1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-12-26 01:59:53 +03:00
Commit Graph

1060 Commits

Author SHA1 Message Date
Ilya Shipitsin
db7d6c83d5 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

   CID 343537 (#1 of 1): Dereference before null check (REVERSE_INULL)
   check_after_deref: Null-checking name suggests that it may be null
   but it has already been dereferenced on all paths leading to the
   check.
   664        if (name == NULL)
   665        {
   666                sec->Error = SEC_ERROR_BAD_PARAMETER;
   667                return false;
   668        }
2023-05-01 06:09:38 +02:00
Ilya Shipitsin
a89adaebc3 src/Mayaqua/Secure.c: fix potential null pointer dereference
found by coverity

 CID 343536 (#1 of 1): Dereference before null check (REVERSE_INULL)
 check_after_deref: Null-checking name suggests that it may be null, but
 it has already been dereferenced on all paths leading to the check.
 1339        if (name == NULL || data == NULL || size == 0)
 1340        {
 1341                sec->Error = SEC_ERROR_BAD_PARAMETER;
 1342                return false;
 1343        }
2023-05-01 06:07:19 +02:00
Ilya Shipitsin
46e73e944f src/Mayaqua/Unix.c: fix guarding
SoftEtherVPN/src/Mayaqua/Unix.c:51:25: warning: missing
terminating ' character
   51 | #include <sys/statvfs.h>'
2023-04-29 22:31:55 +02:00
Ilya Shipitsin
8fc27da780
Merge pull request #1829 from chipitsine/master
src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
2023-04-22 08:26:47 +02:00
Ilya Shipitsin
df6df007a3 src/Mayaqua/Str.c: fix denial of service reported by Cisco Talos
TALOS-2023-1741
CVE-2023-23581

SoftEther VPN vpnserver EnSafeHttpHeaderValueStr denial of service
vulnerability

A denial of service vulnerability exists in the vpnserver
EnSafeHttpHeaderValueStr functionality of SoftEther VPN 5.01.9674 and
5.02. A specially-crafted network packet can lead to denial of service.
2023-04-21 22:38:22 +02:00
Ilya Shipitsin
d2e673a47d src/Cedar/Proto_OpenVPN.c: fix denial of service found by Cisco Talos
specially crafted network packet lead to buffer overrun and process
crash. working exploit was provided by Cisco Talos team.

An integer underflow vulnerability exists in the vpnserver
OvsProcessData functionality of SoftEther VPN 5.01.9674 and 5.02. A
specially-crafted network packet can lead to denial of service. An
attacker can send a malicious packet to trigger this vulnerability.

The versions below were either tested or verified to be vulnerable by
Talos or confirmed to be vulnerable by the vendor.

SoftEther VPN 5.01.9674
SoftEther VPN 5.02
While 5.01.9674 is a development version, it is distributed at the time
of writing by Ubuntu and other Debian-based distributions.
2023-04-16 23:06:30 +02:00
Yihong Wu
df7ea3c54a Mayaqua/Memory: Fix memory corruption in base64 2023-03-31 09:14:39 +00:00
dependabot[bot]
fb83ac08f2
Bump webpack in /src/bin/hamcore/wwwroot/admin/default
Bumps [webpack](https://github.com/webpack/webpack) from 5.75.0 to 5.76.0.
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v5.75.0...v5.76.0)

---
updated-dependencies:
- dependency-name: webpack
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-15 09:35:00 +00:00
Ilya Shipitsin
e6123d36a0
Merge pull request #1782 from metalefty/adjust-version-string
Cedar: Trim contiguous whitespaces in version string
2023-03-12 08:32:55 +01:00
dependabot[bot]
91053622ab
Bump minimist and mkdirp in /src/bin/hamcore/wwwroot/admin/default
Bumps [minimist](https://github.com/minimistjs/minimist) and [mkdirp](https://github.com/isaacs/node-mkdirp). These dependencies needed to be updated together.

Updates `minimist` from 0.0.8 to 1.2.8
- [Release notes](https://github.com/minimistjs/minimist/releases)
- [Changelog](https://github.com/minimistjs/minimist/blob/main/CHANGELOG.md)
- [Commits](https://github.com/minimistjs/minimist/compare/v0.0.8...v1.2.8)

Updates `mkdirp` from 0.5.1 to 0.5.6
- [Release notes](https://github.com/isaacs/node-mkdirp/releases)
- [Changelog](https://github.com/isaacs/node-mkdirp/blob/main/CHANGELOG.md)
- [Commits](https://github.com/isaacs/node-mkdirp/compare/0.5.1...v0.5.6)

---
updated-dependencies:
- dependency-name: minimist
  dependency-type: indirect
- dependency-name: mkdirp
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-03-03 01:26:17 +00:00
Koichiro IWAO
1fe26ccb6c
Cedar: Trim contiguous whitespaces in version string
Before change, contiguous whitespaces appeared in version string.
This room is for beta string (such as Alpha, Beta) and beta number but
it looks a bit odd if the build is not alpha/beta/RC.

> Version 5.02 Build 5180 Alpha 3 (Japanese)
> Version 5.02 Build 5180 Beta 3 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
> Version 5.02 Build 5180   (Japanese)
>                        ^^^

Now version string looks neat like this:

> Version 5.02 Build 5180 (Japanese)
> Version 5.02 Build 5180 Release Candidate 3 (Japanese)
2023-03-01 16:14:04 +09:00
Koichiro IWAO
bedf1cd7e9
Mayaqua/Unix: Make VM detection work on FreeBSD
This is just a cosmetic problem in the result of "Caps" command which
gets the list of server functions/capability.  There's no behavioural
change in SoftEtherVPN whether running on VM so far.
2023-02-28 20:08:04 +09:00
Yihong Wu
1741dfdccc Cedar/Proto_PPP: Fix radius authentication 2023-02-23 13:03:10 +00:00
Yihong Wu
eea1de3d25 Mayaqua/Network: Fix empty packet being treated as error 2023-02-19 05:41:55 +00:00
Evengard
c67d9ee201 Fixing up coverity report flags from #1760 and #1761 2023-02-04 17:47:20 +03:00
Yihong Wu
025ebec4cc Fix thread safety after #1751 2023-02-02 06:53:30 +00:00
Ilya Shipitsin
11828be9e6
Merge pull request #1751 from Evengard/eap-tls-fixups
TLS 1.3 for EAP-TLS, user search by certificate CN
2023-02-01 09:47:38 +06:00
Evengard
edcdc923ad Reworked EAP-TLS 1.3 to account for RFC9190, implemented searching by certificate instead of certificate CN 2023-01-31 20:33:18 +03:00
Yihong Wu
6ce91e9c81 Cedar/IPC: Change IPv6 router lookup to non-blocking
Fix #1755
2023-01-31 05:20:40 +00:00
Yihong Wu
43aaca509d
Cedar/Proto_PPP: Fix memory leak 2023-01-30 20:24:45 +09:00
Yihong Wu
0cdf0eacbf Cedar/IPC: Improve IPv6CP configuration 2023-01-28 09:05:28 +00:00
Kensei Sakai
54593e8cac
add requirements package on Debian/Ubuntu
On Ubuntu Server 22.04 LTS (and newer?), the ./configure command fails because the 'pkgconf' package is not installed by default. Suggest that the 'pkgconf' package be installed in this command line.
2023-01-26 01:35:37 +09:00
Evengard
26403c70e3 Reworking the EAP CN matching option from admin options to extended options 2023-01-24 12:18:20 +03:00
Evengard
0a60cdf141 Hiding the EAP-TLS match user by certificate behind an admin option, disabled by default 2023-01-24 11:48:49 +03:00
Evengard
149096e13c * Implementing user search by certificate common name.
* Reworking EAP-TLS flow
* Implementing iterative TLS downgrade supporting PPPD TLS 1.3+Tickets, Windows TLS 1.3 w/o Tickets, VPN Client Pro TLS 1.2.
2023-01-23 23:57:19 +03:00
Ilya Shipitsin
c7766d072b src/Mayaqua/Unix.c: improve memory allocation handling according to Coverity
1875        if (mutex == NULL)
1876        {
    CID 367204 (#1 of 1): Resource leak (RESOURCE_LEAK)4. leaked_storage: Variable lock going out of scope leaks the storage it points to.
1877                return NULL;
1878        }
2023-01-15 13:30:37 +06:00
Ilya Shipitsin
6a5f4b0dfd src/Cedar/Virtual.c: mute Coverity warning
4272                FreeBlock(block);
    CID 375153 (#1 of 1): Uninitialized scalar variable (UNINIT)44. uninit_use: Using uninitialized value send_size.
4273                if (send_size == 0)
2023-01-14 21:38:28 +06:00
Yihong Wu
6e48227d93
Update CMakeLists.txt 2023-01-07 10:27:47 +09:00
Yihong Wu
1b79df7954 Mayaqua/CMakeLists: Fix win32 build without vcpkg 2023-01-06 22:32:28 +09:00
dependabot[bot]
2e8723b967
Bump json5, ts-loader, webpack and webpack-cli
Removes [json5](https://github.com/json5/json5). It's no longer used after updating ancestor dependencies [json5](https://github.com/json5/json5), [ts-loader](https://github.com/TypeStrong/ts-loader), [webpack](https://github.com/webpack/webpack) and [webpack-cli](https://github.com/webpack/webpack-cli). These dependencies need to be updated together.


Removes `json5`

Updates `ts-loader` from 6.0.1 to 9.4.2
- [Release notes](https://github.com/TypeStrong/ts-loader/releases)
- [Changelog](https://github.com/TypeStrong/ts-loader/blob/main/CHANGELOG.md)
- [Commits](https://github.com/TypeStrong/ts-loader/compare/v6.0.1...v9.4.2)

Updates `webpack` from 4.32.2 to 5.75.0
- [Release notes](https://github.com/webpack/webpack/releases)
- [Commits](https://github.com/webpack/webpack/compare/v4.32.2...v5.75.0)

Updates `webpack-cli` from 3.3.12 to 5.0.1
- [Release notes](https://github.com/webpack/webpack-cli/releases)
- [Changelog](https://github.com/webpack/webpack-cli/blob/master/CHANGELOG.md)
- [Commits](https://github.com/webpack/webpack-cli/compare/v3.3.12...webpack-cli@5.0.1)

---
updated-dependencies:
- dependency-name: json5
  dependency-type: indirect
- dependency-name: ts-loader
  dependency-type: direct:development
- dependency-name: webpack
  dependency-type: direct:development
- dependency-name: webpack-cli
  dependency-type: direct:development
...

Signed-off-by: dependabot[bot] <support@github.com>
2023-01-01 08:28:23 +00:00
Ilya Shipitsin
86e44e8d7b LibreSSL-3.7.0 compatibility 2022-12-25 11:35:29 +06:00
dependabot[bot]
99374ba446
Bump decode-uri-component in /src/bin/hamcore/wwwroot/admin/default
Bumps [decode-uri-component](https://github.com/SamVerschueren/decode-uri-component) from 0.2.0 to 0.2.2.
- [Release notes](https://github.com/SamVerschueren/decode-uri-component/releases)
- [Commits](https://github.com/SamVerschueren/decode-uri-component/compare/v0.2.0...v0.2.2)

---
updated-dependencies:
- dependency-name: decode-uri-component
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-12-03 13:51:53 +00:00
Yihong Wu
d8e56f9dbc Add build instruction for dynamic linking OpenSSL
Co-authored-by: Davide Beatrici <github@davidebeatrici.dev>
2022-11-27 19:33:52 +09:00
Koichiro IWAO
e2ad7d5e8f Fix wrong shortcut key assignment
Fixes #1702.
2022-11-17 16:11:30 +09:00
Ilya Shipitsin
9eb9d57c27
Merge pull request #1700 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/kind-of-6.0.3
Bump kind-of from 6.0.2 to 6.0.3 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 21:00:03 +05:00
Ilya Shipitsin
28ec0d54b8
Merge pull request #1697 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/yargs-parser-13.1.2
Bump yargs-parser from 11.1.1 to 13.1.2 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 20:56:54 +05:00
dependabot[bot]
506677bf60
Bump kind-of in /src/bin/hamcore/wwwroot/admin/default
Bumps [kind-of](https://github.com/jonschlinkert/kind-of) from 6.0.2 to 6.0.3.
- [Release notes](https://github.com/jonschlinkert/kind-of/releases)
- [Changelog](https://github.com/jonschlinkert/kind-of/blob/master/CHANGELOG.md)
- [Commits](https://github.com/jonschlinkert/kind-of/compare/6.0.2...6.0.3)

---
updated-dependencies:
- dependency-name: kind-of
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 15:42:01 +00:00
dependabot[bot]
6a1b55293c
Bump yargs-parser in /src/bin/hamcore/wwwroot/admin/default
Bumps [yargs-parser](https://github.com/yargs/yargs-parser) from 11.1.1 to 13.1.2.
- [Release notes](https://github.com/yargs/yargs-parser/releases)
- [Changelog](https://github.com/yargs/yargs-parser/blob/main/docs/CHANGELOG-full.md)
- [Commits](https://github.com/yargs/yargs-parser/commits)

---
updated-dependencies:
- dependency-name: yargs-parser
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 15:39:28 +00:00
Ilya Shipitsin
49c1a84752
Merge pull request #1699 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/serialize-javascript-and-terser-webpack-plugin-4.0.0
Bump serialize-javascript and terser-webpack-plugin in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 20:35:18 +05:00
Ilya Shipitsin
34a9a7bc46
Merge pull request #1698 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/set-value-and-union-value-2.0.1
Bump set-value and union-value in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 20:22:47 +05:00
dependabot[bot]
e7980ae9b1
Bump serialize-javascript and terser-webpack-plugin
Bumps [serialize-javascript](https://github.com/yahoo/serialize-javascript) and [terser-webpack-plugin](https://github.com/webpack-contrib/terser-webpack-plugin). These dependencies needed to be updated together.

Updates `serialize-javascript` from 1.7.0 to 4.0.0
- [Release notes](https://github.com/yahoo/serialize-javascript/releases)
- [Commits](https://github.com/yahoo/serialize-javascript/compare/v1.7.0...v4.0.0)

Updates `terser-webpack-plugin` from 1.3.0 to 1.4.5
- [Release notes](https://github.com/webpack-contrib/terser-webpack-plugin/releases)
- [Changelog](https://github.com/webpack-contrib/terser-webpack-plugin/blob/v1.4.5/CHANGELOG.md)
- [Commits](https://github.com/webpack-contrib/terser-webpack-plugin/compare/v1.3.0...v1.4.5)

---
updated-dependencies:
- dependency-name: serialize-javascript
  dependency-type: indirect
- dependency-name: terser-webpack-plugin
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 14:44:52 +00:00
dependabot[bot]
9f53cf5bdb
Bump set-value and union-value in /src/bin/hamcore/wwwroot/admin/default
Bumps [set-value](https://github.com/jonschlinkert/set-value) and [union-value](https://github.com/jonschlinkert/union-value). These dependencies needed to be updated together.

Updates `set-value` from 2.0.0 to 2.0.1
- [Release notes](https://github.com/jonschlinkert/set-value/releases)
- [Commits](https://github.com/jonschlinkert/set-value/compare/2.0.0...2.0.1)

Updates `union-value` from 1.0.0 to 1.0.1
- [Release notes](https://github.com/jonschlinkert/union-value/releases)
- [Commits](https://github.com/jonschlinkert/union-value/compare/1.0.0...1.0.1)

---
updated-dependencies:
- dependency-name: set-value
  dependency-type: indirect
- dependency-name: union-value
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 14:43:12 +00:00
Ilya Shipitsin
c492276a94
Merge pull request #1695 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/glob-parent-and-watchpack-5.1.2
Bump glob-parent and watchpack in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 19:36:00 +05:00
Ilya Shipitsin
661e61538e
Merge pull request #1694 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/ansi-regex-3.0.1
Bump ansi-regex from 3.0.0 to 3.0.1 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 19:34:56 +05:00
Ilya Shipitsin
b5a83cc208
Merge pull request #1691 from SoftEtherVPN/dependabot/npm_and_yarn/src/bin/hamcore/wwwroot/admin/default/loader-utils-1.4.2
Bump loader-utils from 1.2.3 to 1.4.2 in /src/bin/hamcore/wwwroot/admin/default
2022-11-12 19:34:07 +05:00
dependabot[bot]
b6d2ec3b76
Bump glob-parent and watchpack in /src/bin/hamcore/wwwroot/admin/default
Bumps [glob-parent](https://github.com/gulpjs/glob-parent) and [watchpack](https://github.com/webpack/watchpack). These dependencies needed to be updated together.

Updates `glob-parent` from 3.1.0 to 5.1.2
- [Release notes](https://github.com/gulpjs/glob-parent/releases)
- [Changelog](https://github.com/gulpjs/glob-parent/blob/main/CHANGELOG.md)
- [Commits](https://github.com/gulpjs/glob-parent/compare/v3.1.0...v5.1.2)

Updates `watchpack` from 1.6.0 to 1.7.5
- [Release notes](https://github.com/webpack/watchpack/releases)
- [Commits](https://github.com/webpack/watchpack/compare/v1.6.0...v1.7.5)

---
updated-dependencies:
- dependency-name: glob-parent
  dependency-type: indirect
- dependency-name: watchpack
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:32:44 +00:00
dependabot[bot]
4ebf713911
Bump ansi-regex in /src/bin/hamcore/wwwroot/admin/default
Bumps [ansi-regex](https://github.com/chalk/ansi-regex) from 3.0.0 to 3.0.1.
- [Release notes](https://github.com/chalk/ansi-regex/releases)
- [Commits](https://github.com/chalk/ansi-regex/compare/v3.0.0...v3.0.1)

---
updated-dependencies:
- dependency-name: ansi-regex
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:31:04 +00:00
dependabot[bot]
b5727b3525
Bump loader-utils in /src/bin/hamcore/wwwroot/admin/default
Bumps [loader-utils](https://github.com/webpack/loader-utils) from 1.2.3 to 1.4.2.
- [Release notes](https://github.com/webpack/loader-utils/releases)
- [Changelog](https://github.com/webpack/loader-utils/blob/v1.4.2/CHANGELOG.md)
- [Commits](https://github.com/webpack/loader-utils/compare/v1.2.3...v1.4.2)

---
updated-dependencies:
- dependency-name: loader-utils
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:14:27 +00:00
dependabot[bot]
372759d2ad
Bump minimatch in /src/bin/hamcore/wwwroot/admin/default
Bumps [minimatch](https://github.com/isaacs/minimatch) from 3.0.4 to 3.1.2.
- [Release notes](https://github.com/isaacs/minimatch/releases)
- [Commits](https://github.com/isaacs/minimatch/compare/v3.0.4...v3.1.2)

---
updated-dependencies:
- dependency-name: minimatch
  dependency-type: indirect
...

Signed-off-by: dependabot[bot] <support@github.com>
2022-11-12 09:14:23 +00:00
Yihong Wu
05fa675d5a Exclude inactive routes in Windows routing management 2022-09-16 17:25:11 +09:00