1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-29 03:20:33 +03:00
Commit Graph

94 Commits

Author SHA1 Message Date
Josh Soref
ac865f04fc Correct Spelling (#458)
* spelling: accepts

* spelling: account

* spelling: accept

* spelling: accumulate

* spelling: adapter

* spelling: address

* spelling: additional

* spelling: aggressive

* spelling: adhered

* spelling: allowed

* spelling: ambiguous

* spelling: amount

* spelling: anonymous

* spelling: acquisition

* spelling: assemble

* spelling: associated

* spelling: assigns

* spelling: attach

* spelling: attempt

* spelling: attribute

* spelling: authenticate

* spelling: authentication

* spelling: available

* spelling: bridging

* spelling: cascade

* spelling: cancel

* spelling: check

* spelling: challenge

* spelling: changing

* spelling: characters

* spelling: cloud

* spelling: compare

* spelling: communication

* spelling: compatible

* spelling: compatibility

* spelling: completion

* spelling: complete

* spelling: computers

* spelling: configure

* spelling: configuration

* spelling: conformant

* spelling: connection

* spelling: contains

* spelling: continuously

* spelling: continue

* spelling: convert

* spelling: counters

* spelling: create

* spelling: created

* spelling: cumulate

* spelling: currently

* spelling: debugging

* spelling: decryption

* spelling: description

* spelling: default

* spelling: driver

* spelling: delete

* spelling: destination

* spelling: disabled

* spelling: different

* spelling: dynamically

* spelling: directory

* spelling: disappeared

* spelling: disable

* spelling: doesn't

* spelling: download

* spelling: dropped

* spelling: enable

* spelling: established

* spelling: ether

* spelling: except

* spelling: expired

* spelling: field

* spelling: following

* spelling: forever

* spelling: firewall

* spelling: first

* spelling: fragment

* spelling: function

* spelling: gateway

* spelling: identifier

* spelling: identify

* spelling: incoming

* spelling: information

* spelling: initialize

* spelling: injection

* spelling: inner

* spelling: instead

* spelling: installation

* spelling: inserted

* spelling: integer

* spelling: interrupt

* spelling: intuitive

* spelling: interval

* spelling: january

* spelling: keybytes

* spelling: know

* spelling: language

* spelling: length

* spelling: library

* spelling: listener

* spelling: maintain

* spelling: modified

* spelling: necessary

* spelling: number

* spelling: obsoleted

* spelling: occurred

* spelling: occurring

* spelling: occur

* spelling: original

* spelling: omittable

* spelling: omit

* spelling: opening

* spelling: operation

* spelling: packet

* spelling: parameters

* spelling: pointed

* spelling: popupmenuopen

* spelling: privilege

* spelling: product

* spelling: protection

* spelling: promiscuous

* spelling: prompt

* spelling: query

* spelling: random

* spelling: reconnection

* spelling: revocation

* spelling: received

* spelling: red hat

* spelling: registry

* spelling: release

* spelling: retrieve
2018-05-16 23:47:10 +02:00
Ilya Shipitsin
13cadf6492 src/Mayaqua/Encrypt.c: remove unused functions (#506)
[src/Mayaqua/Encrypt.c:1524]: (style) The function 'ByteToStr' is never used.
[src/Mayaqua/Encrypt.c:2762]: (style) The function 'CheckX' is never used.
[src/Mayaqua/Encrypt.c:4346]: (style) The function 'Des3Decrypt' is never used.
[src/Mayaqua/Encrypt.c:4290]: (style) The function 'Des3Encrypt' is never used.
[src/Mayaqua/Encrypt.c:4434]: (style) The function 'Des3RandKey' is never used.
[src/Mayaqua/Encrypt.c:4474]: (style) The function 'DesFreeKey' is never used.
[src/Mayaqua/Encrypt.c:4499]: (style) The function 'DesNewKey' is never used.
[src/Mayaqua/Encrypt.c:4446]: (style) The function 'DesRandKey' is never used.
[src/Mayaqua/Encrypt.c:4892]: (style) The function 'DhToBuf' is never used.
[src/Mayaqua/Encrypt.c:293]: (style) The function 'EasyDecrypt' is never used.
[src/Mayaqua/Encrypt.c:259]: (style) The function 'EasyEncrypt' is never used.
[src/Mayaqua/Encrypt.c:3144]: (style) The function 'FileToK' is never used.
[src/Mayaqua/Encrypt.c:1358]: (style) The function 'FileToP12' is never used.
[src/Mayaqua/Encrypt.c:1061]: (style) The function 'GetAllNameFromA' is never used.
[src/Mayaqua/Encrypt.c:973]: (style) The function 'GetAllNameFromXExA' is never used.
[src/Mayaqua/Encrypt.c:4182]: (style) The function 'HashSha256' is never used.
[src/Mayaqua/Encrypt.c:3192]: (style) The function 'KToFile' is never used.
[src/Mayaqua/Encrypt.c:4721]: (style) The function 'MacSha196' is never used.
[src/Mayaqua/Encrypt.c:1324]: (style) The function 'P12ToFile' is never used.
[src/Mayaqua/Encrypt.c:3983]: (style) The function 'Rand128' is never used.
[src/Mayaqua/Encrypt.c:670]: (style) The function 'RsaBinToPublic' is never used.
[src/Mayaqua/Encrypt.c:2556]: (style) The function 'RsaPrivateDecrypt' is never used.
[src/Mayaqua/Encrypt.c:2525]: (style) The function 'RsaPrivateEncrypt' is never used.
[src/Mayaqua/Encrypt.c:2494]: (style) The function 'RsaPublicDecrypt' is never used.
[src/Mayaqua/Encrypt.c:2584]: (style) The function 'RsaPublicEncrypt' is never used.
[src/Mayaqua/Encrypt.c:771]: (style) The function 'RsaPublicToBin' is never used.
[src/Mayaqua/Encrypt.c:4263]: (style) The function 'Sha1__' is never used.
[src/Mayaqua/Encrypt.c:3672]: (style) The function 'SkipBufBeforeString' is never used.
2018-05-02 23:48:47 +02:00
Tim Schneider
bc2efe9efd SMB Winbind NT Authentication (Password/MsCHAPv2) (#49)
Added Linux NT Authentication functionality to SoftEther through samba ntlm_auth.

Pre requirements
+ samba-winbind -> Domain Member
+ winbind-seperator \ -> used for group check in ntlm_auth

username from client: fqdn domain\username
username in SoftEther: username
timeout: from security policy
optional: set groupname in servermanager
2018-05-02 23:42:04 +02:00
Moataz Elmasry
b1f74268b1
Merge pull request #258 from ajeecai/Run_deadlock
Fix a deadlock when Run() to create a process.
2018-04-21 23:41:52 +02:00
tonychung00
8ddd328762 initial fix for clang warnings (#84) 2018-04-20 23:03:26 +02:00
Moataz Elmasry
0dee90f181 remove msvc compiling errors (#499) 2018-04-20 19:35:52 +02:00
Moataz Elmasry
12a30cbbe2
remove msvc compiling errors (#499) 2018-04-20 01:19:32 +02:00
ajeecai
69d132e997 Fix a deadlock when Run() to create a process. Child forked will inherit
state of global mutex which may be in intermidiate taken status by one of
threads of the parent, then in child process it tries to get this mutex
and is always pending. One example of mutex is malloc_lock, and there are more.
2018-04-16 10:37:22 +00:00
Moataz Elmasry
478270efba Revert "Cleanup ssl library. No memory leaks. (#143)". Build failing using OpenSSL 1.1.0f
This reverts commit 227842f89c.
2018-04-11 23:25:21 +02:00
Moataz Elmasry
227842f89c
Cleanup ssl library. No memory leaks. (#143) 2018-04-11 23:18:16 +02:00
Alexey Kryuchkov
9b19949614 Fix compilation with OpenSSL 1.1.0 (broken in #327) (#476) 2018-04-07 21:42:08 +02:00
Alexey Kryuchkov
83295bb736 OpenVPN client certificate authentication (Individual Certificate Authentication) (#327)
* Implement OpenVPN certificate authentication, fixes #55

* fixup! Implement OpenVPN certificate authentication, fixes #55
2018-04-05 23:04:58 +02:00
Daiyuu Nobori
8c0c4396b7 Add the Alternative subject name field on the new X.509 certificate creation. 2018-02-12 23:56:14 +01:00
Daiyuu Nobori
02bcf9152c Fix a bug in the Win32EnumDirExW() function. 2018-02-12 23:55:34 +01:00
Ilya Shipitsin
79c06146a4 remove unused functions (identified by cppcheck)
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
2018-02-08 00:20:07 +01:00
Guanzhong Chen
56c4582da8 Allow specifying cipher suites instead of single ciphers (#343)
* Allow specifying cipher suites instead of single ciphers.

CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.

CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.

* Remove unused temporary variable.
2018-02-08 00:13:41 +01:00
Moataz Elmasry
8cafa07d9c Set an initialization value in Network.c to be conform with PR #275 2018-02-01 00:10:04 +01:00
Moataz Elmasry
a5fa265811
Merge pull request #275 from chipitsine/master
cppcheck findings
2018-02-01 00:06:08 +01:00
Moataz Elmasry
9d6c1ea0e9 Add missing function definition 2018-01-25 02:58:18 +01:00
Moataz Elmasry
93d9ade990 Merge PR #129 into master. 2018-01-25 02:55:11 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
macvk
ab4b27ab3c Add parameter "ListenIP" to server configuration (vpn_server.config) (#202)
* Added parameter "ListenIP" to server configuration (vpn_server.config)

* Fixed bug in VPN client
2018-01-11 23:53:38 +01:00
Daiyuu Nobori
ce3d35c595 Added the function to save the DNS query log on the packet logs. (fix) 2017-12-22 07:26:06 +09:00
Daiyuu Nobori
a0b54d7c6d Added the TCP destination port 3128 (well known as Squid default port) to assume as the HTTP proxy port on the packet logging. 2017-12-21 23:25:08 +09:00
Daiyuu Nobori
bb30535bb6 Fix the function name: RFC3164 -> RFC3339 2017-12-21 23:24:06 +09:00
Daiyuu Nobori
97e7a82be2 Added the function to save the DNS query log on the packet logs. 2017-12-21 23:23:17 +09:00
Daiyuu Nobori
1f2c052dfb Fixed the bug on the OpenVPN Server function. 2017-10-23 02:54:51 +09:00
Daiyuu Nobori
9f9dc459a7 Preparing the development branch 2017-10-19 15:00:41 +09:00
dnobori
faee11ff09 v4.23-9647-beta 2017-10-18 18:24:21 +09:00
Daiyuu Nobori
acf49ad536 Merge pull request #344 from quantum5/openssl1.1
OpenSSL 1.1 Port
2017-10-18 16:58:46 +09:00
Daiyuu Nobori
1b73778e3f Merge pull request #315 from rel22/SoftetherVPN-RuToken-S-patch-1
Added support for RuToken USB key PKCS#11
2017-10-18 16:58:19 +09:00
Daiyuu Nobori
f9436daa6f Merge pull request #313 from zulzardi/patch-2
Fixed RSA key bits wrong calculation for certain x509 certificate
2017-10-18 16:58:09 +09:00
Quantum
0746be43a2 OpenSSL 1.1 Port.
Some potential problems with Ssl_Init_Async_SendAlert.
2017-07-29 22:31:25 -04:00
rel22
61e71be380 Add support for RuToken USB key PKCS#11
Test on RuToken-S key.
https://www.rutoken.ru/products/all/rutoken-s/
2017-03-13 18:17:24 +03:00
Zulyandri Zardi
a3db7b2e3d Update Encrypt.c
Fixed RSA bits wrong calculation for certain x509 certificate
2017-03-10 12:04:17 +08:00
Moataz Elmasry
071004477f Fix errors while adding SHA2 support to HMAC 2017-01-23 02:03:37 +01:00
Moataz Elmasry
29234b7f9a Add HMAC SHA2 to IKE 2017-01-23 00:50:48 +01:00
Moataz Elmasry
342d602f5d Add support for HMAC SHA2-256, HMAC SHA2-384, HMAC SHA2-512 2017-01-22 16:09:30 +01:00
Ilya Shipitsin
095d5e7b70 fix "Access to field 'p' results in a dereference of a null pointer (loaded from field 'Folders')" found by clang static analyzer 2016-11-28 19:33:15 +05:00
Ilya Shipitsin
39cf3a77cc fix "Function call argument is an uninitialized value" found by clang static analyzer 2016-11-28 19:28:41 +05:00
Ilya Shipitsin
a658963cdc make code more readable (inspired by clang static analyzer) 2016-11-28 17:56:00 +05:00
Ilya Shipitsin
334765ffd7 resolved several cppcheck findings:
[src/Cedar/Admin.c:418]: (error) Possible null pointer dereference: cedar
[src/Cedar/Admin.c:616]: (error) Possible null pointer dereference: cedar
[src/Cedar/WebUI.c:369]: (error) Uninitialized variable: retcode
[src/Mayaqua/Encrypt.c:4485]: (error) Uninitialized variable: key
[src/Mayaqua/Network.c:13548]: (error) Uninitialized variable: e
2016-11-28 17:27:29 +05:00
dnobori
4df2eb4f9c v4.22-9634-beta 2016-11-27 17:43:14 +09:00
Daiyuu Nobori
5f8ce287c3 Merge pull request #133 from yehorov/master
Add the possibility to send the Virtual Hub Name to an external DHCP server
2016-11-27 17:55:04 +09:00
Daiyuu Nobori
697bff4023 Merge pull request #165 from micsell/cpupatch
Fixed OSX CPU utilization by replacing broken kevent() with select()
2016-11-27 17:54:57 +09:00
Daiyuu Nobori
034a213c2c Merge pull request #204 from LegDog/master
Adding Radius AVP Called-Station-Id
2016-11-27 17:53:45 +09:00
Daiyuu Nobori
712adc6d74 resolved the conflict 2016-11-27 17:48:18 +09:00
Luiz Eduardo Gava
ced0856ab1 HTTPS /wiki redir to 443 (test) 2016-11-08 14:44:35 -02:00
Mykhaylo Yehorov
03ffd7535a merge upstream v4.21-9613-beta 2016-05-04 12:27:52 +03:00
Ilya Shipitsin
84f95447a3 cppcheck issues:
[src/Cedar/WebUI.c:1728] -> [src/Cedar/WebUI.c:1730]: (warning) Either the condition 'buf==0' is redundant or there is possible null pointer dereference: buf.
[src/Mayaqua/FileIO.c:383] -> [src/Mayaqua/FileIO.c:386]: (warning) Either the condition 'p==0' is redundant or there is possible null pointer dereference: p.
[src/Mayaqua/TcpIp.c:1837] -> [src/Mayaqua/TcpIp.c:1839]: (warning) Either the condition 'tcp!=0' is redundant or there is possible null pointer dereference: tcp.
2016-04-29 23:59:35 +05:00