ff4b74afda
Merge pull request #1929 from chipitsine/pr_1921_followup
...
fix nullptr deref
2023-12-01 17:18:40 +01:00
e6792d8893
fix nullptr deref
...
Co-authored-by: icy17 <1061499390@qq.com >
2023-11-19 10:57:28 +01:00
f4bbe476be
Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
...
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-10-07 04:42:41 +02:00
2dec52b875
Heap area protection of memory has been enhanced.
...
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
2023-10-07 04:42:34 +02:00
c49e462ed1
Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
...
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:26:17 +09:00
f736d18267
temporarily suppress clang warnings on "-Wincompatible-function-pointer-types"
2023-09-16 00:03:03 +02:00
6833a7a11d
Merge pull request #1901 from hiura2023/master
...
Bind outgoing connection to a specific IP address (avoid illegal access)
2023-09-12 09:39:18 +02:00
643cbbbf88
Bind outgoing connection to a specific IP address (avoid illegal access)
2023-09-12 10:20:51 +09:00
205a94cda2
Merge pull request #1867 from hiura2023/master
...
Bind outgoing connection to a specific IP address
2023-09-10 17:18:31 +02:00
088b5c2df3
additional error handling if SSL_CTX_new failed
...
this is a folloup to https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1873
2023-08-16 19:17:18 +02:00
a80d3f2032
TunTap.h: fix for undefined u_char, u_short on MacOS
2023-08-14 15:54:56 +08:00
1cf2e7a8ea
Network.h: include forgotten pthread.h for MacOS too
2023-08-14 15:40:53 +08:00
c2fe874865
Bind outgoing connection to a specific IP address No.2
2023-08-08 18:14:22 +09:00
07733b29cb
fix potential crash.
2023-07-30 11:01:09 +00:00
dcdbce63d5
Fix build on __FreeBSD_version >= 140091 (LLVM 16)
...
Fails to build after:
https://cgit.freebsd.org/src/commit/?id=a681cba16d8967651a2146385ce44a2bfeb1c4c3
As the commit title is "Bump __FreeBSD_version for llvm 16.0.6 merge",
I suppose LLVM 16 is stricter than LLVM 15. It was building successfully
at least the previous week.
Build log: https://pkg-status.freebsd.org/beefy18/data/main-amd64-default/p4785b313b958_se8efee297c/logs/softether5-5.02.5180.335,2.log
```
[ 32%] Building C object src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o
cd /wrkdirs/usr/ports/security/softether5/work/.build/src/Mayaqua && /usr/bin/cc -DBRIDGE_BPF -DCPU_64 -DHAVE_SSL_CTX_SET_NUM_TICKETS -DNDEBUG -DOS_UNIX -DREENTRANT -DSE_DBDIR=\"/var/db/softether\" -DSE_LOGDIR=\"/var/log/softether\" -DSE_PIDDIR=\"/var/run/softether\" -DSE_TAGNAME=\"5.02.5180-335-g1c0bdb0c/freebsd\" -DTHREADSAFE -DTHREAD_SAFE -DUNIX -DUNIX_BSD -DVPN_SPEED -D_FILE_OFFSET_BITS=64 -D_REENTRANT -D_THREADSAFE -D_THREAD_SAFE -Dmayaqua_EXPORTS -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/libhamcore/include -O2 -pipe -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -fsigned-char -O2 -pipe -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -DNDEBUG -O2 -std=gnu99 -fPIC -pthread -MD -MT src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o -MF CMakeFiles/mayaqua.dir/Unix.c.o.d -o CMakeFiles/mayaqua.dir/Unix.c.o -c /wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c
/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c:259:18: error: incompatible function pointer types assigning to 'void (*)(int, struct __siginfo *, void *)' from 'void *(int, siginfo_t *, void *)' (aka 'void *(int, struct __siginfo *, void *)') [-Wincompatible-function-pointer-types]
sa.sa_sigaction = signal_received_for_ignore;
^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
```
2023-07-04 08:50:53 +09:00
e4330ca71a
bind outgoing connection
2023-06-28 23:18:09 +09:00
c59df82666
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343528 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null,
but it has already been dereferenced on all paths leading to the
check.
438 if (name == NULL || k == NULL || k->private_key == false)
439 {
440 sec->Error = SEC_ERROR_BAD_PARAMETER;
441 return false;
442 }
2023-05-01 06:18:39 +02:00
db7d6c83d5
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null
but it has already been dereferenced on all paths leading to the
check.
664 if (name == NULL)
665 {
666 sec->Error = SEC_ERROR_BAD_PARAMETER;
667 return false;
668 }
2023-05-01 06:09:38 +02:00
a89adaebc3
src/Mayaqua/Secure.c: fix potential null pointer dereference
...
found by coverity
CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
check_after_deref: Null-checking name suggests that it may be null, but
it has already been dereferenced on all paths leading to the check.
1339 if (name == NULL || data == NULL || size == 0)
1340 {
1341 sec->Error = SEC_ERROR_BAD_PARAMETER;
1342 return false;
1343 }
2023-05-01 06:07:19 +02:00
46e73e944f
src/Mayaqua/Unix.c: fix guarding
...
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
51 | #include <sys/statvfs.h>'
2023-04-29 22:31:55 +02:00
df6df007a3
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
...
TALOS-2023-1741
CVE-2023-23581
SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability
A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
2023-04-21 22:38:22 +02:00
df7ea3c54a
Mayaqua/Memory: Fix memory corruption in base64
2023-03-31 09:14:39 +00:00
bedf1cd7e9
Mayaqua/Unix: Make VM detection work on FreeBSD
...
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability. There's no behavioural
change in SoftEtherVPN whether running on VM so far.
2023-02-28 20:08:04 +09:00
eea1de3d25
Mayaqua/Network: Fix empty packet being treated as error
2023-02-19 05:41:55 +00:00
edcdc923ad
Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN
2023-01-31 20:33:18 +03:00
149096e13c
* Implementing user search by certificate common name.
...
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
2023-01-23 23:57:19 +03:00
c7766d072b
src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity
...
1875 if (mutex == NULL)
1876 {
CID 367204 (#1 of 1): Resource leak (RESOURCE_LEAK)4. leaked_storage: Variable lock going out of scope leaks the storage it points to.
1877 return NULL;
1878 }
2023-01-15 13:30:37 +06:00
6e48227d93
Update CMakeLists.txt
2023-01-07 10:27:47 +09:00
1b79df7954
Mayaqua/CMakeLists: Fix win32 build without vcpkg
2023-01-06 22:32:28 +09:00
86e44e8d7b
LibreSSL-3.7.0 compatibility
2022-12-25 11:35:29 +06:00
05fa675d5a
Exclude inactive routes in Windows routing management
2022-09-16 17:25:11 +09:00
27d7f4cfbe
Fix route tracking on x86 Windows
2022-05-15 19:42:57 +09:00
ca996ed89a
Merge pull request #1522 from domosekai/tls
...
Implement complete server certificate verification
2022-05-12 23:38:38 +08:00
b3afbe37e9
Load legacy provider under OpenSSL 3.0
2022-04-26 22:00:15 +08:00
d86cf181bf
Fix UDP bulk v2 and protocol display
2022-03-20 16:48:15 +08:00
56aedd6817
Memory: Add LittleEndian16(), LittleEndian32() and LittleEndian64()
2022-02-22 19:38:03 +01:00
fd92c754fc
Add missing headers required for solaris/illumos
2022-01-06 23:06:36 -05:00
0a4455ac40
Add more TLS negotiation info in logging and UI
2021-12-29 17:41:29 +08:00
f94ac6351e
Implement complete server certificate verification
2021-12-29 17:41:29 +08:00
09dd8a8b07
endif UNIX_LINUX before BSD
2021-12-26 16:13:53 +01:00
3c7d78a1bf
Merge branch 'SoftEtherVPN:master' into master
2021-12-26 11:51:55 +01:00
adbbe94675
Merge pull request #1528 from updatede/patch-1
...
Mayaqua/Network.h: Fix UDP acceleration under NAT-T connections
2021-12-26 12:32:48 +08:00
1c1560f6ca
Apply security level override in azure client mode
2021-12-26 12:12:00 +08:00
68dc4e23d8
Improve NAT-T hint string handling
2021-12-26 12:11:51 +08:00
f1b464e84d
fix alpine compile issue.
2021-12-25 21:22:06 +01:00
51585e63e3
Fix server manager setting compatibility since build 9658
2021-12-25 13:25:34 +08:00
73ffa10f50
Fix build error on alpine
2021-12-23 20:59:48 +01:00
0b74a8e4ce
Update Network.h
...
Missing argument check lead to wrong value of IsIPv6 of struct UDP_ACCEL in NewUdpAccel(), eventually lead to UdpAccelInitClient() fail.
2021-12-22 13:19:50 +08:00
fc94843579
Fix the creation of a zero IPv6 address
...
Fix #1517
2021-12-12 20:05:36 +08:00
b91d9af5e3
Mayaqua/DNS: Fix memory safety in DNS operation threads
...
Fix #1329
2021-12-12 20:05:36 +08:00
