:31:57 +09:00
dnobori
06a72040a3 v4.13-9522-beta 2015-01-30 22:30:34 +09:00
dnobori
9f7d8578a7 v4.10-9472-beta 2014-07-12 02:06:20 +09:00
dnobori
f75a2c2a12 v4.09-9451-beta 2014-06-09 11:57:10 +09:00
dnobori
719ee999d6 v4.07-9448-rtm 2014-06-06 06:53:20 +09:00
dnobori
cf2a6a42bc v4.06-9430-beta 2014-03-20 05:45:05 +09:00
dnobori
001fd910fe v4.04-9412-rtm 2014-01-15 18:01:42 +09:00
dnobori
749497dde0 v4.03-9408-rtm 2014-01-04 22:00:08 +09:00