Guanzhong Chen
56c4582da8
Allow specifying cipher suites instead of single ciphers ( #343 )
...
* Allow specifying cipher suites instead of single ciphers.
CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.
CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.
* Remove unused temporary variable.
2018-02-08 00:13:41 +01:00
Moataz Elmasry
8cafa07d9c
Set an initialization value in Network.c to be conform with PR #275
2018-02-01 00:10:04 +01:00
Moataz Elmasry
a5fa265811
Merge pull request #275 from chipitsine/master
...
cppcheck findings
2018-02-01 00:06:08 +01:00
Moataz Elmasry
9d6c1ea0e9
Add missing function definition
2018-01-25 02:58:18 +01:00
Moataz Elmasry
93d9ade990
Merge PR #129 into master.
2018-01-25 02:55:11 +01:00
Daiyuu Nobori
7de986dcca
7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
...
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()
4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.
Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code
1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.
RecvAll can return success on failure (leading to use of uninitialized memory)
Contributors for this bugfix:
- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
macvk
ab4b27ab3c
Add parameter "ListenIP" to server configuration (vpn_server.config) ( #202 )
...
* Added parameter "ListenIP" to server configuration (vpn_server.config)
* Fixed bug in VPN client
2018-01-11 23:53:38 +01:00
Daiyuu Nobori
ce3d35c595
Added the function to save the DNS query log on the packet logs. (fix)
2017-12-22 07:26:06 +09:00
Daiyuu Nobori
a0b54d7c6d
Added the TCP destination port 3128 (well known as Squid default port) to assume as the HTTP proxy port on the packet logging.
2017-12-21 23:25:08 +09:00
Daiyuu Nobori
bb30535bb6
Fix the function name: RFC3164 -> RFC3339
2017-12-21 23:24:06 +09:00
Daiyuu Nobori
97e7a82be2
Added the function to save the DNS query log on the packet logs.
2017-12-21 23:23:17 +09:00
Daiyuu Nobori
1f2c052dfb
Fixed the bug on the OpenVPN Server function.
2017-10-23 02:54:51 +09:00
Daiyuu Nobori
9f9dc459a7
Preparing the development branch
2017-10-19 15:00:41 +09:00
dnobori
faee11ff09
v4.23-9647-beta
2017-10-18 18:24:21 +09:00
Daiyuu Nobori
acf49ad536
Merge pull request #344 from quantum5/openssl1.1
...
OpenSSL 1.1 Port
2017-10-18 16:58:46 +09:00
Daiyuu Nobori
1b73778e3f
Merge pull request #315 from rel22/SoftetherVPN-RuToken-S-patch-1
...
Added support for RuToken USB key PKCS#11
2017-10-18 16:58:19 +09:00
Daiyuu Nobori
f9436daa6f
Merge pull request #313 from zulzardi/patch-2
...
Fixed RSA key bits wrong calculation for certain x509 certificate
2017-10-18 16:58:09 +09:00
Quantum
0746be43a2
OpenSSL 1.1 Port.
...
Some potential problems with Ssl_Init_Async_SendAlert.
2017-07-29 22:31:25 -04:00
rel22
61e71be380
Add support for RuToken USB key PKCS#11
...
Test on RuToken-S key.
https://www.rutoken.ru/products/all/rutoken-s/
2017-03-13 18:17:24 +03:00
Zulyandri Zardi
a3db7b2e3d
Update Encrypt.c
...
Fixed RSA bits wrong calculation for certain x509 certificate
2017-03-10 12:04:17 +08:00
Moataz Elmasry
071004477f
Fix errors while adding SHA2 support to HMAC
2017-01-23 02:03:37 +01:00
Moataz Elmasry
29234b7f9a
Add HMAC SHA2 to IKE
2017-01-23 00:50:48 +01:00
Moataz Elmasry
342d602f5d
Add support for HMAC SHA2-256, HMAC SHA2-384, HMAC SHA2-512
2017-01-22 16:09:30 +01:00
Ilya Shipitsin
095d5e7b70
fix "Access to field 'p' results in a dereference of a null pointer (loaded from field 'Folders')" found by clang static analyzer
2016-11-28 19:33:15 +05:00
Ilya Shipitsin
39cf3a77cc
fix "Function call argument is an uninitialized value" found by clang static analyzer
2016-11-28 19:28:41 +05:00
Ilya Shipitsin
a658963cdc
make code more readable (inspired by clang static analyzer)
2016-11-28 17:56:00 +05:00
Ilya Shipitsin
334765ffd7
resolved several cppcheck findings:
...
[src/Cedar/Admin.c:418]: (error) Possible null pointer dereference: cedar
[src/Cedar/Admin.c:616]: (error) Possible null pointer dereference: cedar
[src/Cedar/WebUI.c:369]: (error) Uninitialized variable: retcode
[src/Mayaqua/Encrypt.c:4485]: (error) Uninitialized variable: key
[src/Mayaqua/Network.c:13548]: (error) Uninitialized variable: e
2016-11-28 17:27:29 +05:00
dnobori
4df2eb4f9c
v4.22-9634-beta
2016-11-27 17:43:14 +09:00
Daiyuu Nobori
5f8ce287c3
Merge pull request #133 from yehorov/master
...
Add the possibility to send the Virtual Hub Name to an external DHCP server
2016-11-27 17:55:04 +09:00
Daiyuu Nobori
697bff4023
Merge pull request #165 from micsell/cpupatch
...
Fixed OSX CPU utilization by replacing broken kevent() with select()
2016-11-27 17:54:57 +09:00
Daiyuu Nobori
034a213c2c
Merge pull request #204 from LegDog/master
...
Adding Radius AVP Called-Station-Id
2016-11-27 17:53:45 +09:00
Daiyuu Nobori
712adc6d74
resolved the conflict
2016-11-27 17:48:18 +09:00
Luiz Eduardo Gava
ced0856ab1
HTTPS /wiki redir to 443 (test)
2016-11-08 14:44:35 -02:00
Mykhaylo Yehorov
03ffd7535a
merge upstream v4.21-9613-beta
2016-05-04 12:27:52 +03:00
Ilya Shipitsin
84f95447a3
cppcheck issues:
...
[src/Cedar/WebUI.c:1728] -> [src/Cedar/WebUI.c:1730]: (warning) Either the condition 'buf==0' is redundant or there is possible null pointer dereference: buf.
[src/Mayaqua/FileIO.c:383] -> [src/Mayaqua/FileIO.c:386]: (warning) Either the condition 'p==0' is redundant or there is possible null pointer dereference: p.
[src/Mayaqua/TcpIp.c:1837] -> [src/Mayaqua/TcpIp.c:1839]: (warning) Either the condition 'tcp!=0' is redundant or there is possible null pointer dereference: tcp.
2016-04-29 23:59:35 +05:00
dnobori
1e17c9bcfd
v4.21-9613-beta
2016-04-24 23:49:31 +09:00
Mykhaylo Yehorov
4a3f08e5b8
merge upstream v4.19-9605-beta
2016-03-08 21:32:14 +02:00
dnobori
17e624ac26
v4.19-9605-beta
2016-03-06 23:16:01 +09:00
Raymond Tau
04b72873c7
Fix the problem of the DisableSslVersions patch.
2015-11-23 16:15:10 +08:00
Raymond Tau
8b1b67faed
Introduce DisableSslVersions.
...
The SSL Versions specified will be disabled on server context.
2015-11-10 00:55:24 +08:00
Mykhaylo Yehorov
3228b114a4
merge upstream v4.19-9599-beta
2015-10-19 22:42:18 +03:00
dnobori
d3a1b26413
v4.19-9599-beta
2015-10-19 21:30:51 +09:00
Mykhaylo Yehorov
7aaf3d8fd3
merge upstream v4.19-9582-beta
2015-10-13 23:13:25 +03:00
dnobori
4e862a7e40
v4.19-9582-beta
2015-10-06 20:18:00 +09:00
Mykhaylo Yehorov
1cf9df5539
merge upstream v4.18-9570-rtm
2015-07-26 23:10:21 +03:00
dnobori
4b65e251f2
v4.18-9570-rtm
2015-07-26 19:39:40 +09:00
Mykhaylo Yehorov
7e00268084
merge with vendor v4.17-9566-beta
2015-07-21 01:15:44 +03:00
dnobori
860f743dd7
v4.17-9566-beta
2015-07-17 00:31:57 +09:00
Mykhaylo Yehorov
1a9fe52991
merge with vendor
2015-07-15 19:28:20 +03:00
Mike Selivanov
29d330522d
Fixed OSX CPU utilization by replacing broken kevent() with select()
2015-07-09 01:11:40 +03:00
dnobori
ff49706373
v4.17-9562-beta
2015-05-31 19:02:35 +09:00
dnobori
983c19c043
v4.15-9539-beta
2015-04-04 05:58:09 +09:00
dnobori
1f645c9816
v4.15-9537-beta
2015-03-26 18:01:02 +09:00
Mykhaylo Yehorov
ffddfe1ad3
Add the possibility to send the Virtual Hub Name to an external DHCP server
2015-02-09 23:47:35 +02:00
dnobori
3305046721
v4.13-9525-beta
2015-02-02 12:33:23 +09:00
dnobori
5efab0381c
v4.13-9525-beta
2015-02-02 12:33:23 +09:00
dnobori
ef4c0d5866
v4.13-9524-beta
2015-01-31 03:28:09 +09:00
dnobori
96da053c84
v4.13-9524-beta
2015-01-31 03:28:09 +09:00
dnobori
06a72040a3
v4.13-9522-beta
2015-01-30 22:30:34 +09:00
NV
ad58da4179
Add DhParamBits configuration to set Diffie-Hellman parameters
2015-01-27 03:32:29 +09:00
dnobori
75f9836ce5
v4.12-9514-beta
2014-11-18 12:05:48 +09:00
dnobori
2b3a4d0b75
v4.11-9506-beta
2014-10-23 01:00:30 +09:00
dnobori
10d4b2c43d
v4.10-9505-beta
2014-10-04 00:09:23 +09:00
dnobori
9f7d8578a7
v4.10-9472-beta
2014-07-12 02:06:20 +09:00
dnobori
ea38eef377
v4.08-9449-rtm
2014-06-08 16:40:44 +09:00
dnobori
719ee999d6
v4.07-9448-rtm
2014-06-06 06:53:20 +09:00
dnobori
a3a4ad0b0a
v4.06-9436-beta
2014-04-09 09:35:00 +09:00
dnobori
16d73ccb57
v4.06-9435-beta
2014-03-26 12:38:30 +09:00
dnobori
e61fca4d9d
v4.06-9433-beta
2014-03-21 14:07:45 +09:00
dnobori
cf2a6a42bc
v4.06-9430-beta
2014-03-20 05:45:05 +09:00
nattoheaven
4c48388b12
Several Tunings for OS X
2014-03-12 08:06:21 +09:00
dnobori
e8ce5fa014
v4.05-9422-beta
2014-02-17 03:16:50 +09:00
dnobori
bb853cc18b
v4.05-9416-beta
2014-02-06 01:36:42 +09:00
Daiyuu Nobori
cdd4540baa
Merge pull request #10 from nattoheaven/tuntaposx
...
Supporting VLAN for Mac OS X using TunTapOSX
2014-02-06 01:35:26 +09:00
dnobori
001fd910fe
v4.04-9412-rtm
2014-01-15 18:01:42 +09:00
nattoheaven
8779e59295
Supporting VLAN for Mac OS X using TunTapOSX
2014-01-14 23:19:52 +09:00
Melvyn
a24f914b08
Update Unix.c
...
fixed a typo visible in the server info ("Liunx" => "Linux")
2014-01-07 11:58:30 +01:00
dnobori
d1bc9c57c5
v4.03-9411-rtm
2014-01-07 05:40:52 +09:00
dnobori
749497dde0
v4.03-9408-rtm
2014-01-04 22:00:08 +09:00