1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2025-07-15 20:25:00 +03:00
Commit Graph

617 Commits

Author SHA1 Message Date
d2e673a47d src/Cedar/Proto_OpenVPN.c: fix denial of service found by Cisco Talos
specially crafted network packet lead to buffer overrun and process
crash. working exploit was provided by Cisco Talos team.

An integer underflow vulnerability exists in the vpnserver
OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A
specially-crafted network packet can lead to denial of service. An
attacker can send a malicious packet to trigger this vulnerability.

The versions below were either tested or verified to be vulnerable by
Talos or confirmed to be vulnerable by the vendor.

SoftEther VPN 5.01.9674
SoftEther VPN 5.02
While 5.01.9674 is a development version, it is distributed at the time
of writing by Ubuntu and other Debian-based distributions.
2023-04-16 23:06:30 +02:00
1fe26ccb6c Cedar: Trim contiguous whitespaces in version string
Before change, contiguous whitespaces appeared in version string.
This room is for beta string (such as Alpha, Beta) and beta number but
it looks a bit odd if the build is not alpha/beta/RC.

> Version 5.02 Build 5180 Alpha 3 (Japanese)
> Version 5.02 Build 5180 Beta 3 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
> Version 5.02 Build 5180   (Japanese)
>                        ^^^

Now version string looks neat like this:

> Version 5.02 Build 5180 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
2023-03-01 16:14:04 +09:00
cd2838795b Radius: Make sure MS-CHAP response matches the original username 2023-02-27 08:37:23 +00:00
4ff9c6393a Support all EAP methods for PPP sessions with RADIUS 2023-02-27 08:37:23 +00:00
e81ecbb0ec Support EAP auth with RADIUS server for SEVPN 2023-02-24 13:05:34 +00:00
1741dfdccc Cedar/Proto_PPP: Fix radius authentication 2023-02-23 13:03:10 +00:00
c67d9ee201 Fixing up coverity report flags from #1760 and #1761 2023-02-04 17:47:20 +03:00
025ebec4cc Fix thread safety after #1751 2023-02-02 06:53:30 +00:00
11828be9e6 Merge pull request #1751 from Evengard/eap-tls-fixups
TLS 1.3 for EAP-TLS, user search by certificate CN
2023-02-01 09:47:38 +06:00
edcdc923ad Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN 2023-01-31 20:33:18 +03:00
6ce91e9c81 Cedar/IPC: Change IPv6 router lookup to non-blocking
Fix #1755
2023-01-31 05:20:40 +00:00
43aaca509d Cedar/Proto_PPP: Fix memory leak 2023-01-30 20:24:45 +09:00
0cdf0eacbf Cedar/IPC: Improve IPv6CP configuration 2023-01-28 09:05:28 +00:00
26403c70e3 Reworking the EAP CN matching option from admin options to extended options 2023-01-24 12:18:20 +03:00
0a60cdf141 Hiding the EAP-TLS match user by certificate behind an admin option, disabled by default 2023-01-24 11:48:49 +03:00
149096e13c * Implementing user search by certificate common name.
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
2023-01-23 23:57:19 +03:00
6a5f4b0dfd src/Cedar/Virtual.c: mute Coverity warning
4272                FreeBlock(block);
    CID 375153 (#1 of 1): Uninitialized scalar variable (UNINIT)44. uninit_use: Using uninitialized value send_size.
4273                if (send_size == 0)
2023-01-14 21:38:28 +06:00
e2ad7d5e8f Fix wrong shortcut key assignment
Fixes #1702.
2022-11-17 16:11:30 +09:00
0643ae70f5 Update BridgeUnix.c
On FreeBSD the stock code will attempt to expand the interface MTU any time a packet is to be sent that exceeds the current MTU.  This results in a down/up on the interface that is wildly disruptive to existing services on that adapter and, eventually, is likely to run into MTU limits and start logging failures, even with jumbo-frame capable adapters.  Thus if compiling on a FreeBSD machine disable this capability.  Tested against 12.3-STABLE and 13.1-STABLE on v4.38-9760 from the FreeBSD ports tree but likely applies here as well; see bug report https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=267178
2022-10-19 12:39:32 -04:00
dc5da0c6a9 Zero out protocol strings when reconnecting 2022-09-13 19:14:33 +09:00
a14d812dcb Merge PR #1610: Proto_OpenVPN: Set max allowed ACKs to 8 for P_ACK_V1 2022-06-14 04:53:56 +02:00
37aa1ba534 Proto_OpenVPN: Set max allowed ACKs to 8 for P_ACK_V1
OpenVPN always allowed 8 ACKs in P_ACK_V1 packets but only used
up to 4 in other control packets. Since Softether drops all packets with
more than 4 ACKs it also drops legimate P_ACK_V1.

See also this issue: https://github.com/schwabe/ics-openvpn/issues/1486
2022-06-14 00:06:02 +02:00
3ed7f7cbce Adjust TCP MSS if UDP acceleration is enabled (even if inactive) 2022-06-13 22:15:44 +09:00
e74d9dec25 Merge pull request #1593 from domosekai/cm 2022-05-26 12:54:09 +09:00
4a3b4589c6 Show connection names in icon tips 2022-05-15 15:22:46 +08:00
53d8b10de2 Remove CM timer event to fix taskbar behavior on Win 11 2022-05-14 14:05:31 +08:00
ca996ed89a Merge pull request #1522 from domosekai/tls
Implement complete server certificate verification
2022-05-12 23:38:38 +08:00
cb6d9531b5 Fixed an issue where routing was not added when receiving DHCP static routing options. 2022-05-10 17:35:01 +09:00
5a0227ba1d Allow packets if the both source and destination session users are the same, even in PrivacyFilter mode 2022-05-09 15:45:55 +09:00
c8dca265b4 Merge pull request #1576 from domosekai/ipv6
Fix IPv6 ND for Windows 11 PPP clients
2022-04-27 20:37:25 +08:00
b4bb90ec5b Fix udp acceleration unusable on big endian system
On big endian system, while store 32 bits and 16bits number in memory of  UINT64 variable "tmp", first 4 bytes of it always be zero makes "cookie" and "size" always be zero, lead to udpaccel unusable.
2022-04-25 18:16:50 +08:00
a742e2d193 Fix IPv6 ND for Windows 11 PPP clients 2022-04-08 00:37:38 +08:00
d86cf181bf Fix UDP bulk v2 and protocol display 2022-03-20 16:48:15 +08:00
32a970f976 Admin.c: Fix wrong endianness in InRpcNodeInfo() and OutRpcNodeInfo() 2022-02-22 19:38:34 +01:00
fd92c754fc Add missing headers required for solaris/illumos 2022-01-06 23:06:36 -05:00
0a4455ac40 Add more TLS negotiation info in logging and UI 2021-12-29 17:41:29 +08:00
f94ac6351e Implement complete server certificate verification 2021-12-29 17:41:29 +08:00
3c7d78a1bf Merge branch 'SoftEtherVPN:master' into master 2021-12-26 11:51:55 +01:00
1c1560f6ca Apply security level override in azure client mode 2021-12-26 12:12:00 +08:00
68dc4e23d8 Improve NAT-T hint string handling 2021-12-26 12:11:51 +08:00
f6edb5e165 Fix a typo that causes CascadeList to show blank hub name 2021-12-26 12:03:59 +08:00
a5565fce4b Fix cascade links may start before configuration is loaded 2021-12-26 12:03:59 +08:00
d95d8ddefa Fix account name in wrong case after editing 2021-12-26 12:03:59 +08:00
f1b464e84d fix alpine compile issue. 2021-12-25 21:22:06 +01:00
51585e63e3 Fix server manager setting compatibility since build 9658 2021-12-25 13:25:34 +08:00
c72d4fddb8 Merge branch 'SoftEtherVPN:master' into master 2021-12-24 08:47:45 +01:00
fc15d1ebd5 fix alpine compile issue. 2021-12-23 21:06:19 +01:00
73ffa10f50 Fix build error on alpine 2021-12-23 20:59:48 +01:00
77ee848caa Cedar/SM.c: Fix pointer usage before initialization 2021-12-23 17:23:15 +08:00
2a40d21ef9 Merge pull request #1512 from domosekai/he
Perform TCP connection via IPv6 and IPv4 in parallel threads
2021-12-11 17:20:12 +08:00