1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-14 05:30:41 +03:00
Commit Graph

112 Commits

Author SHA1 Message Date
Maks Naumov
ea4bb811ef Fix log msg for IKE with agressive exchange mode (#425) 2018-01-23 17:42:20 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
macvk
ab4b27ab3c Add parameter "ListenIP" to server configuration (vpn_server.config) (#202)
* Added parameter "ListenIP" to server configuration (vpn_server.config)

* Fixed bug in VPN client
2018-01-11 23:53:38 +01:00
Daiyuu Nobori
bb30535bb6 Fix the function name: RFC3164 -> RFC3339 2017-12-21 23:24:06 +09:00
Daiyuu Nobori
97e7a82be2 Added the function to save the DNS query log on the packet logs. 2017-12-21 23:23:17 +09:00
Daiyuu Nobori
4a01c41d09 Fixed the bug which occurs the L2TP/IPsec connection error with Android Oreo. 2017-12-21 23:21:31 +09:00
Daiyuu Nobori
9f9dc459a7 Preparing the development branch 2017-10-19 15:00:41 +09:00
dnobori
faee11ff09 v4.23-9647-beta 2017-10-18 18:24:21 +09:00
Daiyuu Nobori
2241b9a366 Merge pull request #309 from moatazelmasry2/openvpn-extend-ciphers
Openvpn extend ciphers
2017-10-18 16:57:52 +09:00
Daiyuu Nobori
056c322601 Merge branch 'master' into add-sha2 2017-10-18 16:57:26 +09:00
Daiyuu Nobori
936815f2d4 Merge pull request #293 from moatazelmasry2/expand-dh-groups
Add DH groups 2048,3072,4096 to IPSec_IKE
2017-10-18 16:37:22 +09:00
Daiyuu Nobori
8ae035420b Merge pull request #282 from NoahO/NoahO-PPP-patch
Stop Radius Delay from counting to next_resend
2017-10-18 16:37:02 +09:00
Daiyuu Nobori
b61882598f Merge pull request #256 from cm0x4D/master
Using client parameter in function CtConnect
2017-10-18 16:36:24 +09:00
cm0x4d
78bcc07fa9 Peer info optional in OvsParseKeyMethod2() 2017-09-28 10:37:24 +02:00
Moataz Elmasry
fdcf90d3f0 Add CAMELLIA cipher suite to OpenVPN 2017-02-24 14:09:22 +01:00
Moataz Elmasry
e0a9fb1950 Add HMAC-SHA2-256, HMAC2-384, HMAC2-512 support to OpenVPN 2017-01-23 02:34:25 +01:00
Moataz Elmasry
071004477f Fix errors while adding SHA2 support to HMAC 2017-01-23 02:03:37 +01:00
Moataz Elmasry
29234b7f9a Add HMAC SHA2 to IKE 2017-01-23 00:50:48 +01:00
Moataz Elmasry
c7c40c063a Add DH groups 2048,3072,4096 to IPSec_IKE
src/Cedar/IPsec_IkePacket.c
2017-01-21 19:20:59 +01:00
Noah O'Donoghue
a5425bcb4e Add files via upload 2016-12-28 14:39:01 +07:00
dnobori
4df2eb4f9c v4.22-9634-beta 2016-11-27 17:43:14 +09:00
Daiyuu Nobori
c9cd73d906 fix conflict 2016-11-27 18:02:30 +09:00
Daiyuu Nobori
2a2f47e0c8 Merge pull request #127 from nna774/fix/vpncmd-LogFileGet
fix LogFileGet won't save to SAVEPATH
2016-11-27 17:57:47 +09:00
Daiyuu Nobori
86d87d1ac4 fix conflict 2016-11-27 17:57:00 +09:00
Daiyuu Nobori
5f8ce287c3 Merge pull request #133 from yehorov/master
Add the possibility to send the Virtual Hub Name to an external DHCP server
2016-11-27 17:55:04 +09:00
Daiyuu Nobori
7c30cddedb Merge pull request #178 from mcsalgado/fix_initialization
Fix set initialization, set.OnlyCapsuleModeIsInvalid could be garbage
2016-11-27 17:54:17 +09:00
Daiyuu Nobori
034a213c2c Merge pull request #204 from LegDog/master
Adding Radius AVP Called-Station-Id
2016-11-27 17:53:45 +09:00
Daiyuu Nobori
712adc6d74 resolved the conflict 2016-11-27 17:48:18 +09:00
Daiyuu Nobori
cc8fff4d81 Merge pull request #217 from lewellyn/patch-1
Default to TLS connections only
2016-11-27 17:25:15 +09:00
Daiyuu Nobori
5cae447c79 Merge pull request #229 from chipitsine/master
cppcheck issues
2016-11-27 17:25:03 +09:00
Luiz Eduardo Gava
ced0856ab1 HTTPS /wiki redir to 443 (test) 2016-11-08 14:44:35 -02:00
Luiz Eduardo Gava
8520502707 Merge remote-tracking branch 'upstream/master' 2016-11-08 09:23:52 -02:00
Michael Clausen
462840cf6e Using client parameter in function CtConnect
Using the global client variable might lead to strange behavoir if multiple clients are allocated and to crashes in the case the client was not initialized with CtStartClient()
2016-10-03 13:31:03 +02:00
ajeecai
9bc67cc293 Fix that ParseTcpOption doesn't work correctly
Suppose there is a TCP SYN or SYN-ACK packet taking options as:
    02 04 05 b4 01 01 04 02 01 03 03 04 
which is 
Options: (12 bytes)
    >Maximum segment size: 1460 bytes
    >No-Operation (NOP)
    >No-Operation (NOP)
    >TCP SACK Permitted Option: True
    >No-Operation (NOP)
    >Window scale: 4 (multiply by 16)

Then the original parse function only returns MSS 1460 while WSS is 0.
2016-08-04 17:33:18 +08:00
Mykhaylo Yehorov
03ffd7535a merge upstream v4.21-9613-beta 2016-05-04 12:27:52 +03:00
Mykhaylo Yehorov
698babf408 merge upstream v4.20-9608-rtm 2016-05-04 11:53:35 +03:00
Ilya Shipitsin
d1ea47eb66 cppcheck issues:
[src/Cedar/Client.c:2184] -> [src/Cedar/Client.c:2187]: (warning) Either the condition 'rpc==0' is redundant or there is possible null pointer dereference: rpc.
[src/Cedar/Client.c:6032] -> [src/Cedar/Client.c:6035]: (warning) Either the condition 'ret!=0' is redundant or there is possible null pointer dereference: ret.
2016-04-30 00:26:58 +05:00
Ilya Shipitsin
29f93371c3 cppcheck issue:
[src/Cedar/Connection.c:1041] -> [src/Cedar/Connection.c:1043]: (warning) Either the condition 's!=0' is redundant or there is possible null pointer dereference: s.
2016-04-30 00:22:05 +05:00
Ilya Shipitsin
01edd34bbe cppcheck issues:
[src/Cedar/SM.c:875] -> [src/Cedar/SM.c:882]: (warning) Either the condition 'd==0' is redundant or there is possible null pointer dereference: d.
[src/Cedar/UdpAccel.c:119] -> [src/Cedar/UdpAccel.c:123]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
2016-04-30 00:16:15 +05:00
Ilya Shipitsin
556ea647e3 cppcheck issues:
[src/Cedar/Virtual.c:2389] -> [src/Cedar/Virtual.c:2398]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
[src/Cedar/Virtual.c:4000] -> [src/Cedar/Virtual.c:4004]: (warning) Either the condition 'n==0' is redundant or there is possible null pointer dereference: n.
[src/Cedar/Virtual.c:4203] -> [src/Cedar/Virtual.c:4207]: (warning) Either the condition 'n==0' is redundant or there is possible null pointer dereference: n.
2016-04-30 00:03:35 +05:00
Ilya Shipitsin
84f95447a3 cppcheck issues:
[src/Cedar/WebUI.c:1728] -> [src/Cedar/WebUI.c:1730]: (warning) Either the condition 'buf==0' is redundant or there is possible null pointer dereference: buf.
[src/Mayaqua/FileIO.c:383] -> [src/Mayaqua/FileIO.c:386]: (warning) Either the condition 'p==0' is redundant or there is possible null pointer dereference: p.
[src/Mayaqua/TcpIp.c:1837] -> [src/Mayaqua/TcpIp.c:1839]: (warning) Either the condition 'tcp!=0' is redundant or there is possible null pointer dereference: tcp.
2016-04-29 23:59:35 +05:00
Ilya Shipitsin
2f52dac9c4 cppcheck issues:
[src/Cedar/Admin.c:11843] -> [src/Cedar/Admin.c:11845]: (warning) Either the condition 't==0' is redundant or there is possible null pointer dereference: t.
[src/Cedar/Admin.c:12316] -> [src/Cedar/Admin.c:12318]: (warning) Either the condition 'a==0' is redundant or there is possible null pointer dereference: a.
[src/Cedar/Admin.c:12576] -> [src/Cedar/Admin.c:12578]: (warning) Either the condition 't==0' is redundant or there is possible null pointer dereference: t.
[src/Cedar/Admin.c:12790] -> [src/Cedar/Admin.c:12792]: (warning) Either the condition 't==0' is redundant or there is possible null pointer dereference: t.
2016-04-29 23:50:58 +05:00
dnobori
1e17c9bcfd v4.21-9613-beta 2016-04-24 23:49:31 +09:00
dnobori
c0c1b914db v4.20-9608-rtm 2016-04-18 01:52:49 +09:00
Mykhaylo Yehorov
4a3f08e5b8 merge upstream v4.19-9605-beta 2016-03-08 21:32:14 +02:00
dnobori
17e624ac26 v4.19-9605-beta 2016-03-06 23:16:01 +09:00
Matt Lewandowsky
15876de6fb Default to TLS connections only
Due to DROWN (CVE-2016-0800), SSLv2 must be disabled by default. This is the most straight-forward way to ensure new installations are not vulnerable. The upgrade use case is not addressed by this PR, though I posted information to the forum: http://www.vpnusers.com/viewtopic.php?f=7&t=5596

This patch is made available under Contribution Option 1, to allow PacketiX to be fixed the same way.
2016-03-02 08:02:07 -08:00
Raymond Tau
311ab9efab Correctly save and apply the DisableSslVersions config 2015-12-09 14:06:13 +08:00
Luiz Eduardo Gava
c34b751db0 Adding Radius AVP Called-Station-Id 2015-11-26 11:24:04 -02:00
Raymond Tau
04b72873c7 Fix the problem of the DisableSslVersions patch. 2015-11-23 16:15:10 +08:00