1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-27 03:49:52 +03:00
Commit Graph

82 Commits

Author SHA1 Message Date
Daiyuu Nobori
8c0c4396b7 Add the Alternative subject name field on the new X.509 certificate creation. 2018-02-12 23:56:14 +01:00
Daiyuu Nobori
02bcf9152c Fix a bug in the Win32EnumDirExW() function. 2018-02-12 23:55:34 +01:00
Ilya Shipitsin
79c06146a4 remove unused functions (identified by cppcheck)
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
2018-02-08 00:20:07 +01:00
Guanzhong Chen
56c4582da8 Allow specifying cipher suites instead of single ciphers (#343)
* Allow specifying cipher suites instead of single ciphers.

CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.

CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.

* Remove unused temporary variable.
2018-02-08 00:13:41 +01:00
Moataz Elmasry
8cafa07d9c Set an initialization value in Network.c to be conform with PR #275 2018-02-01 00:10:04 +01:00
Moataz Elmasry
a5fa265811
Merge pull request #275 from chipitsine/master
cppcheck findings
2018-02-01 00:06:08 +01:00
Moataz Elmasry
9d6c1ea0e9 Add missing function definition 2018-01-25 02:58:18 +01:00
Moataz Elmasry
93d9ade990 Merge PR #129 into master. 2018-01-25 02:55:11 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
macvk
ab4b27ab3c Add parameter "ListenIP" to server configuration (vpn_server.config) (#202)
* Added parameter "ListenIP" to server configuration (vpn_server.config)

* Fixed bug in VPN client
2018-01-11 23:53:38 +01:00
Daiyuu Nobori
ce3d35c595 Added the function to save the DNS query log on the packet logs. (fix) 2017-12-22 07:26:06 +09:00
Daiyuu Nobori
a0b54d7c6d Added the TCP destination port 3128 (well known as Squid default port) to assume as the HTTP proxy port on the packet logging. 2017-12-21 23:25:08 +09:00
Daiyuu Nobori
bb30535bb6 Fix the function name: RFC3164 -> RFC3339 2017-12-21 23:24:06 +09:00
Daiyuu Nobori
97e7a82be2 Added the function to save the DNS query log on the packet logs. 2017-12-21 23:23:17 +09:00
Daiyuu Nobori
1f2c052dfb Fixed the bug on the OpenVPN Server function. 2017-10-23 02:54:51 +09:00
Daiyuu Nobori
9f9dc459a7 Preparing the development branch 2017-10-19 15:00:41 +09:00
dnobori
faee11ff09 v4.23-9647-beta 2017-10-18 18:24:21 +09:00
Daiyuu Nobori
acf49ad536 Merge pull request #344 from quantum5/openssl1.1
OpenSSL 1.1 Port
2017-10-18 16:58:46 +09:00
Daiyuu Nobori
1b73778e3f Merge pull request #315 from rel22/SoftetherVPN-RuToken-S-patch-1
Added support for RuToken USB key PKCS#11
2017-10-18 16:58:19 +09:00
Daiyuu Nobori
f9436daa6f Merge pull request #313 from zulzardi/patch-2
Fixed RSA key bits wrong calculation for certain x509 certificate
2017-10-18 16:58:09 +09:00
Quantum
0746be43a2 OpenSSL 1.1 Port.
Some potential problems with Ssl_Init_Async_SendAlert.
2017-07-29 22:31:25 -04:00
rel22
61e71be380 Add support for RuToken USB key PKCS#11
Test on RuToken-S key.
https://www.rutoken.ru/products/all/rutoken-s/
2017-03-13 18:17:24 +03:00
Zulyandri Zardi
a3db7b2e3d Update Encrypt.c
Fixed RSA bits wrong calculation for certain x509 certificate
2017-03-10 12:04:17 +08:00
Moataz Elmasry
071004477f Fix errors while adding SHA2 support to HMAC 2017-01-23 02:03:37 +01:00
Moataz Elmasry
29234b7f9a Add HMAC SHA2 to IKE 2017-01-23 00:50:48 +01:00
Moataz Elmasry
342d602f5d Add support for HMAC SHA2-256, HMAC SHA2-384, HMAC SHA2-512 2017-01-22 16:09:30 +01:00
Ilya Shipitsin
095d5e7b70 fix "Access to field 'p' results in a dereference of a null pointer (loaded from field 'Folders')" found by clang static analyzer 2016-11-28 19:33:15 +05:00
Ilya Shipitsin
39cf3a77cc fix "Function call argument is an uninitialized value" found by clang static analyzer 2016-11-28 19:28:41 +05:00
Ilya Shipitsin
a658963cdc make code more readable (inspired by clang static analyzer) 2016-11-28 17:56:00 +05:00
Ilya Shipitsin
334765ffd7 resolved several cppcheck findings:
[src/Cedar/Admin.c:418]: (error) Possible null pointer dereference: cedar
[src/Cedar/Admin.c:616]: (error) Possible null pointer dereference: cedar
[src/Cedar/WebUI.c:369]: (error) Uninitialized variable: retcode
[src/Mayaqua/Encrypt.c:4485]: (error) Uninitialized variable: key
[src/Mayaqua/Network.c:13548]: (error) Uninitialized variable: e
2016-11-28 17:27:29 +05:00
dnobori
4df2eb4f9c v4.22-9634-beta 2016-11-27 17:43:14 +09:00
Daiyuu Nobori
5f8ce287c3 Merge pull request #133 from yehorov/master
Add the possibility to send the Virtual Hub Name to an external DHCP server
2016-11-27 17:55:04 +09:00
Daiyuu Nobori
697bff4023 Merge pull request #165 from micsell/cpupatch
Fixed OSX CPU utilization by replacing broken kevent() with select()
2016-11-27 17:54:57 +09:00
Daiyuu Nobori
034a213c2c Merge pull request #204 from LegDog/master
Adding Radius AVP Called-Station-Id
2016-11-27 17:53:45 +09:00
Daiyuu Nobori
712adc6d74 resolved the conflict 2016-11-27 17:48:18 +09:00
Luiz Eduardo Gava
ced0856ab1 HTTPS /wiki redir to 443 (test) 2016-11-08 14:44:35 -02:00
Mykhaylo Yehorov
03ffd7535a merge upstream v4.21-9613-beta 2016-05-04 12:27:52 +03:00
Ilya Shipitsin
84f95447a3 cppcheck issues:
[src/Cedar/WebUI.c:1728] -> [src/Cedar/WebUI.c:1730]: (warning) Either the condition 'buf==0' is redundant or there is possible null pointer dereference: buf.
[src/Mayaqua/FileIO.c:383] -> [src/Mayaqua/FileIO.c:386]: (warning) Either the condition 'p==0' is redundant or there is possible null pointer dereference: p.
[src/Mayaqua/TcpIp.c:1837] -> [src/Mayaqua/TcpIp.c:1839]: (warning) Either the condition 'tcp!=0' is redundant or there is possible null pointer dereference: tcp.
2016-04-29 23:59:35 +05:00
dnobori
1e17c9bcfd v4.21-9613-beta 2016-04-24 23:49:31 +09:00
Mykhaylo Yehorov
4a3f08e5b8 merge upstream v4.19-9605-beta 2016-03-08 21:32:14 +02:00
dnobori
17e624ac26 v4.19-9605-beta 2016-03-06 23:16:01 +09:00
Raymond Tau
04b72873c7 Fix the problem of the DisableSslVersions patch. 2015-11-23 16:15:10 +08:00
Raymond Tau
8b1b67faed Introduce DisableSslVersions.
The SSL Versions specified will be disabled on server context.
2015-11-10 00:55:24 +08:00
Mykhaylo Yehorov
3228b114a4 merge upstream v4.19-9599-beta 2015-10-19 22:42:18 +03:00
dnobori
d3a1b26413 v4.19-9599-beta 2015-10-19 21:30:51 +09:00
Mykhaylo Yehorov
7aaf3d8fd3 merge upstream v4.19-9582-beta 2015-10-13 23:13:25 +03:00
dnobori
4e862a7e40 v4.19-9582-beta 2015-10-06 20:18:00 +09:00
Mykhaylo Yehorov
1cf9df5539 merge upstream v4.18-9570-rtm 2015-07-26 23:10:21 +03:00
dnobori
4b65e251f2 v4.18-9570-rtm 2015-07-26 19:39:40 +09:00
Mykhaylo Yehorov
7e00268084 merge with vendor v4.17-9566-beta 2015-07-21 01:15:44 +03:00