1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-25 02:49:52 +03:00
Commit Graph

1193 Commits

Author SHA1 Message Date
hiura
9a009d750a Use macro 'MAX' instead of 'max' 2024-04-16 19:14:44 +09:00
hiura
c36d7187a8 Fix 'RemoveDefGwOnDhcpForLocalhost' function No.2: Change the minimum size of DHCP reply 2024-04-16 10:30:10 +09:00
Ilya Shipitsin
6582955cfa
Update src/Cedar/Protocol.c
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
2024-04-14 10:36:55 +02:00
Alexey Ivanov
71d71e51db OpenVPN certificate authorization with cn_username in 'email' format 2024-04-12 23:08:24 +05:00
hiura
97203568e7 Fix 'RemoveDefGwOnDhcpForLocalhost' function: Change to exclude unplugged device from MAC address list. 2024-03-31 23:07:16 +09:00
hiura
e8c14cba68 Fix 'Session Timeouted.': Change the time for checking wether all the TCP connectins are alive or not. 2024-03-24 19:11:24 +09:00
hiura
2789b16c12 Fix hamcore access: Correcting path separator for hamcore. 2024-03-16 12:52:46 +09:00
hiura
64cb8e1eff Change bridge function: Make the NIC appear in the 'Local Bridge Settings' list No.2 2024-03-11 00:16:22 +09:00
hiura
645d5ebb55 Change bridge function: Make the NIC appear in the 'Local Bridge Settings' list regardless of a NULL character consisted in 'FriendlyName' 2024-03-06 11:33:56 +09:00
Kensei Sakai
0dfc82c14e
Update BUILD_UNIX.md for fix location
# Using SoftEther without installation
Correct location for build output dir.
2024-02-27 03:27:20 +09:00
Ilya Shipitsin
60ee463044 adjust types of variables
gcc14 is not happy on "error: passing argument .. from incompatible pointer type [-Wincompatible-pointer-types]"
2024-02-23 11:06:27 +01:00
Ilya Shipitsin
36456e63a6
Merge pull request #1953 from hiura2023/master
IPC.c: Cast the pointer to a defined size due to the error in compiling.
2024-02-21 21:49:53 +01:00
hiura
4e4bd79ad2 IPC.c:Cast the pointer to a defined size due to the error in compiling. 2024-02-20 12:01:35 +09:00
Ilya Shipitsin
ff4b74afda
Merge pull request #1929 from chipitsine/pr_1921_followup
fix nullptr deref
2023-12-01 17:18:40 +01:00
Ilya Shipitsin
e6792d8893 fix nullptr deref
Co-authored-by: icy17 <1061499390@qq.com>
2023-11-19 10:57:28 +01:00
Ilya Shipitsin
9429243dbe
Merge pull request #1906 from hiura2023/master
Fix access violation: correct typing mistake in calling Debug().
2023-11-01 10:26:37 +01:00
Daiyuu Nobori
6dbf7e9ae2 Showing an explanation of the purpose of the Developer Edition and the difference from the Stable Editon by Daiyuu Nobori 2023-10-09 17:14:32 +02:00
Daiyuu Nobori
54ae7f725b Add four new certificate hashes to the DDNS_CERT_HASH list by Daiyuu Nobori. These certificates will be used to University of Tsukuba's built-in "softether.net" DDNS server after year 2038. 2023-10-09 17:14:32 +02:00
Daiyuu Nobori
35077deaf1 Fix Vulnerability: CVE-2023-25774 TALOS-2023-1743
SoftEther VPN vpnserver ConnectionAccept () denial of service vulnerability
2023-10-09 17:13:57 +02:00
Daiyuu Nobori
3b932f5fee Fix Vulnerability: CVE-2023-27516 TALOS-2023-1754 and CVE-2023-32634 TALOS-2023-1755
SoftEther VPN CiRpcAccepted () authentication bypass vulnerability
and SoftEther VPN CiRpcServerThread () MitM authentication bypass vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-10-07 04:42:41 +02:00
Daiyuu Nobori
f4bbe476be Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-10-07 04:42:41 +02:00
Daiyuu Nobori
2dec52b875 Heap area protection of memory has been enhanced.
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
2023-10-07 04:42:34 +02:00
Daiyuu Nobori
c49e462ed1 Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:26:17 +09:00
Daiyuu Nobori
b8e542105f Fix Vulnerability: CVE-2023-27395 TALOS-2023-1735
SoftEther VPN vpnserver WpcParsePacket () heap-based buffer overflow vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:24:12 +09:00
puripuri2100
06e79fd75d replace да|нет to yes|no 2023-09-27 20:03:43 +09:00
puripuri2100
d30949038f Swap comment for ConnectionList command and comment for ConnectionGet command in strtable_ru.stb file 2023-09-27 20:01:53 +09:00
puripuri2100
c621a8e74d fix [порт] to [port] 2023-09-27 00:12:50 +09:00
puripuri2100
1b0aa5e434 fix 2023-09-26 23:26:57 +09:00
puripuri2100
51898b80a2 fix comment: ConnectionGet 2023-09-26 23:25:55 +09:00
puripuri2100
ed282ad977 change comment: VPN工具 to VPN Tools 2023-09-26 23:24:07 +09:00
puripuri2100
7e30a8e52a fixed VpnAzureSetStatus to VpnAzureSetEnable 2023-09-26 22:55:22 +09:00
puripuri2100
a09446c1f3 fix [nome] to [name] 2023-09-26 22:51:28 +09:00
hiura
f57f05a599 Bind outgoing connection to a specific IP address (fix a bug) 2023-09-17 16:36:57 +09:00
Ilya Shipitsin
f736d18267 temporarily suppress clang warnings on "-Wincompatible-function-pointer-types" 2023-09-16 00:03:03 +02:00
Ilya Shipitsin
1be55ebb94 src/vpndrvinst/main.c: add missing header file 2023-09-16 00:02:29 +02:00
puripuri2100
fc2a33d1f3 fix missing arg 2023-09-15 09:39:11 +09:00
Ilya Shipitsin
2fd6c0b76a add missing localization
this is a follow up of
https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1867

English localization is added for now
2023-09-12 22:43:01 +02:00
Ilya Shipitsin
6833a7a11d
Merge pull request #1901 from hiura2023/master
Bind outgoing connection to a specific IP address (avoid illegal access)
2023-09-12 09:39:18 +02:00
hiura
643cbbbf88 Bind outgoing connection to a specific IP address (avoid illegal access) 2023-09-12 10:20:51 +09:00
Ilya Shipitsin
205a94cda2
Merge pull request #1867 from hiura2023/master
Bind outgoing connection to a specific IP address
2023-09-10 17:18:31 +02:00
puripuri2100
a9a93a2824 fixed VpnAzureSetStatus to VpnAzureSetEnable 2023-08-31 01:30:15 +09:00
Ilya Shipitsin
68e704097d fix another stb complaints 2023-08-27 21:11:53 +02:00
Ilya Shipitsin
8162ca3d12
Merge branch 'SoftEtherVPN:master' into master 2023-08-27 21:01:22 +02:00
djony
8345deebe4
Add files via upload 2023-08-27 19:21:13 +03:00
Ilya Shipitsin
63595f79c5 fix some missing localization 2023-08-25 22:24:53 +02:00
djony
2abd9de923
Update strtable_ru.stb 2023-08-24 00:37:55 +03:00
Ilya Shipitsin
8f8677f164 set PPPSetStatus(p, PPP_STATUS_FAIL); in case of failure 2023-08-16 22:32:00 +02:00
Ilya Shipitsin
088b5c2df3 additional error handling if SSL_CTX_new failed
this is a folloup to https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1873
2023-08-16 19:17:18 +02:00
barracuda156
a80d3f2032 TunTap.h: fix for undefined u_char, u_short on MacOS 2023-08-14 15:54:56 +08:00
barracuda156
1cf2e7a8ea Network.h: include forgotten pthread.h for MacOS too 2023-08-14 15:40:53 +08:00
hiura
c2fe874865 Bind outgoing connection to a specific IP address No.2 2023-08-08 18:14:22 +09:00
Ilya Shipitsin
f6f2660060
Merge pull request #1869 from metalefty/bsdunixvlan-group
Cedar/VLanUnix: assign virtual interface to softether group
2023-08-07 08:16:17 +02:00
Yihong Wu
adccc6b7d4
Merge pull request #1775 from domosekai/radius2
Support more EAP methods for RADIUS auth
2023-08-07 02:50:13 +09:00
icy17
07733b29cb fix potential crash. 2023-07-30 11:01:09 +00:00
Davide Beatrici
eb785e08fe
Merge PR #1866: Translate GenX25519/GetPublicX25519 command 2023-07-05 09:55:53 +02:00
Davide Beatrici
1493ccb44d
Merge PR #1865: Fix build when NO_VLAN 2023-07-05 09:55:35 +02:00
Koichiro IWAO
49f8112d83 Cedar/VLanUnix: assign virtual interface to softether group
Interface grouping is available on FreeBSD and OpenBSD. This will allow
you to enumerate only SoftEther virtual interfaces or exclude SoftEther
virtual interfaces, and be helpful when making custom scripts to start
DHCP client when virtual interface become up (=VPN connection
established) for example.

Usage examples as follows.

List all interfaces' names available on the system:
```
$ ifconfig -l
vtnet0 lo0 vpn_client0 vpn_client1 vpn_client2
```

Display a list of SoftEther virtual interfaces:
```
$ ifconfig -g softether
vpn_client0
vpn_client1
vpn_client2
```

Display details about SoftEther virtual interfaces that are up:
```
$ ifconfig -a -u -g softether
vpn_client0: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: SoftEther Virtual Network Adapter
        options=80000<LINKSTATE>
        ether 5e:71:fa:f8:91:4a
        hwaddr 58:9c:fc:10:34:2a
        groups: tap softether
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 1445
```

Display details about interfaces except for SoftEther virtual interfaces:
```
$ ifconfig -a -G softether
vtnet0: flags=8863<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        options=80028<VLAN_MTU,JUMBO_MTU,LINKSTATE>
        ether 58:9c:fc:00:f0:23
        inet6 fe80::5a9c:fcff:fe00:f023%vtnet0 prefixlen 64 scopeid 0x1
        inet 192.168.96.7 netmask 0xffffff00 broadcast 192.168.96.255
        media: Ethernet autoselect (10Gbase-T <full-duplex>)
        status: active
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
lo0: flags=8049<UP,LOOPBACK,RUNNING,MULTICAST> metric 0 mtu 16384
        options=680003<RXCSUM,TXCSUM,LINKSTATE,RXCSUM_IPV6,TXCSUM_IPV6>
        inet6 ::1 prefixlen 128
        inet6 fe80::1%lo0 prefixlen 64 scopeid 0x2
        inet 127.0.0.1 netmask 0xff000000
        groups: lo
        nd6 options=23<PERFORMNUD,ACCEPT_RTADV,AUTO_LINKLOCAL>
```
2023-07-04 14:38:36 +09:00
Davide Beatrici
5633314981
Merge PR #1868: Fix build on __FreeBSD_version >= 140091 (LLVM 16) 2023-07-04 06:08:21 +02:00
Koichiro Iwao
dcdbce63d5 Fix build on __FreeBSD_version >= 140091 (LLVM 16)
Fails to build after:
https://cgit.freebsd.org/src/commit/?id=a681cba16d8967651a2146385ce44a2bfeb1c4c3

As the commit title is "Bump __FreeBSD_version for llvm 16.0.6 merge",
I suppose LLVM 16 is stricter than LLVM 15. It was building successfully
at least the previous week.

Build log: https://pkg-status.freebsd.org/beefy18/data/main-amd64-default/p4785b313b958_se8efee297c/logs/softether5-5.02.5180.335,2.log

```
[ 32%] Building C object src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o
cd /wrkdirs/usr/ports/security/softether5/work/.build/src/Mayaqua && /usr/bin/cc -DBRIDGE_BPF -DCPU_64 -DHAVE_SSL_CTX_SET_NUM_TICKETS -DNDEBUG -DOS_UNIX -DREENTRANT -DSE_DBDIR=\"/var/db/softether\" -DSE_LOGDIR=\"/var/log/softether\" -DSE_PIDDIR=\"/var/run/softether\" -DSE_TAGNAME=\"5.02.5180-335-g1c0bdb0c/freebsd\" -DTHREADSAFE -DTHREAD_SAFE -DUNIX -DUNIX_BSD -DVPN_SPEED -D_FILE_OFFSET_BITS=64 -D_REENTRANT -D_THREADSAFE -D_THREAD_SAFE -Dmayaqua_EXPORTS -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/libhamcore/include -O2 -pipe  -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -fsigned-char -O2 -pipe  -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DNDEBUG -O2 -std=gnu99 -fPIC -pthread -MD -MT src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o -MF CMakeFiles/mayaqua.dir/Unix.c.o.d -o CMakeFiles/mayaqua.dir/Unix.c.o -c /wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c
/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c:259:18: error: incompatible function pointer types assigning to 'void (*)(int, struct __siginfo *, void *)' from 'void *(int, siginfo_t *, void *)' (aka 'void *(int, struct __siginfo *, void *)') [-Wincompatible-function-pointer-types]
        sa.sa_sigaction = signal_received_for_ignore;
                        ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
```
2023-07-04 08:50:53 +09:00
hiura
e4330ca71a bind outgoing connection 2023-06-28 23:18:09 +09:00
Koichiro Iwao
35b5d0640f Translate GenX25519/GetPublicX25519 command 2023-06-21 15:16:47 +09:00
Koichiro Iwao
f88341ce40 Fix case of WireGuard 2023-06-21 15:11:38 +09:00
Koichiro IWAO
0ab5199272 Fix build when NO_VLAN
Occurred at:	 #670
Closes:		#1864

Tested build on FreeBSD with NO_VLAN by modifying CMakeLists.txt like this:

```diff
diff --git a/src/CMakeLists.txt b/src/CMakeLists.txt
index c49a3c78..1dad3691 100644
--- a/src/CMakeLists.txt
+++ b/src/CMakeLists.txt
@@ -93,6 +93,7 @@ if(UNIX)
if(${CMAKE_SYSTEM_NAME} STREQUAL "FreeBSD")
     add_definitions(-DUNIX_BSD -DBRIDGE_BPF)
+    add_definitions(-DNO_VLAN)
     include_directories(SYSTEM /usr/local/include)
     link_directories(SYSTEM /usr/local/lib)
   endif()
```
2023-06-17 02:18:04 +09:00
Koichiro IWAO
41be858df0 Collect garbage at development 2023-06-17 01:54:36 +09:00
Koichiro IWAO
6665efb822 Remove unnecessary quotation to fix build 2023-06-15 10:17:33 +09:00
Koichiro IWAO
8826484245 Rename macro BRDEST -> BRIDGE for simplicity
UNIX_VLAN_BRDEST_IFACE_PREFIX -> UNIX_VLAN_BRIDGE_IFACE_PREFIX
2023-06-15 00:15:17 +09:00
Koichiro IWAO
09708bc8cb Cedar/BridgeUnix: make sure to destroy tap device for bridge on FreeBSD
Also, rename NewTap/FreeTap to NewBridgeTap/FreeBridgeTap because these
functions are used to create/destroy tap device used for bridge
destination.
2023-06-15 00:15:17 +09:00
Koichiro IWAO
696a9bc0a1 Cedar: Don't hardcode prefix for virtual brige destination 2023-06-15 00:15:17 +09:00
Koichiro IWAO
96e4fc040f Cedar/VLanUnix: add description to FreeBSD tap device
$ ifconfig vpn_client
vpn_client: flags=8843<UP,BROADCAST,RUNNING,SIMPLEX,MULTICAST> metric 0 mtu 1500
        description: SoftEther Virtual Network Adapter
        options=80000<LINKSTATE>
        ether 5e:51:5e:48:ea:ef
        hwaddr 58:9c:fc:10:34:2a
        groups: tap
        media: Ethernet autoselect
        status: active
        nd6 options=29<PERFORMNUD,IFDISABLED,AUTO_LINKLOCAL>
        Opened by PID 35981
2023-06-01 16:50:30 +09:00
Koichiro IWAO
867c992111 Cedar/VLanUnix: use space after #ifdef 2023-06-01 15:18:13 +09:00
Koichiro IWAO
96b1961d78 Cedar/VLanUnix: add UnixDestroyTapDevice prototype declaration 2023-06-01 11:57:50 +09:00
Koichiro IWAO
939eb3130e Cedar/Client: Enable CtVLans{Up,Down} on FreeBSD
The same trick also works on FreeBSD. There's no reason to limit it to
Linux.
2023-05-31 17:48:31 +09:00
Koichiro IWAO
0ba7ad392e Cedar/VLanUnix: Enable UnixVLanSetState on FreeBSD 2023-05-31 17:48:31 +09:00
Koichiro IWAO
8482a52522 Cedar/VLanUnix: Make NicDelete work on FreeBSD
In contrast to Linux, FreeBSD's tap devices are still plumbed after fd
closed. The tap device must be destroyed in addition to closing fd
to delete virtual network interfaces used for VPN connection.

NicDelete command now works properly and virtual network interfaces used
by vpnclient are cleaned up when shutting down vpnclient.
2023-05-31 17:48:31 +09:00
Koichiro IWAO
9c33605f5e Cedar: Don't hardcode prefix for UNIX virtual network interface 2023-05-31 17:48:06 +09:00
Ilya Shipitsin
2fdd9ec4dc
Merge pull request #1832 from chipitsine/master
src/Cedar/Server.c: fix race condition
2023-05-13 20:42:38 +02:00
Roel van de Wiel
36505e3896 Changed 'settng' to 'setting' and regenerated the RPC docs 2023-05-10 15:09:57 +02:00
Ilya Shipitsin
c59df82666 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

   CID 343528 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null,
   but it has already been dereferenced on all paths leading to the
   check.
   438        if (name == NULL || k == NULL || k->private_key == false)
   439        {
   440                sec->Error = SEC_ERROR_BAD_PARAMETER;
   441                return false;
   442        }
2023-05-01 06:18:39 +02:00
Ilya Shipitsin
db7d6c83d5 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

   CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null
   but it has already been dereferenced on all paths leading to the
   check.
   664        if (name == NULL)
   665        {
   666                sec->Error = SEC_ERROR_BAD_PARAMETER;
   667                return false;
   668        }
2023-05-01 06:09:38 +02:00
Ilya Shipitsin
a89adaebc3 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

 CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
 check_after_deref: Null-checking name suggests that it may be null, but
 it has already been dereferenced on all paths leading to the check.
 1339        if (name == NULL || data == NULL || size == 0)
 1340        {
 1341                sec->Error = SEC_ERROR_BAD_PARAMETER;
 1342                return false;
 1343        }
2023-05-01 06:07:19 +02:00
Ilya Shipitsin
c46871688b src/Cedar/Server.c: fix race condition
=================================================================
==1505093==ERROR: AddressSanitizer: heap-use-after-free on address 0x607000366b88 at pc 0x7f72afadc34a bp 0x7f72990fa390 sp 0x7f72990fa388
READ of size 4 at 0x607000366b88 thread T22
    #0 0x7f72afadc349 in GetCaps /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861
    #1 0x7f72afadc382 in GetCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1802
    #2 0x7f72afaf72a5 in GetServerCapsInt /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1098
    #3 0x7f72afaf7318 in GetServerCapsBool /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1104
    #4 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4887
    #5 0x7f72afaf771e in SiWriteHubCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:4824
    #6 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5548
    #7 0x7f72afaf7c0b in SiWriteHubs /home/ilia/SoftEtherVPN/src/Cedar/Server.c:5515
    #8 0x7f72afaf81d6 in SiWriteConfigurationToCfg /home/ilia/SoftEtherVPN/src/Cedar/Server.c:3166
    #9 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6593
    #10 0x7f72afaf86bc in SiWriteConfigurationFile /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6569
    #11 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6561
    #12 0x7f72afaf8914 in SiSaverThread /home/ilia/SoftEtherVPN/src/Cedar/Server.c:6547
    #13 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:872
    #14 0x7f72af6e0cfa in ThreadPoolProc /home/ilia/SoftEtherVPN/src/Mayaqua/Kernel.c:827
    #15 0x7f72af76eeb4 in UnixDefaultThreadProc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1604
    #16 0x7f72af4ffc56 in start_thread (/lib64/libc.so.6+0x8cc56) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2)
    #17 0x7f72af585a6f in __clone3 (/lib64/libc.so.6+0x112a6f) (BuildId: 6107835fa7d4725691b2b7f6aaee7abe09f493b2)

0x607000366b88 is located 24 bytes inside of 72-byte region [0x607000366b70,0x607000366bb8)
freed by thread T0 here:
    #0 0x7f72afed7fc8 in __interceptor_free.part.0 (/lib64/libasan.so.8+0xd7fc8) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
    #1 0x7f72af76ed6f in UnixMemoryFree /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2072

previously allocated by thread T22 here:
    #0 0x7f72afed92ff in malloc (/lib64/libasan.so.8+0xd92ff) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
    #1 0x7f72af76f35d in UnixMemoryAlloc /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:2053

Thread T22 created by T0 here:
    #0 0x7f72afe48966 in pthread_create (/lib64/libasan.so.8+0x48966) (BuildId: 9501248886f79bf1482f3e153f794be742818172)
    #1 0x7f72af76f713 in UnixInitThread /home/ilia/SoftEtherVPN/src/Mayaqua/Unix.c:1683

SUMMARY: AddressSanitizer: heap-use-after-free /home/ilia/SoftEtherVPN/src/Cedar/Server.c:1861 in GetCaps
Shadow bytes around the buggy address:
  0x607000366900: 00 00 00 fa fa fa fa fa 00 00 00 00 00 00 00 00
  0x607000366980: 00 fa fa fa fa fa 00 00 00 00 00 00 00 00 00 fa
  0x607000366a00: fa fa fa fa 00 00 00 00 00 00 00 00 00 fa fa fa
  0x607000366a80: fa fa 00 00 00 00 00 00 00 00 00 fa fa fa fa fa
  0x607000366b00: 00 00 00 00 00 00 00 00 00 fa fa fa fa fa fd fd
=>0x607000366b80: fd[fd]fd fd fd fd fd fa fa fa fa fa fd fd fd fd
  0x607000366c00: fd fd fd fd fd fa fa fa fa fa fd fd fd fd fd fd
  0x607000366c80: fd fd fd fa fa fa fa fa fd fd fd fd fd fd fd fd
  0x607000366d00: fd fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x607000366d80: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
  0x607000366e00: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa
Shadow byte legend (one shadow byte represents 8 application bytes):
  Addressable:           00
  Partially addressable: 01 02 03 04 05 06 07
  Heap left redzone:       fa
  Freed heap region:       fd
  Stack left redzone:      f1
  Stack mid redzone:       f2
  Stack right redzone:     f3
  Stack after return:      f5
  Stack use after scope:   f8
2023-05-01 05:53:36 +02:00
Ilya Shipitsin
46e73e944f src/Mayaqua/Unix.c: fix guarding
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
   51 | #include <sys/statvfs.h>'
2023-04-29 22:31:55 +02:00
Ilya Shipitsin
8fc27da780
Merge pull request #1829 from chipitsine/master
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
2023-04-22 08:26:47 +02:00
Ilya Shipitsin
df6df007a3 src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
TALOS-2023-1741
CVE-2023-23581

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability

A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
2023-04-21 22:38:22 +02:00
Ilya Shipitsin
d2e673a47d src/Cedar/Proto_OpenVPN.c: fix denial of service found by Cisco Talos
specially crafted network packet lead to buffer overrun and process
crash. working exploit was provided by Cisco Talos team.

An integer underflow vulnerability exists in the vpnserver
OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A
specially-crafted network packet can lead to denial of service. An
attacker can send a malicious packet to trigger this vulnerability.

The versions below were either tested or verified to be vulnerable by
Talos or confirmed to be vulnerable by the vendor.

SoftEther VPN 5.01.9674
SoftEther VPN 5.02
While 5.01.9674 is a development version, it is distributed at the time
of writing by Ubuntu and other Debian-based distributions.
2023-04-16 23:06:30 +02:00
Yihong Wu
df7ea3c54a Mayaqua/Memory: Fix memory corruption in base64 2023-03-31 09:14:39 +00:00
dependabot[bot]
fb83ac08f2
Bump webpack in /src/bin/hamcore/wwwroot/admin/default
Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-15 09:35:00 +00:00
Ilya Shipitsin
e6123d36a0
Merge pull request #1782 from metalefty/adjust-version-string
Cedar: Trim contiguous whitespaces in version string
2023-03-12 08:32:55 +01:00
dependabot[bot]
91053622ab
Bump minimist and mkdirp in /src/bin/hamcore/wwwroot/admin/default
Bumps [minimist](https://github.com/minimistjs/minimist) and [mkdirp](https://github.com/isaacs/node-mkdirp). These dependencies needed to be updated together.

Updates `minimist` from 0.0.8 to 1.2.8
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/minimistjs/minimist/compare/v0.0.8...v1.2.8)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/compare/0.5.1...v0.5.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: mkdirp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-03 01:26:17 +00:00
Koichiro IWAO
1fe26ccb6c
Cedar: Trim contiguous whitespaces in version string
Before change, contiguous whitespaces appeared in version string.
This room is for beta string (such as Alpha, Beta) and beta number but
it looks a bit odd if the build is not alpha/beta/RC.

> Version 5.02 Build 5180 Alpha 3 (Japanese)
> Version 5.02 Build 5180 Beta 3 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
> Version 5.02 Build 5180   (Japanese)
>                        ^^^

Now version string looks neat like this:

> Version 5.02 Build 5180 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
2023-03-01 16:14:04 +09:00
Koichiro IWAO
bedf1cd7e9
Mayaqua/Unix: Make VM detection work on FreeBSD
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability.  There's no behavioural
change in SoftEtherVPN whether running on VM so far.
2023-02-28 20:08:04 +09:00
Yihong Wu
cd2838795b Radius: Make sure MS-CHAP response matches the original username 2023-02-27 08:37:23 +00:00
Yihong Wu
4ff9c6393a Support all EAP methods for PPP sessions with RADIUS 2023-02-27 08:37:23 +00:00
Yihong Wu
e81ecbb0ec Support EAP auth with RADIUS server for SEVPN 2023-02-24 13:05:34 +00:00
Yihong Wu
1741dfdccc Cedar/Proto_PPP: Fix radius authentication 2023-02-23 13:03:10 +00:00
Yihong Wu
eea1de3d25 Mayaqua/Network: Fix empty packet being treated as error 2023-02-19 05:41:55 +00:00
Evengard
c67d9ee201 Fixing up coverity report flags from #1760 and #1761 2023-02-04 17:47:20 +03:00
Yihong Wu
025ebec4cc Fix thread safety after #1751 2023-02-02 06:53:30 +00:00
Ilya Shipitsin
11828be9e6
Merge pull request #1751 from Evengard/eap-tls-fixups
TLS 1.3 for EAP-TLS, user search by certificate CN
2023-02-01 09:47:38 +06:00
Evengard
edcdc923ad Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN 2023-01-31 20:33:18 +03:00