DbDir : directory to store files such as vpn_server.config and backups etc
LogDir : directory to write logs (sub directories is created in this dir)
PidDir : directory to put PID files such as .ctl-* .pid-* .VPN-*
Currently the systemd service unit files are installed
into /lib/systemd/system if that directory exists. This
might not be optimal for every user, e.g. when the build
system is not the target system or when building as an
unprivileged user using CMAKE_INSTALL_PREFIX.
Make this configurable by adding a cached cmake variable
CMAKE_INSTALL_SYSTEMD_UNITDIR. Usage:
- install unit files into /lib/systemd/system if it exists (old
behavior)
cmake
- don't install unit files
cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=
- install into absolute path
cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=/path
- install into path relative to ${CMAKE_INSTALL_PREFIX}
cmake -D CMAKE_INSTALL_SYSTEMD_UNITDIR=path
The function has been greatly improved, here are some of the changes:
- The required SESSION (c->Session) parameter is checked correctly: the function returns immediately in case it's NULL. Previously, the function didn't return in case the parameter was NULL; multiple checks were in place, but not in all instances where the parameter was dereferenced.
- The resolved IP address is cached with all proxy types.
- The "RestoreServerNameAndPort" variable is documented.
- The Debug() messages have been improved.
This commit moves the generic (not related to our protocol) proxy stuff from Cedar to Mayaqua, in dedicated files.
The functions are refactored so that they all have the same arguments and follow the same logic.
Dedicated error codes are added, in order to indicate clearly why the function(s) failed.
Coverity Scan detected an out-of-bounds access issue: OvsProcessData() checked whether the payload size was bigger than the size of the buffer, instead of checking whether the entire packet size (payload size + 2 bytes) was, resulting in an out-of-bounds access in case the payload size is bigger than 1998.
This commit also improves the variable names, the comments and adds two Debug() lines.
OvsDecrypt() returns 0 when it fails, resulting in "size" rolling over with an end result of 4294967292.
This commit fixes the issue by checking whether "size" is greater than sizeof(UINT) before performing the subtraction.
The bug was caused by a typo in the StrCpy() call: the source buffer was the same as the destination one, meaning that the function didn't do anything.
- Fixed the RADIUS PEAP client to use the standard TLS versioning.
- Implementation of a function to fix the MAC address of L3 VPN protocol by entering e.g. "MAC: 112233445566" in the "Notes" field of the user information.
- Implementation of a function to fix the virtual MAC address to be assigned to the L3 VPN client as a string attribute from RADIUS server when authentication.
Hardcoded paths are used in log file enumeration such as LogFileList
command or GenerateEraseFileList function to delete old log files when
disk free space is lacking.
Fixes: SoftEtherVPN/SoftEtherVPN#972
If SecureNAT is enabled and the hostname of the server
is longer than 16characters, every NETBIOS name resolution
query triggers the buffer overflow. If the server was built
with stack protection, the process will be killed.
This commit adds a protocol interface to the server, its purpose is to manage TCP connections and the various third-party protocols.
More specifically, ProtoHandleConnection() takes care of exchanging the packets between the local and remote endpoint; the protocol implementation only has to parse them and act accordingly.
The interface knows which protocol is the connection for by calling IsPacketForMe(), a function implemented for each protocol.
My previous patch used a wrong if directive, which disabled removed
(de)initialization and threading for LibreSSL. This most likely causes
issues at runtime.
A race condition in the DHCP server caused it to offer the same IP address to multiple clients when they connected at the same time, because an offered IP address was considered free until the final step (DHCP_ACK).
This commit introduces a list to keep track of the pending leases created during DHCP_OFFER, so that an IP address is guaranteed to be offered to a single client.
StrCat() appends a string to an already existing string. In order to know where the existing string ends, it uses StrLen() which in turn uses strlen(), a function considered unsafe because it doesn't stop until it finds the null character.
Since the string was allocated but not initialized, StrCat() was either:
- Working correctly.
- Copying only a part of the string.
- Making the program crash via strlen().
The fix consists in using StrCpy(), which starts writing at the beginning of the string.
SSL_free() also frees the associated context.
d6c3c1896c/ssl/ssl_lib.c (L1209)
From https://www.openssl.org/docs/man1.1.1/man3/SSL_free.html:
"SSL_free() also calls the free()ing procedures for indirectly affected items, if applicable: the buffering BIO, the read and write BIOs, cipher lists specially created for this ssl, the SSL_SESSION. Do not explicitly free these indirectly freed up items before or after calling SSL_free(), as trying to free things twice may lead to program failure."
found by cppcheck
[src/Cedar/DDNS.c:656]: (style) Condition 'ret==NULL' is always true
[src/Cedar/DDNS.c:515] -> [src/Cedar/DDNS.c:640]: (style) The expression 'use_https == false' is always true because 'use_https' and 'false' represent the same value.
[src/Cedar/DDNS.c:516] -> [src/Cedar/DDNS.c:648]: (style) The expression 'no_cert_verify == false' is always true because 'no_cert_verify' and 'false' represent the same value.
[src/Cedar/DDNS.c:816] -> [src/Cedar/DDNS.c:860]: (style) The expression 'no_cert_verify == false' is always true because 'no_cert_verify' and 'false' represent the same value.
[src/Cedar/DDNS.c:530]: (style) Variable 'use_vgs' is assigned a value that is never used.
[src/Cedar/DDNS.c:497]: (style) The function 'DCUpdateNow' is never used.
found by cppcheck
[src/Cedar/Account.c:523]: (style) The function 'GetUserPolicy' is never used.
[src/Cedar/Account.c:163]: (style) The function 'NormalizePolicyName' is never used.
found by cppcheck
[src/Cedar/Command.c:23220] -> [src/Cedar/Command.c:23232]: (style) Variable 'len' is reassigned a value before the old one has been used.
found by cppcheck
[src/Cedar/CM.c:4509]: (style) Variable 'easy' is assigned a value that is never used.
[src/Cedar/CM.c:4547]: (style) Variable 'hub_name' is assigned a value that is never used.
[src/Cedar/CM.c:4609]: (style) Variable 'is_account' is assigned a value that is never used.
[src/Cedar/CM.c:8545]: (style) The function 'CmLoadK' is never used.
To fix the bug of OpenVPN 2.4.6 and particular version of kernel mode TAP driver on Linux, the TAP device must be up after the OpenVPN client is connected. However there is no direct push instruction to do so to OpenVPN client. Therefore we push the dummy IPv4 address (RFC7600) to the OpenVPN client to enforce the TAP driver UP state.
found by cppcheck
[src/Mayaqua/Mayaqua.c:753]: (style) Consecutive return, break, continue, goto or throw statements are unnecessary.
[src/Mayaqua/Mayaqua.c:484]: (style) The function 'IsUnicode' is never used.
[src/Mayaqua/Mayaqua.c:438]: (style) The function 'MayaquaDotNetMode' is never used.
[src/Mayaqua/Mayaqua.c:774]: (style) The function 'PrintOsInfo' is never used.
found by cppcheck
[src/Mayaqua/Cfg.c:669]: (style) Variable 'invalid_file' is assigned a value that is never used.
[src/Mayaqua/Cfg.c:2111]: (style) Variable 'v' is assigned a value that is never used.
[src/Mayaqua/Cfg.c:1114]: (style) The function 'CfgFolderToBufText' is never used.
[src/Mayaqua/Cfg.c:539]: (style) The function 'CfgRead' is never used.
[src/Mayaqua/Cfg.c:418]: (style) The function 'CfgSave' is never used.
[src/Mayaqua/Cfg.c:1425]: (style) The function 'CfgStrToType' is never used.
[src/Mayaqua/Cfg.c:708]: (style) The function 'CfgTest' is never used.
[src/Mayaqua/Cfg.c:704]: (style) The function 'CfgTest2' is never used.
[src/Mayaqua/Cfg.c:247]: (style) The function 'NewCfgRwW' is never used.
This allows an OpenVPN client to bypass a firewall which is aware of the protocol and is able to block it.
The XOR mask set on the server has to be the same on the client, otherwise it will not be able to connect with certain obfuscation modes.
A special OpenVPN client built with the "XOR patch" is required in order to use this function, because it has never been merged in the official OpenVPN repository.
Two parameters are added to the server configuration: "OpenVPNObfuscationMethod" and "OpenVPNObfuscationMask".
Their value can be retrieved with "OpenVpnObfuscationGet" and set with "OpenVpnObfuscationEnable" in the VPN Command Line Management Utility.
resolve possible null pointer dereference
found by cppcheck
[src/Cedar/Protocol.c:3138] -> [src/Cedar/Protocol.c:3071]: (warning) Either the condition 's!=NULL' is redundant or there is possible null pointer dereference: s.
[src/Cedar/Protocol.c:916]: (style) Variable 'save' is assigned a value that is never used.
[src/Cedar/Protocol.c:6242]: (style) Variable 'size' is assigned a value that is never used.
[src/Cedar/Protocol.c:778]: (style) Variable 'old_disable' is assigned a value that is never used.
[src/Cedar/Protocol.c:1021]: (style) Variable 'save' is assigned a value that is never used.
[src/Cedar/Protocol.c:3708]: (style) Variable 'is_vgc' is assigned a value that is never used.
[src/Cedar/Protocol.c:5785]: (style) Variable 's' is assigned a value that is never used.
[src/Cedar/Protocol.c:6164]: (style) The function 'SocksConnectEx' is never used.
[src/Cedar/Protocol.c:907]: (style) The function 'CompareNodeInfo' is never used.
[src/Cedar/Protocol.c:6968]: (style) The function 'ProxyConnect' is never used.
[src/Cedar/Protocol.c:3986]: (style) The function 'SecureDelete' is never used.
[src/Cedar/Protocol.c:4042]: (style) The function 'SecureEnum' is never used.
[src/Cedar/Protocol.c:4127]: (style) The function 'SecureWrite' is never used.
[src/Cedar/Protocol.c:6463]: (style) The function 'SocksConnect' is never used.
[src/Cedar/Protocol.c:7185]: (style) The function 'TcpConnectEx2' is never used.
[src/Cedar/Protocol.c:7206]: (style) The function 'TcpIpConnect' is never used.
1.0.0.1 is a real IP address, owned by CloudFlare and used for their DNS service.
This commit changes the IP address we push to 192.0.0.8, which is defined in RFC7600 as dummy IPv4 address.
found by PVS analyzer
src/Mayaqua/Network.c 18715 err V571 Recurring check. The 'if (u->GetNatTIpThread == NULL)' condition was already verified in line 18712.
found by cppcheck
[src/Mayaqua/OS.c:493]: (style) The function 'OSDec32' is never used.
[src/Mayaqua/OS.c:373]: (style) The function 'OSDeleteDir' is never used.
[src/Mayaqua/OS.c:393]: (style) The function 'OSFileCreate' is never used.
[src/Mayaqua/OS.c:353]: (style) The function 'OSFileDelete' is never used.
[src/Mayaqua/OS.c:383]: (style) The function 'OSFileOpen' is never used.
[src/Mayaqua/OS.c:331]: (style) The function 'OSFileRename' is never used.
[src/Mayaqua/OS.c:487]: (style) The function 'OSInc32' is never used.
[src/Mayaqua/OS.c:363]: (style) The function 'OSMakeDir' is never used.
[src/Mayaqua/OS.c:541]: (style) The function 'OSResetEvent' is never used.
found by cppcheck
[src/Cedar/Proto_IkePacket.c:958]: (style) The function 'IkeNewCertPayload' is never used.
[src/Cedar/Proto_IkePacket.c:942]: (style) The function 'IkeNewCertRequestPayload' is never used.
[src/Cedar/Proto_IkePacket.c:875]: (style) The function 'IkeNewNoticeErrorInvalidExchangeTypePayload' is never used.
[src/Cedar/Proto_IkePacket.c:2542]: (style) The function 'IkeNewSpi' is never used.
[src/Cedar/Proto_IkePacket.c:142]: (style) The function 'IkePhase1CryptIdToKeySize' is never used.
[src/Cedar/Proto_IkePacket.c:157]: (style) The function 'IkePhase2CryptIdToKeySize' is never used.
[src/Cedar/Proto_IkePacket.c:172]: (style) The function 'IkeStrToPhase1CryptId' is never used.
[src/Cedar/Proto_IkePacket.c:187]: (style) The function 'IkeStrToPhase1HashId' is never used.
[src/Cedar/Proto_IkePacket.c:196]: (style) The function 'IkeStrToPhase2CryptId' is never used.
[src/Cedar/Proto_IkePacket.c:211]: (style) The function 'IkeStrToPhase2HashId' is never used.
[src/Cedar/Proto_IkePacket.c:2168]: (style) Condition 'b==NULL' is always true
This commit fixes the "TrackDeleteObj: 0x12345678 is not Object!!" (where 0x12345678 is the actual address) errors with memcheck enabled.
It also fixes the following related warnings:
warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
TrackChangeObjSize((DWORD)addr, size, (DWORD)new_addr);
^
warning: cast from pointer to integer of different size [-Wpointer-to-int-cast]
TrackChangeObjSize((DWORD)addr, size, (DWORD)new_addr);
^
1. ifdef DEBUG -> defined(_DEBUG) || defined(DEBUG)
In VC++ compilers, the macro is "_DEBUG", not "DEBUG".
2. If set memcheck = true, the program will be vitally slow since it will log all malloc() / realloc() / free() calls to find the cause of memory leak.
For normal debug we set memcheck = false.
Please set memcheck = true if you want to test the cause of memory leaks.
This commit improves the RecvFrom() and RecvFrom6() functions by:
- Using the right data type for the struct size variable passed to recvfrom().
- Improving the arguments validation mechanism.
- Printing unhandled errors.
- Hash() has been removed because it was ambiguous, Md5() and Sha0() are proper replacements.
- HMacMd5() and HMacSha1() now share a common implementation handled by the new Internal_HMac() function.
- NewMd() and MdProcess() now support plain hashing (without the key).
- NewMd(), SetMdKey() and MdProcess() now check the OpenSSL functions' return value and in case of failure a debug message is printed along with the error string, if available.
- SetMdKey()'s return value has been changed from void to bool, so that it's possible to know whether the function succeeded or not.
- MdProcess()' return value has been changed from void to UINT (unsigned int) and the function now returns the number of bytes written by HMAC_Final() or EVP_DigestFinal_ex().
also cleanup a code based on PVS analyzer findings
src/Cedar/Hub.c 5279 warn V547 Expression 'e->UpdatedTime <= oldest_time' is always true.
src/Cedar/Hub.c 5840 warn V581 The conditional expressions of the 'if' statements situated alongside each other are identical. Check lines: 5828, 5840.
coverity thinks there might be null pointer dereference, make it
happier by removing check (there's a check against NULL in function itself).
condition "a.DataSize <= 1500" is always true
The previous regex expression removed all the 0s present in the input string, meaning that it caused the build to fail in case one of the date/time values was effectively 0.
found by coverity, cppcheck
[src/Cedar/Hub.c:6663]: (style) The function 'CalcTrafficEntryDiff' is never used.
[src/Cedar/Hub.c:3387]: (style) The function 'GetSessionByPtr' is never used.
[src/Cedar/Hub.c:3139]: (style) The function 'SetSessionFirstRedirectHttpUrl' is never used.
[src/Cedar/Hub.c:3912]: (style) The function 'VgsSetEmbTag' is never used.
[src/Cedar/Hub.c:3918]: (style) The function 'VgsSetUserAgentValue' is never used.
Pull request #294 added SHA-256, SHA-384, and SHA-512 support to the protocol, but part of it was removed in faee11ff09, because it caused a buffer over-read crash.
It also broke the MD5 implementation because the switch-case block didn't handle the type anymore.
This pull request fixes all the implementations and improves the IkeHMac() function by using the dedicated hashing functions.
found by coverity, cppcheck
[src/Cedar/Server.c:2899]: (style) Variable 'is_vgs_enabled' is assigned a value that is never used.
[src/Cedar/Server.c:3961]: (style) Variable 'id' is assigned a value that is never used.
[src/Cedar/Server.c:5723]: (style) Variable 'c' is assigned a value that is never used.
[src/Cedar/Server.c:5767]: (style) Variable 'num_connections_per_ip' is assigned a value that is never used.
[src/Cedar/Server.c:7327]: (style) Variable 'num' is assigned a value that is never used.
[src/Cedar/Server.c:8444]: (style) The function 'SiCallEnumHubBegin' is never used.
[src/Cedar/Server.c:8454]: (style) The function 'SiCallEnumHubEnd' is never used.
[src/Cedar/Server.c:9923]: (style) The function 'SiCallTaskAsyncBegin' is never used.
[src/Cedar/Server.c:9949]: (style) The function 'SiCallTaskAsyncEnd' is never used.
[src/Cedar/Server.c:10769]: (style) The function 'SiCheckCurrentRegion' is never used.
[src/Cedar/Server.c:2831]: (style) The function 'SiGetAzureEnable' is never used.
[src/Cedar/Server.c:208]: (style) The function 'SiGetServerNumUserObjects' is never used.
[src/Cedar/Server.c:2435]: (style) The function 'SiInitBridge' is never used.
[src/Cedar/Server.c:2540]: (style) The function 'SiTest' is never used.
[src/Cedar/Server.c:6707]: (style) The function 'StGetServer' is never used.
found by cppcheck
[src/Mayaqua/Kernel.c:1199]: (style) Variable 'new_thread' is assigned a value that is never used.
[src/Mayaqua/Kernel.c:385]: (style) The function 'DelThreadFromThreadList' is never used.
[src/Mayaqua/Kernel.c:1726]: (style) The function 'GetCurrentLocale' is never used.
[src/Mayaqua/Kernel.c:562]: (style) The function 'GetHomeDir' is never used.
[src/Mayaqua/Kernel.c:1644]: (style) The function 'GetSpanStr' is never used.
[src/Mayaqua/Kernel.c:1695]: (style) The function 'GetSpanStrEx' is never used.
[src/Mayaqua/Kernel.c:950]: (style) The function 'GetTimeStr64' is never used.
[src/Mayaqua/Kernel.c:909]: (style) The function 'GetTimeStrEx64' is never used.
[src/Mayaqua/Kernel.c:1924]: (style) The function 'System64ToTime' is never used.
[src/Mayaqua/Kernel.c:1900]: (style) The function 'TimeToSystem64' is never used.
[src/Mayaqua/Kernel.c:470]: (style) The function 'WaitAllThreadsWillBeStopped' is never used.
[src/Mayaqua/Kernel.c:1478]: (style) The function 'GetTimeStr' is never used.
found by coverity, cppcheck
[src/Cedar/Session.c:1856]: (style) The function 'CompareSession' is never used.
[src/Cedar/Session.c:2384]: (style) The function 'DebugPrintSessionKey' is never used.
[src/Cedar/Session.c:2102]: (style) The function 'GetSessionFromKey32' is never used.
remove unused variable
[src/Cedar/IPsec_IKE.c:4332] -> [src/Cedar/IPsec_IKE.c:4332]: (style) Same expression on both sides of '||'.
[src/Cedar/IPsec_IKE.c:1665]: (style) Variable 'zero' is assigned a value that is never used.
found by coverity, cppcheck
[src/Cedar/Cedar.c:1605]: (style) The function 'EnableDebugLog' is never used.
[src/Cedar/Cedar.c:858]: (style) The function 'GetUnestablishedConnections' is never used.
[src/Cedar/Cedar.c:652]: (style) The function 'InitHiddenPassword' is never used.
[src/Cedar/Cedar.c:633]: (style) The function 'IsHiddenPasswordChanged' is never used.
[src/Cedar/Cedar.c:393]: (style) The function 'IsInNoSsl' is never used.
[src/Cedar/Cedar.c:1785]: (style) The function 'IsLaterBuild' is never used.
found by coverity, cppcheck
[src/Cedar/Client.c:9094]: (style) Unused variable: i
[src/Cedar/Client.c:500] -> [src/Cedar/Client.c:503]: (style) Variable 'ret' is reassigned a value before the old one has been used.
found by coverity, cppcheck
[src/Mayaqua/Network.c:10599] -> [src/Mayaqua/Network.c:10603]: (style) Variable 'ret' is reassigned a value before the old one has been used.
[src/Mayaqua/Network.c:10611] -> [src/Mayaqua/Network.c:10615]: (style) Variable 'e' is reassigned a value before the old one has been used.
[src/Mayaqua/Network.c:12979]: (style) Variable 'disable_conditional_accept' is assigned a value that is never used.
[src/Mayaqua/Network.c:12167]: (style) Variable 's' is assigned a value that is never used.
[src/Mayaqua/Network.c:12319]: (style) Variable 's' is assigned a value that is never used.
[src/Mayaqua/Network.c:20660]: (style) The function 'HttpSendInvalidHostname' is never used.
[src/Mayaqua/Network.c:6640]: (style) The function 'IsNetworkPrefixAddress6' is never used.
[src/Mayaqua/Network.c:17593]: (style) The function 'ParseIpAndSubnetMask6' is never used.
[src/Mayaqua/Network.c:473]: (style) The function 'SetNatTLowPriority' is never used.
[src/Mayaqua/Network.c:14924]: (style) The function 'SetSocketSendRecvBufferSize' is never used.
[src/Mayaqua/Network.c:6249]: (style) The function 'Win32AcceptCheckCallback_Delay' is never used.
[src/Mayaqua/Network.c:6264]: (style) The function 'Win32Accept_XP' is never used.
[src/Mayaqua/Network.c:7467]: (style) The function 'Win32GetTcpTableList' is never used.
[src/Mayaqua/Network.c:9171]: (style) The function 'Win32NetworkTest' is never used.
[src/Mayaqua/Network.c:6581]: (style) The function 'GetHostAddress6' is never used.
[src/Mayaqua/Network.c:7468]: (style) The function 'Win32GetTcpTableListByAllocateAndGetTcpExTableFromStack' is never used.
[src/Mayaqua/Network.c:7384]: (style) The function 'Win32GetTcpTableListByGetExtendedTcpTable' is never used.
[src/Mayaqua/Network.c:7515]: (style) The function 'Win32GetTcpTableListByGetTcpTable' is never used.
[src/Mayaqua/Network.c:6758]: (style) The function 'IPNot6' is never used.
variables. Found by coverity, cppcheck
[src/Mayaqua/Unix.c:2559]: (style) Unused variable: status
[src/Mayaqua/Unix.c:181]: (style) Redundant condition: select!=NULL. 'select==NULL || (select!=NULL && (*select)(entry))' is equivalent to 'select==NULL || (*select)(entry)'
[src/Mayaqua/Unix.c:1297]: (style) The function 'UnixDaemon' is never used.
[src/Mayaqua/Unix.c:543]: (style) The function 'UnixGetDiskFreeW' is never used.
[src/Mayaqua/Unix.c:834]: (style) The function 'UnixRestoreThreadPriority' is never used.
[src/Mayaqua/Unix.c:816]: (style) The function 'UnixSetThreadPriorityHigh' is never used.
[src/Mayaqua/Unix.c:825]: (style) The function 'UnixSetThreadPriorityIdle' is never used.
[src/Mayaqua/Unix.c:807]: (style) The function 'UnixSetThreadPriorityLow' is never used.
[src/Mayaqua/Unix.c:2805]: (style) The function 'UnixWaitProcess' is never used.
found by coverity, cppcheck
[src/Cedar/Client.c:10486]: (style) The function 'CiFreeInnerVPNServer' is never used.
[src/Cedar/Client.c:10877]: (style) The function 'CiGetNumActiveSessions' is never used.
[src/Cedar/Client.c:2042]: (style) The function 'CiHasAccountSensitiveInformationFile' is never used.
[src/Cedar/Client.c:10469]: (style) The function 'CiNewInnerVPNServer' is never used.
[src/Cedar/Client.c:1128]: (style) The function 'CncGetSessionId' is never used.
[src/Cedar/Client.c:767]: (style) The function 'CncPasswordDlgHaltThread' is never used.
[src/Cedar/Client.c:10681]: (style) The function 'CompareInternetSetting' is never used.
[src/Cedar/Client.c:11060]: (style) The function 'CtGetClient' is never used.
[src/Cedar/Client.c:5128]: (style) The function 'InRpcClientNotify' is never used.
[src/Cedar/Client.c:4340]: (style) The function 'InRpcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:5140]: (style) The function 'OutRpcClientNotify' is never used.
[src/Cedar/Client.c:5657]: (style) Condition 'reg_port!=0' is always false
[src/Cedar/Client.c:683]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Client.c:725]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Client.c:1013]: (style) Variable 'param' is assigned a value that is never used.
found by coverity, cppcheck
[src/Cedar/BridgeUnix.c:270] -> [src/Cedar/BridgeUnix.c:279]: (style) Variable 'ret' is reassigned a value before the old one has been used.
[src/Cedar/BridgeUnix.c:560] -> [src/Cedar/BridgeUnix.c:569]: (style) Variable 't' is reassigned a value before the old one has been used.
[src/Cedar/BridgeUnix.c:1528] -> [src/Cedar/BridgeUnix.c:1537]: (style) Variable 'ret' is reassigned a value before the old one has been used.
[src/Cedar/BridgeUnix.c:1278]: (style) Unused variable: c
[src/Cedar/BridgeUnix.c:1090]: (style) The function 'DlipAttachRequest' is never used.
found by coverity, cppcheck
[src/Cedar/Command.c:9378]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:9999]: (style) The function 'CmdEvalNetworkAndSubnetMask6' is never used.
found by coverity, cppcheck
[src/Cedar/EtherLog.c:327]: (style) The function 'EcAddLicenseKey' is never used.
[src/Cedar/EtherLog.c:385]: (style) The function 'ElCheckLicense' is never used.
found by coverity, cppcheck
[src/Mayaqua/TcpIp.c:578]: (style) Variable 'tcp_size' is assigned a value that is never used.
[src/Mayaqua/TcpIp.c:1034]: (style) Variable 'has_vlan_tag' is assigned a value that is never used.
[src/Mayaqua/TcpIp.c:1996]: (style) Variable 'tcp_header_size' is assigned a value that is never used.
[src/Mayaqua/TcpIp.c:127]: (style) The function 'IcmpEchoSend' is never used.
[src/Mayaqua/TcpIp.c:2194]: (style) The function 'ParsePacketL2' is never used.
[src/Mayaqua/TcpIp.c:251]: (style) The function 'IcmpEchoSendBySocket' is never used.
found by cppcheck and coverity
[src/Cedar/Command.c:523] -> [src/Cedar/Command.c:532]: (style) Variable 'ok' is reassigned a value before the old one has been used.
[src/Cedar/Command.c:776]: (style) Variable 'tick2' is assigned a value that is never used.
[src/Cedar/Command.c:2244]: (style) Variable 'halt_timeout' is assigned a value that is never used.
[src/Cedar/Command.c:2246]: (style) Variable 'check_clock_seed' is assigned a value that is never used.
[src/Cedar/Command.c:2247]: (style) Variable 'halting' is assigned a value that is never used.
[src/Cedar/Command.c:6904]: (style) Unused variable: tmp
[src/Cedar/Command.c:12217]: (style) Variable 'packet_log' is assigned a value that is never used.
[src/Cedar/Command.c:20825]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:20883]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:20927]: (style) Variable 'ret' is assigned a value that is never used.
[src/Cedar/Command.c:10022]: (style) The function 'CmdEvalIpAndMask46' is never used.
[src/Cedar/Command.c:10109]: (style) The function 'CmdEvalNetworkAndSubnetMask46' is never used.
[src/Cedar/Command.c:23025]: (style) The function 'CmdPrintRow' is never used.
[src/Cedar/Command.c:167]: (style) The function 'InRpcTtResult' is never used.
[src/Cedar/Command.c:148]: (style) The function 'OutRpcTtResult' is never used.
The workaround was required for the "net30" topology because:
"There is a problem in your selection of --ifconfig endpoints [local=192.168.30.10, remote=192.168.30.1]. The local and remote VPN endpoints must exist within the same 255.255.255.252 subnet. This is a limitation of --dev tun when used with the TAP-WIN32 driver. Try 'openvpn --show-valid-subnets' option for more info."
See https://community.openvpn.net/openvpn/wiki/Topology for detailed info.
also, remove unused functions:
[src/Cedar/EtherLog.c:1377]: (style) The function 'ElFree' is never used.
[src/Cedar/EtherLog.c:1370]: (style) The function 'ElInit' is never used.
[src/Cedar/Logging.c:679]: (style) The function 'HubLog' is never used.
[src/Cedar/Logging.c:888]: (style) The function 'IPCLog' is never used.
[src/Cedar/Logging.c:295]: (style) The function 'PrintEraseFileList' is never used.
[src/Cedar/Logging.c:1025]: (style) The function 'SecLog' is never used.
[src/Cedar/Logging.c:622]: (style) The function 'ServerLog' is never used.
[src/Cedar/Logging.c:2273]: (style) The function 'SetLogDirName' is never used.
[src/Cedar/Logging.c:2293]: (style) The function 'SetLogPrefix' is never used.
[src/Cedar/Logging.c:997]: (style) The function 'WriteMultiLineLog' is never used.
[src/Cedar/Logging.c:918]: (style) The function 'WriteSecurityLog' is never used.
[src/Cedar/Logging.c:1018] -> [src/Cedar/Logging.c:1006]:
(warning) Either the condition 'src_session!=NULL' is redundant or there is possible null
pointer dereference: src_session.
[src/Cedar/Interop_OpenVPN.c:2711]: (style) Variable 'now' is assigned a value that is never used.
[src/Cedar/Interop_OpenVPN.c:1053]: (style) The function 'OvsAddEntry' is never used.
[src/Cedar/Interop_OpenVPN.c:2610]: (style) The function 'OvsGetCompatibleL3IPNext' is never used.
[src/Cedar/Interop_OpenVPN.c:1047]: (style) The function 'OvsNewList' is never used.
[src/Cedar/Interop_OpenVPN.c:128]: (style) The function 'OvsSetNoOpenVpnTcp' is never used.
[src/Cedar/Interop_OpenVPN.c:140]: (style) The function 'OvsSetNoOpenVpnUdp' is never used.
[src/Mayaqua/Str.c:3019]: (style) The function 'CopyFormat' is never used.
[src/Mayaqua/Str.c:280]: (style) The function 'HexToInt64' is never used.
[src/Mayaqua/Str.c:2448]: (style) The function 'InChar' is never used.
[src/Mayaqua/Str.c:745]: (style) The function 'IniHasValue' is never used.
[src/Mayaqua/Str.c:692]: (style) The function 'IniInt64Value' is never used.
[src/Mayaqua/Str.c:726]: (style) The function 'IniUniStrValue' is never used.
[src/Mayaqua/Str.c:2138]: (style) The function 'IsPrintableAsciiStr' is never used.
[src/Mayaqua/Str.c:1045]: (style) The function 'NormalizeCrlf' is never used.
[src/Mayaqua/Str.c:2899]: (style) The function 'ReplaceFormatStringFor64' is never used.
[src/Mayaqua/Str.c:2442]: (style) The function 'SearchStri' is never used.
[src/Mayaqua/Str.c:3345]: (style) The function 'StrCheckSize' is never used.
[src/Mayaqua/Str.c:1386]: (style) The function 'StrListToStr' is never used.
[src/Mayaqua/Str.c:348]: (style) The function 'ToHex64' is never used.
[src/Mayaqua/Str.c:2803]: (style) The function 'ToStri' is never used.
[src/Mayaqua/Str.c:2797]: (style) The function 'ToStrx' is never used.
[src/Mayaqua/Str.c:2791]: (style) The function 'ToStrx8' is never used.
[src/Mayaqua/Str.c:1325]: (style) The function 'TokenListToList' is never used.
OpenVPN sends the cipher name in uppercase, even if it's not standard, thus we have to convert it to lowercase for EVP_get_cipherbyname().
We also have to send the cipher name as it was received from the OpenVPN client, unless it's a different cipher, to prevent a message such as:
"WARNING: 'cipher' is used inconsistently, local='cipher AES-128-GCM', remote='cipher aes-128-gcm'"
It happens because OpenVPN uses "strcmp()" to compare the local and remote parameters: a6fd48ba36/src/openvpn/options.c (L3819-L3831)
See https://github.com/openssl/openssl/issues/6921 for EVP_get_cipherbyname().
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c: In function 'RsaCheck':
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:2307:3: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL);
^~~
In file included from /usr/include/openssl/rsa.h:13:0,
from /usr/include/openssl/x509.h:31,
from /usr/include/openssl/ssl.h:50,
from /builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:127:
/usr/include/openssl/rsa.h:193:1: note: declared here
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
^
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c: In function 'RsaGen':
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:2377:3: warning: 'RSA_generate_key' is deprecated [-Wdeprecated-declarations]
rsa = RSA_generate_key(bit, RSA_F4, NULL, NULL);
^~~
In file included from /usr/include/openssl/rsa.h:13:0,
from /usr/include/openssl/x509.h:31,
from /usr/include/openssl/ssl.h:50,
from /builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:127:
/usr/include/openssl/rsa.h:193:1: note: declared here
DEPRECATEDIN_0_9_8(RSA *RSA_generate_key(int bits, unsigned long e, void
^
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c: In function 'X509ToX':
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:3435:7: warning: 'ASN1_STRING_data' is deprecated [-Wdeprecated-declarations]
char *uri = (char *)ASN1_STRING_data(ad->location->d.uniformResourceIdentifier);
^~~~
In file included from /usr/include/openssl/bn.h:31:0,
from /usr/include/openssl/asn1.h:24,
from /usr/include/openssl/objects.h:916,
from /usr/include/openssl/evp.h:27,
from /usr/include/openssl/x509.h:23,
from /usr/include/openssl/ssl.h:50,
from /builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:127:
/usr/include/openssl/asn1.h:553:1: note: declared here
DEPRECATEDIN_1_1_0(unsigned char *ASN1_STRING_data(ASN1_STRING *x))
^
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c: In function 'FreeOpenSSLThreadState':
/builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:3643:2: warning: 'ERR_remove_state' is deprecated [-Wdeprecated-declarations]
ERR_remove_state(0);
^~~~~~~~~~~~~~~~
In file included from /usr/include/openssl/ct.h:13:0,
from /usr/include/openssl/ssl.h:61,
from /builds/SoftEther/SoftEtherVPN/src/Mayaqua/Encrypt.c:127:
/usr/include/openssl/err.h:248:1: note: declared here
DEPRECATEDIN_1_0_0(void ERR_remove_state(unsigned long pid))
^
/builds/SoftEther/SoftEtherVPN/src/Cedar/Console.c: In function 'PasswordPrompt':
/builds/SoftEther/SoftEtherVPN/src/Cedar/Console.c:2051:8: warning: implicit declaration of function 'getch'; did you mean 'getc'? [-Wimplicit-function-declaration]
c = getch();
^~~~~
getc
In file included from /builds/SoftEther/SoftEtherVPN/src/Cedar/Bridge.c:130:0:
/builds/SoftEther/SoftEtherVPN/src/Cedar/BridgeUnix.c: In function 'CloseEth':
/builds/SoftEther/SoftEtherVPN/src/Cedar/BridgeUnix.c:1568:3: warning: implicit declaration of function 'FreeTap'; did you mean 'FreeCaps'? [-Wimplicit-function-declaration]
FreeTap(e->Tap);
^~~~~~~
FreeCaps
Internat.c: fix iconv() with musl by removing unrecognized EUCJP encoding
src/CMakeFiles.txt: recognize USE_MUSL=YES environment variable to compile with musl
[src/Mayaqua/FileIO.c:2299]: (style) The function 'ConvertPath' is never used.
[src/Mayaqua/FileIO.c:728]: (style) The function 'ConvertSafeFileNameW' is never used.
[src/Mayaqua/FileIO.c:2359]: (style) The function 'DeleteDirInner' is never used.
[src/Mayaqua/FileIO.c:2232]: (style) The function 'FileCloseAndDelete' is never used.
[src/Mayaqua/FileIO.c:2748]: (style) The function 'FileCreateInner' is never used.
[src/Mayaqua/FileIO.c:2537]: (style) The function 'FileDeleteInner' is never used.
[src/Mayaqua/FileIO.c:2858]: (style) The function 'FileOpenInner' is never used.
[src/Mayaqua/FileIO.c:2276]: (style) The function 'FileRenameInner' is never used.
[src/Mayaqua/FileIO.c:680]: (style) The function 'FileReplaceRename' is never used.
[src/Mayaqua/FileIO.c:2581]: (style) The function 'FileSizeEx' is never used.
[src/Mayaqua/FileIO.c:2812]: (style) The function 'FileWriteAll' is never used.
[src/Mayaqua/FileIO.c:1992]: (style) The function 'GetCurrentDir' is never used.
[src/Mayaqua/FileIO.c:765]: (style) The function 'GetDiskFreeW' is never used.
[src/Mayaqua/FileIO.c:1852]: (style) The function 'IsFileExistsInner' is never used.
[src/Mayaqua/FileIO.c:235]: (style) The function 'IsFileWriteLocked' is never used.
[src/Mayaqua/FileIO.c:2494]: (style) The function 'MakeDirInner' is never used.
[src/Mayaqua/FileIO.c:1568]: (style) The function 'MakeSafeFileNameW' is never used.
[src/Mayaqua/FileIO.c:1941]: (style) The function 'ParseSplitedPath' is never used.
[src/Mayaqua/FileIO.c:995]: (style) The function 'SafeFileNameW' is never used.
[src/Mayaqua/FileIO.c:2369]: (style) The function 'FileSizeExW' is never used.
[src/Mayaqua/FileIO.c:1848]: (style) The function 'GetCurrentDirW' is never used.
[src/Cedar/WinUi.c:7240]: (style) The function 'CbInsertStr' is never used.
[src/Cedar/WinUi.c:9271]: (style) The function 'CheckTextLen' is never used.
[src/Cedar/WinUi.c:9252]: (style) The function 'CheckTextSize' is never used.
[src/Cedar/WinUi.c:8936]: (style) The function 'DialogCreateEx' is never used.
[src/Cedar/WinUi.c:2155]: (style) The function 'EndFreeInfoDlg' is never used.
[src/Cedar/WinUi.c:2171]: (style) The function 'ExecuteHamcoreExe' is never used.
[src/Cedar/WinUi.c:9885]: (style) The function 'FormatTextA' is never used.
[src/Cedar/WinUi.c:9323]: (style) The function 'GetFontSize' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'GetMonitorSize' is never used.
[src/Cedar/WinUi.c:9759]: (style) The function 'GetWindowClientRect' is never used.
[src/Cedar/WinUi.c:1134]: (style) The function 'GetWizardPageIndex' is never used.
[src/Cedar/WinUi.c:3964]: (style) The function 'IpClear' is never used.
[src/Cedar/WinUi.c:6851]: (style) The function 'LbAddStr' is never used.
[src/Cedar/WinUi.c:6824]: (style) The function 'LbFindStr' is never used.
[src/Cedar/WinUi.c:7064]: (style) The function 'LbGetSelect' is never used.
[src/Cedar/WinUi.c:6812]: (style) The function 'LbGetStr' is never used.
[src/Cedar/WinUi.c:6900]: (style) The function 'LbInsertStr' is never used.
[src/Cedar/WinUi.c:7012]: (style) The function 'LbSetHeight' is never used.
[src/Cedar/WinUi.c:3652]: (style) The function 'LedDrawRect' is never used.
[src/Cedar/WinUi.c:6000]: (style) The function 'LvGetMaskedNum' is never used.
[src/Cedar/WinUi.c:6037]: (style) The function 'LvSearchStr_' is never used.
[src/Cedar/WinUi.c:5703]: (style) The function 'LvSetItemImage' is never used.
[src/Cedar/WinUi.c:5831]: (style) The function 'LvShow' is never used.
[src/Cedar/WinUi.c:10155]: (style) The function 'NoTop' is never used.
[src/Cedar/WinUi.c:10047]: (style) The function 'NoticeSettingChange' is never used.
[src/Cedar/WinUi.c:7854]: (style) The function 'PkcsUtil' is never used.
[src/Cedar/WinUi.c:8968]: (style) The function 'SetBitmap' is never used.
[src/Cedar/WinUi.c:4539]: (style) The function 'SetMenuItemEnable' is never used.
[src/Cedar/WinUi.c:9918]: (style) The function 'SetTextEx' is never used.
[src/Cedar/WinUi.c:9940]: (style) The function 'SetTextExA' is never used.
[src/Cedar/WinUi.c:11272]: (style) The function 'SetWinUiTitle' is never used.
[src/Cedar/WinUi.c:2132]: (style) The function 'StartFreeInfoDlg' is never used.
[src/Cedar/WinUi.c:3920]: (style) The function 'UiTest' is never used.
[src/Cedar/WinUi.c:1558]: (style) The function 'WinConnectEx2' is never used.
[src/Cedar/WinUi.c:10803]: (style) The function 'WinUiDebug' is never used.
[src/Cedar/WinUi.c:6908]: (style) The function 'CbInsertStr9xA' is never used.
[src/Cedar/WinUi.c:2096]: (style) The function 'FreeInfoThread' is never used.
[src/Cedar/WinUi.c:9644]: (style) The function 'GetTextSize' is never used.
[src/Cedar/WinUi.c:2833]: (style) The function 'GetWindowAndControlSizeResizeScale' is never used.
[src/Cedar/WinUi.c:2001]: (style) The function 'IsRegistedToDontShowFreeEditionDialog' is never used.
[src/Cedar/WinUi.c:6606]: (style) The function 'LbAddStrA' is never used.
[src/Cedar/WinUi.c:6739]: (style) The function 'LbGetSelectIndex' is never used.
[src/Cedar/WinUi.c:6627]: (style) The function 'LbInsertStrA' is never used.
[src/Cedar/WinUi.c:7593]: (style) The function 'PkcsUtilProc' is never used.
[src/Cedar/WinUi.c:6598]: (style) The function 'LbSelect' is never used.
[src/Cedar/WinUi.c:7421]: (style) The function 'PkcsUtilErase' is never used.
[src/Cedar/WinUi.c:7349]: (style) The function 'PkcsUtilWrite' is never used.
[src/Cedar/WinUi.c:2059]: (style) The function 'ShowFreeInfoDialog' is never used.
[src/Cedar/WinUi.c:2013]: (style) The function 'FreeInfoDialogProc' is never used.
[src/Cedar/WinUi.c:6558]: (style) The function 'LbFindData' is never used.
[src/Cedar/WinUi.c:6534]: (style) The function 'LbSelectIndex' is never used.
[src/Cedar/WinUi.c:6488]: (style) The function 'LbGetData' is never used.
[src/Cedar/WinUi.c:6464]: (style) The function 'LbNum' is never used.
[src/Cedar/WinUi.c:2001]: (style) The function 'RegistToDontShowFreeEditionDialog' is never used.
With server certificate validation enabled, vpnclient unconditionally
stopped connection on untrusted server certificate. Added account
configuration parameter to retry connection if server certivicate failed
validation.
On startup client creates TUN interface in UP state and kept it UP even
if connection to the server was lost. Creating interface in DOWN state,
turning it UP on successful (re-)connection to server and DOWN on either
disconnect or connection loss would enable DHCP client (say dhclient5)
to detect necessity for lease renewal.
Added a client configuration parameter to create TUN interface in DOWN
state and commands to enable, disable, and query the configuration
parameter.
Enabling the parameter causes client to put all unused TUN interfaces
DOWN, create new TUN interfaces in DOWN state, and turn TUN interfaces
corresponding to active sessions DOWN on connection loss or
disconnecting from server.
Disabling the parameter forces client to turn all TUN interfaces UP and
create new TUN interfaces in UP state.
Default value is 'Disable'.
[src/Mayaqua/Memory.c:2605]: (style) The function 'ClearFifo' is never used.
[src/Mayaqua/Memory.c:1380]: (style) The function 'CloneList' is never used.
[src/Mayaqua/Memory.c:4267]: (style) The function 'CloneTail' is never used.
[src/Mayaqua/Memory.c:1972]: (style) The function 'DelAllInt' is never used.
[src/Mayaqua/Memory.c:2068]: (style) The function 'DelInt64' is never used.
[src/Mayaqua/Memory.c:1789]: (style) The function 'DeleteKey' is never used.
[src/Mayaqua/Memory.c:2934]: (style) The function 'DumpData' is never used.
[src/Mayaqua/Memory.c:835]: (style) The function 'FillBytes' is never used.
[src/Mayaqua/Memory.c:2759]: (style) The function 'GetFifoCurrentReallocMemSize' is never used.
[src/Mayaqua/Memory.c:1475]: (style) The function 'InsertDistinct' is never used.
[src/Mayaqua/Memory.c:2274]: (style) The function 'InsertInt64Distinct' is never used.
[src/Mayaqua/Memory.c:1612]: (style) The function 'IsInListUniStr' is never used.
[src/Mayaqua/Memory.c:2647]: (style) The function 'LockFifo' is never used.
[src/Mayaqua/Memory.c:1120]: (style) The function 'PeekQueue' is never used.
[src/Mayaqua/Memory.c:2158]: (style) The function 'RandomizeList' is never used.
[src/Mayaqua/Memory.c:1364]: (style) The function 'SetCmp' is never used.
[src/Mayaqua/Memory.c:1570]: (style) The function 'SetSortFlag' is never used.
[src/Mayaqua/Memory.c:1596]: (style) The function 'SortEx' is never used.
[src/Mayaqua/Memory.c:3718]: (style) The function 'Swap' is never used.
[src/Mayaqua/Memory.c:2659]: (style) The function 'UnlockFifo' is never used.
[src/Mayaqua/Memory.c:2532]: (style) The function 'WriteFifoFront' is never used.
[src/Mayaqua/Memory.c:1981]: (style) The function 'InsertInt64' is never used.
[src/Mayaqua/Memory.c:2317]: (style) The function 'PadFifoFront' is never used.
[src/Mayaqua/Memory.c:2155]: (style) The function 'PeekFifo' is never used.
* use OPENSSL_ROOT_DIR
* add special .configure handling for osx
* move readline, curses to cedar
Signed-off-by: Andy Walsh <andy.walsh44+github@gmail.com>
