1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-06 17:50:40 +03:00
Commit Graph

414 Commits

Author SHA1 Message Date
Ilya Shipitsin
ff4b74afda
Merge pull request #1929 from chipitsine/pr_1921_followup
fix nullptr deref
2023-12-01 17:18:40 +01:00
Ilya Shipitsin
e6792d8893 fix nullptr deref
Co-authored-by: icy17 <1061499390@qq.com>
2023-11-19 10:57:28 +01:00
Daiyuu Nobori
f4bbe476be Fix Vulnerability: CVE-2023-32275 TALOS-2023-1753
SoftEther VPN CtEnumCa () information disclosure vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-10-07 04:42:41 +02:00
Daiyuu Nobori
2dec52b875 Heap area protection of memory has been enhanced.
When memory is released and reallocated, a random security value called a canary is written to the before/after area of memory, and if the value has been modified, the process is terminated (restarted) for safety, assuming it is a buffer overflow of the memory area. This feature may effectively prevent confidentiality or integrity violations in the event that some heap area overflow vulnerability is discovered in this system in the future.
2023-10-07 04:42:34 +02:00
Daiyuu Nobori
c49e462ed1 Fix Vulnerability: CVE-2023-22325 TALOS-2023-1736
SoftEther VPN DCRegister DDNS_RPC_MAX_RECV_SIZE denial of service vulnerability
https://www.softether.org/9-about/News/904-SEVPN202301
https://jvn.jp/en/jp/JVN64316789/
2023-09-28 18:26:17 +09:00
Ilya Shipitsin
f736d18267 temporarily suppress clang warnings on "-Wincompatible-function-pointer-types" 2023-09-16 00:03:03 +02:00
Ilya Shipitsin
6833a7a11d
Merge pull request #1901 from hiura2023/master
Bind outgoing connection to a specific IP address (avoid illegal access)
2023-09-12 09:39:18 +02:00
hiura
643cbbbf88 Bind outgoing connection to a specific IP address (avoid illegal access) 2023-09-12 10:20:51 +09:00
Ilya Shipitsin
205a94cda2
Merge pull request #1867 from hiura2023/master
Bind outgoing connection to a specific IP address
2023-09-10 17:18:31 +02:00
Ilya Shipitsin
088b5c2df3 additional error handling if SSL_CTX_new failed
this is a folloup to https://github.com/SoftEtherVPN/SoftEtherVPN/pull/1873
2023-08-16 19:17:18 +02:00
barracuda156
a80d3f2032 TunTap.h: fix for undefined u_char, u_short on MacOS 2023-08-14 15:54:56 +08:00
barracuda156
1cf2e7a8ea Network.h: include forgotten pthread.h for MacOS too 2023-08-14 15:40:53 +08:00
hiura
c2fe874865 Bind outgoing connection to a specific IP address No.2 2023-08-08 18:14:22 +09:00
icy17
07733b29cb fix potential crash. 2023-07-30 11:01:09 +00:00
Koichiro Iwao
dcdbce63d5 Fix build on __FreeBSD_version >= 140091 (LLVM 16)
Fails to build after:
https://cgit.freebsd.org/src/commit/?id=a681cba16d8967651a2146385ce44a2bfeb1c4c3

As the commit title is "Bump __FreeBSD_version for llvm 16.0.6 merge",
I suppose LLVM 16 is stricter than LLVM 15. It was building successfully
at least the previous week.

Build log: https://pkg-status.freebsd.org/beefy18/data/main-amd64-default/p4785b313b958_se8efee297c/logs/softether5-5.02.5180.335,2.log

```
[ 32%] Building C object src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o
cd /wrkdirs/usr/ports/security/softether5/work/.build/src/Mayaqua && /usr/bin/cc -DBRIDGE_BPF -DCPU_64 -DHAVE_SSL_CTX_SET_NUM_TICKETS -DNDEBUG -DOS_UNIX -DREENTRANT -DSE_DBDIR=\"/var/db/softether\" -DSE_LOGDIR=\"/var/log/softether\" -DSE_PIDDIR=\"/var/run/softether\" -DSE_TAGNAME=\"5.02.5180-335-g1c0bdb0c/freebsd\" -DTHREADSAFE -DTHREAD_SAFE -DUNIX -DUNIX_BSD -DVPN_SPEED -D_FILE_OFFSET_BITS=64 -D_REENTRANT -D_THREADSAFE -D_THREAD_SAFE -Dmayaqua_EXPORTS -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/. -I/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/libhamcore/include -O2 -pipe  -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing -fsigned-char -O2 -pipe  -I/usr/local/include/cpu_features -fstack-protector-strong -isystem /usr/local/include -fno-strict-aliasing  -DNDEBUG -O2 -std=gnu99 -fPIC -pthread -MD -MT src/Mayaqua/CMakeFiles/mayaqua.dir/Unix.c.o -MF CMakeFiles/mayaqua.dir/Unix.c.o.d -o CMakeFiles/mayaqua.dir/Unix.c.o -c /wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c
/wrkdirs/usr/ports/security/softether5/work/SoftEtherVPN-5.02.5180-335-g1c0bdb0c/src/Mayaqua/Unix.c:259:18: error: incompatible function pointer types assigning to 'void (*)(int, struct __siginfo *, void *)' from 'void *(int, siginfo_t *, void *)' (aka 'void *(int, struct __siginfo *, void *)') [-Wincompatible-function-pointer-types]
        sa.sa_sigaction = signal_received_for_ignore;
                        ^ ~~~~~~~~~~~~~~~~~~~~~~~~~~
```
2023-07-04 08:50:53 +09:00
hiura
e4330ca71a bind outgoing connection 2023-06-28 23:18:09 +09:00
Ilya Shipitsin
c59df82666 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

   CID 343528 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null,
   but it has already been dereferenced on all paths leading to the
   check.
   438        if (name == NULL || k == NULL || k->private_key == false)
   439        {
   440                sec->Error = SEC_ERROR_BAD_PARAMETER;
   441                return false;
   442        }
2023-05-01 06:18:39 +02:00
Ilya Shipitsin
db7d6c83d5 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

   CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null
   but it has already been dereferenced on all paths leading to the
   check.
   664        if (name == NULL)
   665        {
   666                sec->Error = SEC_ERROR_BAD_PARAMETER;
   667                return false;
   668        }
2023-05-01 06:09:38 +02:00
Ilya Shipitsin
a89adaebc3 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

 CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
 check_after_deref: Null-checking name suggests that it may be null, but
 it has already been dereferenced on all paths leading to the check.
 1339        if (name == NULL || data == NULL || size == 0)
 1340        {
 1341                sec->Error = SEC_ERROR_BAD_PARAMETER;
 1342                return false;
 1343        }
2023-05-01 06:07:19 +02:00
Ilya Shipitsin
46e73e944f src/Mayaqua/Unix.c: fix guarding
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
   51 | #include <sys/statvfs.h>'
2023-04-29 22:31:55 +02:00
Ilya Shipitsin
df6df007a3 src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
TALOS-2023-1741
CVE-2023-23581

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability

A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
2023-04-21 22:38:22 +02:00
Yihong Wu
df7ea3c54a Mayaqua/Memory: Fix memory corruption in base64 2023-03-31 09:14:39 +00:00
Koichiro IWAO
bedf1cd7e9
Mayaqua/Unix: Make VM detection work on FreeBSD
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability.  There's no behavioural
change in SoftEtherVPN whether running on VM so far.
2023-02-28 20:08:04 +09:00
Yihong Wu
eea1de3d25 Mayaqua/Network: Fix empty packet being treated as error 2023-02-19 05:41:55 +00:00
Evengard
edcdc923ad Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN 2023-01-31 20:33:18 +03:00
Evengard
149096e13c * Implementing user search by certificate common name.
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
2023-01-23 23:57:19 +03:00
Ilya Shipitsin
c7766d072b src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity
1875        if (mutex == NULL)
1876        {
    CID 367204 (#1 of 1): Resource leak (RESOURCE_LEAK)4. leaked_storage: Variable lock going out of scope leaks the storage it points to.
1877                return NULL;
1878        }
2023-01-15 13:30:37 +06:00
Yihong Wu
6e48227d93
Update CMakeLists.txt 2023-01-07 10:27:47 +09:00
Yihong Wu
1b79df7954 Mayaqua/CMakeLists: Fix win32 build without vcpkg 2023-01-06 22:32:28 +09:00
Ilya Shipitsin
86e44e8d7b LibreSSL-3.7.0 compatibility 2022-12-25 11:35:29 +06:00
Yihong Wu
05fa675d5a Exclude inactive routes in Windows routing management 2022-09-16 17:25:11 +09:00
Yihong Wu
27d7f4cfbe Fix route tracking on x86 Windows 2022-05-15 19:42:57 +09:00
Yihong Wu
ca996ed89a
Merge pull request #1522 from domosekai/tls
Implement complete server certificate verification
2022-05-12 23:38:38 +08:00
Yihong Wu
b3afbe37e9 Load legacy provider under OpenSSL 3.0 2022-04-26 22:00:15 +08:00
Yihong Wu
d86cf181bf Fix UDP bulk v2 and protocol display 2022-03-20 16:48:15 +08:00
Daiyuu Nobori
56aedd6817 Memory: Add LittleEndian16(), LittleEndian32() and LittleEndian64() 2022-02-22 19:38:03 +01:00
H William Welliver
fd92c754fc Add missing headers required for solaris/illumos 2022-01-06 23:06:36 -05:00
Yihong Wu
0a4455ac40 Add more TLS negotiation info in logging and UI 2021-12-29 17:41:29 +08:00
Yihong Wu
f94ac6351e Implement complete server certificate verification 2021-12-29 17:41:29 +08:00
weidi
09dd8a8b07 endif UNIX_LINUX before BSD 2021-12-26 16:13:53 +01:00
weidi
3c7d78a1bf
Merge branch 'SoftEtherVPN:master' into master 2021-12-26 11:51:55 +01:00
Yihong Wu
adbbe94675
Merge pull request #1528 from updatede/patch-1
Mayaqua/Network.h: Fix UDP acceleration under NAT-T connections
2021-12-26 12:32:48 +08:00
Yihong Wu
1c1560f6ca Apply security level override in azure client mode 2021-12-26 12:12:00 +08:00
Yihong Wu
68dc4e23d8 Improve NAT-T hint string handling 2021-12-26 12:11:51 +08:00
Johannes Weidacher
f1b464e84d fix alpine compile issue. 2021-12-25 21:22:06 +01:00
Yihong Wu
51585e63e3 Fix server manager setting compatibility since build 9658 2021-12-25 13:25:34 +08:00
Johannes Weidacher
73ffa10f50 Fix build error on alpine 2021-12-23 20:59:48 +01:00
updatede
0b74a8e4ce
Update Network.h
Missing argument check lead to wrong value of IsIPv6 of struct UDP_ACCEL in NewUdpAccel(),  eventually lead to UdpAccelInitClient() fail.
2021-12-22 13:19:50 +08:00
Yihong Wu
fc94843579 Fix the creation of a zero IPv6 address
Fix #1517
2021-12-12 20:05:36 +08:00
Yihong Wu
b91d9af5e3 Mayaqua/DNS: Fix memory safety in DNS operation threads
Fix #1329
2021-12-12 20:05:36 +08:00