1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-27 03:49:52 +03:00
Commit Graph

20 Commits

Author SHA1 Message Date
Davide Beatrici
233e28f38c Refactor Base64 functions, encode/decode using OpenSSL's EVP interface
Our own implementation works fine, however we should use OpenSSL's one since we already link to the library.

Base64Decode() and Base64Encode() return the required buffer size when "dst" is NULL.

This allows to efficiently allocate a buffer, without wasting memory or risking an overflow.

Base64FromBin() and Base64ToBin() perform all steps, returning a heap-allocated buffer with the data in it.
2021-07-02 09:24:41 +02:00
Davide Beatrici
a6ba9b8788 Include headers properly 2021-04-05 04:48:25 +02:00
Davide Beatrici
337a04b758 Remove "BOOL", "TRUE" and "FALSE", use lowercase everywhere for consistency 2020-08-15 09:18:27 +02:00
Daiyuu Nobori
844dcdb0af Remove all references to strtok() and wcstok(), implement and use alternatives
strtok() and wcstok() are considered unsafe functions.

A segmentation fault caused by the use of strtok() was recently reported.

Co-authored-by: Takuho NAKANO <takotakot@users.noreply.github.com>
2020-07-20 17:57:58 +02:00
Daiyuu Nobori
98b08c2ad1 Implementation of the JSON-RPC API and the Web Admin interface. (dnobori's internal note: 7579 - 7682) 2019-05-28 12:51:51 +09:00
Daiyuu Nobori
881f34ac56 Compacting headers, updating trivial texts to fit to the license change from GPLv2 to Apache License 2.0. 2019-01-14 12:25:53 +09:00
Davide Beatrici
aefbd2e903 Add custom HTTP header feature for HTTP proxy
A custom HTTP header can be used to bypass certain restrictions imposed on the network or to avoid speed limitations applied by the QoS.
2018-11-29 20:32:21 +01:00
Davide Beatrici
335e0503c9 Mayaqua/Str: add TrimQuotes() function to remove quotes from a string 2018-10-06 22:42:29 +02:00
Ilya Shipitsin
1fd17c266a src/Mayaqua/Str: remove unused functions
[src/Mayaqua/Str.c:3019]: (style) The function 'CopyFormat' is never used.
[src/Mayaqua/Str.c:280]: (style) The function 'HexToInt64' is never used.
[src/Mayaqua/Str.c:2448]: (style) The function 'InChar' is never used.
[src/Mayaqua/Str.c:745]: (style) The function 'IniHasValue' is never used.
[src/Mayaqua/Str.c:692]: (style) The function 'IniInt64Value' is never used.
[src/Mayaqua/Str.c:726]: (style) The function 'IniUniStrValue' is never used.
[src/Mayaqua/Str.c:2138]: (style) The function 'IsPrintableAsciiStr' is never used.
[src/Mayaqua/Str.c:1045]: (style) The function 'NormalizeCrlf' is never used.
[src/Mayaqua/Str.c:2899]: (style) The function 'ReplaceFormatStringFor64' is never used.
[src/Mayaqua/Str.c:2442]: (style) The function 'SearchStri' is never used.
[src/Mayaqua/Str.c:3345]: (style) The function 'StrCheckSize' is never used.
[src/Mayaqua/Str.c:1386]: (style) The function 'StrListToStr' is never used.
[src/Mayaqua/Str.c:348]: (style) The function 'ToHex64' is never used.
[src/Mayaqua/Str.c:2803]: (style) The function 'ToStri' is never used.
[src/Mayaqua/Str.c:2797]: (style) The function 'ToStrx' is never used.
[src/Mayaqua/Str.c:2791]: (style) The function 'ToStrx8' is never used.
[src/Mayaqua/Str.c:1325]: (style) The function 'TokenListToList' is never used.
2018-08-12 15:34:51 +05:00
Davide Beatrici
517fed85a1 Str: remove unused IsStrInStrTokenList() function 2018-08-02 18:14:57 +02:00
Ilya Shipitsin
79c06146a4 remove unused functions (identified by cppcheck)
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
2018-02-08 00:20:07 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
Daiyuu Nobori
9f9dc459a7 Preparing the development branch 2017-10-19 15:00:41 +09:00
dnobori
faee11ff09 v4.23-9647-beta 2017-10-18 18:24:21 +09:00
dnobori
17e624ac26 v4.19-9605-beta 2016-03-06 23:16:01 +09:00
dnobori
860f743dd7 v4.17-9566-beta 2015-07-17 00:31:57 +09:00
dnobori
9f7d8578a7 v4.10-9472-beta 2014-07-12 02:06:20 +09:00
dnobori
cf2a6a42bc v4.06-9430-beta 2014-03-20 05:45:05 +09:00
dnobori
001fd910fe v4.04-9412-rtm 2014-01-15 18:01:42 +09:00
dnobori
749497dde0 v4.03-9408-rtm 2014-01-04 22:00:08 +09:00