Ilya Shipitsin
ff4b74afda
Merge pull request #1929 from chipitsine/pr_1921_followup
...
fix nullptr deref
2023-12-01 17:18:40 +01:00
Ilya Shipitsin
e6792d8893
fix nullptr deref
...
Co-authored-by: icy17 <1061499390@qq.com>
2023-11-19 10:57:28 +01:00
Daiyuu Nobori
f4bbe476be
Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
...
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-10-07 04:42:41 +02:00
Daiyuu Nobori
2dec52b875
Heap area protection of memory has been enhanced.
...
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
2023-10-07 04:42:34 +02:00
Daiyuu Nobori
c49e462ed1
Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
...
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:26:17 +09:00
Ilya Shipitsin
f736d18267
temporarily suppress clang warnings on "-Wincompatible-function-pointer-types"
2023-09-16 00:03:03 +02:00
Ilya Shipitsin
6833a7a11d
Merge pull request #1901 from hiura2023/master
...
Bind outgoing connection to a specific IP address (avoid illegal access)
2023-09-12 09:39:18 +02:00
hiura
643cbbbf88
Bind outgoing connection to a specific IP address (avoid illegal access)
2023-09-12 10:20:51 +09:00
Ilya Shipitsin
205a94cda2
Merge pull request #1867 from hiura2023/master
...
Bind outgoing connection to a specific IP address
2023-09-10 17:18:31 +02:00
Ilya Shipitsin
088b5c2df3
additional error handling if SSL_CTX_new failed
...
this is a folloup to https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1873
2023-08-16 19:17:18 +02:00
barracuda156
a80d3f2032
TunTap.h: fix for undefined u_char, u_short on MacOS
2023-08-14 15:54:56 +08:00
barracuda156
1cf2e7a8ea
Network.h: include forgotten pthread.h for MacOS too
2023-08-14 15:40:53 +08:00
hiura
c2fe874865
Bind outgoing connection to a specific IP address No.2
2023-08-08 18:14:22 +09:00
icy17
07733b29cb
fix potential crash.
2023-07-30 11:01:09 +00:00
Koichiro Iwao
dcdbce63d5
Fix build on __FreeBSD_version >= 140091 (LLVM 16)
...
Fails to build after:
https://cgit.freebsd.org/src/commit/?id=a681cba16d8967651a2146385ce44a2bfeb1c4c3
As the commit title is "Bump __FreeBSD_version for llvm 16.0.6 merge",
I suppose LLVM 16 is stricter than LLVM 15. It was building successfully
at least the previous week.
Build log: https://pkg-status.freebsd.org/beefy18/data/main-amd64-default/p4785b313b958_se8efee297c/logs/softether5-5.02.5180.335,2.log
```
[ 32%] Building C object src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o
cd /wrkdirs/usr/ports/security/softether5/work/.build/src/Mayaqua && /usr/bin/cc -DBRIDGE_BPF -DCPU_64 -DHAVE_SSL_CTX_SET_NUM_TICKETS -DNDEBUG -DOS_UNIX -DREENTRANT -DSE_DBDIR=\"/var/db/softether\" -DSE_LOGDIR=\"/var/log/softether\" -DSE_PIDDIR=\"/var/run/softether\" -DSE_TAGNAME=\"5.02.5180-335-g1c0bdb0c/freebsd\" -DTHREADSAFE -DTHREAD_SAFE -DUNIX -DUNIX_BSD -DVPN_SPEED -D_FILE_OFFSET_BITS=64 -D_REENTRANT -D_THREADSAFE -D_THREAD_SAFE -Dmayaqua_EXPORTS -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/libhamcore/include -O2 -pipe -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -fsigned-char -O2 -pipe -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -DNDEBUG -O2 -std=gnu99 -fPIC -pthread -MD -MT src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o -MF CMakeFiles/mayaqua.dir/Unix.c.o.d -o CMakeFiles/mayaqua.dir/Unix.c.o -c /wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c
/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c:259:18: error: incompatible function pointer types assigning to 'void (*)(int, struct __siginfo *, void *)' from 'void *(int, siginfo_t *, void *)' (aka 'void *(int, struct __siginfo *, void *)') [-Wincompatible-function-pointer-types]
sa.sa_sigaction = signal_received_for_ignore;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
```
2023-07-04 08:50:53 +09:00
hiura
e4330ca71a
bind outgoing connection
2023-06-28 23:18:09 +09:00
Ilya Shipitsin
c59df82666
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343528 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null,
but it has already been dereferenced on all paths leading to the
check.
438 if (name == NULL || k == NULL || k->private_key == false)
439 {
440 sec->Error = SEC_ERROR_BAD_PARAMETER;
441 return false;
442 }
2023-05-01 06:18:39 +02:00
Ilya Shipitsin
db7d6c83d5
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null
but it has already been dereferenced on all paths leading to the
check.
664 if (name == NULL)
665 {
666 sec->Error = SEC_ERROR_BAD_PARAMETER;
667 return false;
668 }
2023-05-01 06:09:38 +02:00
Ilya Shipitsin
a89adaebc3
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.
1339 if (name == NULL || data == NULL || size == 0)
1340 {
1341 sec->Error = SEC_ERROR_BAD_PARAMETER;
1342 return false;
1343 }
2023-05-01 06:07:19 +02:00
Ilya Shipitsin
46e73e944f
src/Mayaqua/Unix.c: fix guarding
...
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
51 | #include <sys/statvfs.h>'
2023-04-29 22:31:55 +02:00
Ilya Shipitsin
df6df007a3
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
...
TALOS-2023-1741
CVE-2023-23581
SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability
A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
2023-04-21 22:38:22 +02:00
Yihong Wu
df7ea3c54a
Mayaqua/Memory: Fix memory corruption in base64
2023-03-31 09:14:39 +00:00
Koichiro IWAO
bedf1cd7e9
Mayaqua/Unix: Make VM detection work on FreeBSD
...
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability. There's no behavioural
change in SoftEtherVPN whether running on VM so far.
2023-02-28 20:08:04 +09:00
Yihong Wu
eea1de3d25
Mayaqua/Network: Fix empty packet being treated as error
2023-02-19 05:41:55 +00:00
Evengard
edcdc923ad
Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN
2023-01-31 20:33:18 +03:00
Evengard
149096e13c
* Implementing user search by certificate common name.
...
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
2023-01-23 23:57:19 +03:00
Ilya Shipitsin
c7766d072b
src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity
...
1875 if (mutex == NULL)
1876 {
CID 367204 (#1 of 1): Resource leak (RESOURCE_LEAK)4. leaked_storage: Variable lock going out of scope leaks the storage it points to.
1877 return NULL;
1878 }
2023-01-15 13:30:37 +06:00
Yihong Wu
6e48227d93
Update CMakeLists.txt
2023-01-07 10:27:47 +09:00
Yihong Wu
1b79df7954
Mayaqua/CMakeLists: Fix win32 build without vcpkg
2023-01-06 22:32:28 +09:00
Ilya Shipitsin
86e44e8d7b
LibreSSL-3.7.0 compatibility
2022-12-25 11:35:29 +06:00
Yihong Wu
05fa675d5a
Exclude inactive routes in Windows routing management
2022-09-16 17:25:11 +09:00
Yihong Wu
27d7f4cfbe
Fix route tracking on x86 Windows
2022-05-15 19:42:57 +09:00
Yihong Wu
ca996ed89a
Merge pull request #1522 from domosekai/tls
...
Implement complete server certificate verification
2022-05-12 23:38:38 +08:00
Yihong Wu
b3afbe37e9
Load legacy provider under OpenSSL 3.0
2022-04-26 22:00:15 +08:00
Yihong Wu
d86cf181bf
Fix UDP bulk v2 and protocol display
2022-03-20 16:48:15 +08:00
Daiyuu Nobori
56aedd6817
Memory: Add LittleEndian16(), LittleEndian32() and LittleEndian64()
2022-02-22 19:38:03 +01:00
H William Welliver
fd92c754fc
Add missing headers required for solaris/illumos
2022-01-06 23:06:36 -05:00
Yihong Wu
0a4455ac40
Add more TLS negotiation info in logging and UI
2021-12-29 17:41:29 +08:00
Yihong Wu
f94ac6351e
Implement complete server certificate verification
2021-12-29 17:41:29 +08:00
weidi
09dd8a8b07
endif UNIX_LINUX before BSD
2021-12-26 16:13:53 +01:00
weidi
3c7d78a1bf
Merge branch 'SoftEtherVPN:master' into master
2021-12-26 11:51:55 +01:00
Yihong Wu
adbbe94675
Merge pull request #1528 from updatede/patch-1
...
Mayaqua/Network.h: Fix UDP acceleration under NAT-T connections
2021-12-26 12:32:48 +08:00
Yihong Wu
1c1560f6ca
Apply security level override in azure client mode
2021-12-26 12:12:00 +08:00
Yihong Wu
68dc4e23d8
Improve NAT-T hint string handling
2021-12-26 12:11:51 +08:00
Johannes Weidacher
f1b464e84d
fix alpine compile issue.
2021-12-25 21:22:06 +01:00
Yihong Wu
51585e63e3
Fix server manager setting compatibility since build 9658
2021-12-25 13:25:34 +08:00
Johannes Weidacher
73ffa10f50
Fix build error on alpine
2021-12-23 20:59:48 +01:00
updatede
0b74a8e4ce
Update Network.h
...
Missing argument check lead to wrong value of IsIPv6 of struct UDP_ACCEL in NewUdpAccel(), eventually lead to UdpAccelInitClient() fail.
2021-12-22 13:19:50 +08:00
Yihong Wu
fc94843579
Fix the creation of a zero IPv6 address
...
Fix #1517
2021-12-12 20:05:36 +08:00
Yihong Wu
b91d9af5e3
Mayaqua/DNS: Fix memory safety in DNS operation threads
...
Fix #1329
2021-12-12 20:05:36 +08:00