1
0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2024-11-14 05:30:41 +03:00
Commit Graph

93 Commits

Author SHA1 Message Date
Alexey Kryuchkov
83295bb736 OpenVPN client certificate authentication (Individual Certificate Authentication) (#327)
* Implement OpenVPN certificate authentication, fixes #55

* fixup! Implement OpenVPN certificate authentication, fixes #55
2018-04-05 23:04:58 +02:00
Evengard
9fff38de2b Rewriting PPP stack, preparing for IPv6 support 2018-03-15 12:49:18 +03:00
Ilya Shipitsin
79c06146a4 remove unused functions (identified by cppcheck)
[src/Cedar/Account.c:854]: (style) The function 'AddGroupTraffic' is never used.
[src/Mayaqua/Secure.c:1455]: (style) The function 'AddSecObjToEnumCache' is never used.
[src/Mayaqua/Network.c:18445]: (style) The function 'AddSockList' is never used.
[src/Cedar/Account.c:870]: (style) The function 'AddUserTraffic' is never used.
[src/Cedar/Server.c:1045]: (style) The function 'AdjoinEnumLogFile' is never used.
[src/Cedar/Admin.c:13780]: (style) The function 'AdminConnect' is never used.
[src/Mayaqua/Encrypt.c:855]: (style) The function 'BigNumToStr' is never used.
[src/Mayaqua/Str.c:2113]: (style) The function 'Bit128ToStr' is never used.
[src/Mayaqua/Encrypt.c:898]: (style) The function 'BufToBigNum' is never used.
[src/Mayaqua/Internat.c:1874]: (style) The function 'CalcStrToUtf8' is never used.
[src/Cedar/Hub.c:6689]: (style) The function 'CalcTrafficDiff' is never used.
[src/Mayaqua/Internat.c:1819]: (style) The function 'CalcUtf8ToStr' is never used.
[src/Mayaqua/Network.c:6495]: (style) The function 'CanGetTcpProcessId' is never used.
[src/Cedar/WinUi.c:7226]: (style) The function 'CbInsertStrA' is never used.
[src/Cedar/Client.c:3035]: (style) The function 'CcEnumObjectInSecure' is never used.
[src/Cedar/Client.c:2826]: (style) The function 'CcGetCommonProxySetting' is never used.
[src/Cedar/Client.c:2857]: (style) The function 'CcSetCommonProxySetting' is never used.
[src/Cedar/Cedar.c:575]: (style) The function 'CedarLog' is never used.
[src/Cedar/WinUi.c:9841]: (style) The function 'Center2' is never used.
[src/Mayaqua/Encrypt.c:814]: (style) The function 'CertTest' is never used.
[src/Mayaqua/Encrypt.c:809]: (style) The function 'CertTest2' is never used.
[src/Mayaqua/Encrypt.c:819]: (style) The function 'CertTest_' is never used.
[src/Mayaqua/Cfg.c:1705]: (style) The function 'CfgIsFolder' is never used.
2018-02-08 00:20:07 +01:00
Guanzhong Chen
56c4582da8 Allow specifying cipher suites instead of single ciphers (#343)
* Allow specifying cipher suites instead of single ciphers.

CipherName now specifies all cipher suites instead of the
preferred cipher. This allows insecure ciphers like RC4 to
be permanently disabled, instead of being the default fallback
when the preferred cipher is unsupported.

CipherName is now left for OpenSSL to verify. Should it be
invalid, a secure default is used. The default CipherName setting
for new servers is one such invalid string: "~DEFAULT~". This
allows for future updates to change the default and the servers
can stay secure.

* Remove unused temporary variable.
2018-02-08 00:13:41 +01:00
Moataz Elmasry
8cafa07d9c Set an initialization value in Network.c to be conform with PR #275 2018-02-01 00:10:04 +01:00
Moataz Elmasry
a5fa265811
Merge pull request #275 from chipitsine/master
cppcheck findings
2018-02-01 00:06:08 +01:00
Moataz Elmasry
9d6c1ea0e9 Add missing function definition 2018-01-25 02:58:18 +01:00
Moataz Elmasry
93d9ade990 Merge PR #129 into master. 2018-01-25 02:55:11 +01:00
Daiyuu Nobori
7de986dcca 7 missing memory boundaries checks and similar memory problems. There are no risk of arbitrary code execution or intrusion on these bugs in my analysis. However, these problems may lead to crash the running server process. So these bugs must be fixed.
Buffer overread in ParseL2TPPacket()
Memory corruption in IcmpParseResult
Missing bounds check in ParseUDP() can lead to invalid memory access
Out-of-bounds read in IPsec_PPP.c (unterminated string buffer)
Overlapping parameters to memcpy() via StrToIp6()
PACK ReadValue() crash vulnerability
Potential use of uninitialized memory via IPToInAddr6()

4 memory leaks. While the amount of leakage is very small per time, these bugs can finally cause process crash by out of memory. So these bugs must be fixed.

Memory leak in NnReadDnsRecord
Memory leak in RadiusLogin()
Memory leak via ParsePacketIPv4WithDummyMacHeader
Remote memory leak in OpenVPN server code

1 coding improvement. This is not a bug, however, I fixed the code to avoid furture misunderstanding.

RecvAll can return success on failure (leading to use of uninitialized memory)

Contributors for this bugfix:

- Max Planck Institute for Molecular Genetics
- Guido Vranken
2018-01-15 10:25:10 +09:00
macvk
ab4b27ab3c Add parameter "ListenIP" to server configuration (vpn_server.config) (#202)
* Added parameter "ListenIP" to server configuration (vpn_server.config)

* Fixed bug in VPN client
2018-01-11 23:53:38 +01:00
Daiyuu Nobori
9f9dc459a7 Preparing the development branch 2017-10-19 15:00:41 +09:00
dnobori
faee11ff09 v4.23-9647-beta 2017-10-18 18:24:21 +09:00
Quantum
0746be43a2 OpenSSL 1.1 Port.
Some potential problems with Ssl_Init_Async_SendAlert.
2017-07-29 22:31:25 -04:00
Ilya Shipitsin
39cf3a77cc fix "Function call argument is an uninitialized value" found by clang static analyzer 2016-11-28 19:28:41 +05:00
Ilya Shipitsin
334765ffd7 resolved several cppcheck findings:
[src/Cedar/Admin.c:418]: (error) Possible null pointer dereference: cedar
[src/Cedar/Admin.c:616]: (error) Possible null pointer dereference: cedar
[src/Cedar/WebUI.c:369]: (error) Uninitialized variable: retcode
[src/Mayaqua/Encrypt.c:4485]: (error) Uninitialized variable: key
[src/Mayaqua/Network.c:13548]: (error) Uninitialized variable: e
2016-11-28 17:27:29 +05:00
dnobori
4df2eb4f9c v4.22-9634-beta 2016-11-27 17:43:14 +09:00
Daiyuu Nobori
697bff4023 Merge pull request #165 from micsell/cpupatch
Fixed OSX CPU utilization by replacing broken kevent() with select()
2016-11-27 17:54:57 +09:00
Daiyuu Nobori
034a213c2c Merge pull request #204 from LegDog/master
Adding Radius AVP Called-Station-Id
2016-11-27 17:53:45 +09:00
Daiyuu Nobori
712adc6d74 resolved the conflict 2016-11-27 17:48:18 +09:00
Luiz Eduardo Gava
ced0856ab1 HTTPS /wiki redir to 443 (test) 2016-11-08 14:44:35 -02:00
dnobori
1e17c9bcfd v4.21-9613-beta 2016-04-24 23:49:31 +09:00
dnobori
17e624ac26 v4.19-9605-beta 2016-03-06 23:16:01 +09:00
Raymond Tau
04b72873c7 Fix the problem of the DisableSslVersions patch. 2015-11-23 16:15:10 +08:00
Raymond Tau
8b1b67faed Introduce DisableSslVersions.
The SSL Versions specified will be disabled on server context.
2015-11-10 00:55:24 +08:00
dnobori
4e862a7e40 v4.19-9582-beta 2015-10-06 20:18:00 +09:00
dnobori
860f743dd7 v4.17-9566-beta 2015-07-17 00:31:57 +09:00
Mike Selivanov
29d330522d Fixed OSX CPU utilization by replacing broken kevent() with select() 2015-07-09 01:11:40 +03:00
dnobori
3305046721 v4.13-9525-beta 2015-02-02 12:33:23 +09:00
dnobori
ef4c0d5866 v4.13-9524-beta 2015-01-31 03:28:09 +09:00
dnobori
06a72040a3 v4.13-9522-beta 2015-01-30 22:30:34 +09:00
NV
ad58da4179 Add DhParamBits configuration to set Diffie-Hellman parameters 2015-01-27 03:32:29 +09:00
dnobori
75f9836ce5 v4.12-9514-beta 2014-11-18 12:05:48 +09:00
dnobori
2b3a4d0b75 v4.11-9506-beta 2014-10-23 01:00:30 +09:00
dnobori
10d4b2c43d v4.10-9505-beta 2014-10-04 00:09:23 +09:00
dnobori
9f7d8578a7 v4.10-9472-beta 2014-07-12 02:06:20 +09:00
dnobori
ea38eef377 v4.08-9449-rtm 2014-06-08 16:40:44 +09:00
dnobori
719ee999d6 v4.07-9448-rtm 2014-06-06 06:53:20 +09:00
dnobori
a3a4ad0b0a v4.06-9436-beta 2014-04-09 09:35:00 +09:00
dnobori
cf2a6a42bc v4.06-9430-beta 2014-03-20 05:45:05 +09:00
nattoheaven
4c48388b12 Several Tunings for OS X 2014-03-12 08:06:21 +09:00
dnobori
e8ce5fa014 v4.05-9422-beta 2014-02-17 03:16:50 +09:00
dnobori
001fd910fe v4.04-9412-rtm 2014-01-15 18:01:42 +09:00
dnobori
749497dde0 v4.03-9408-rtm 2014-01-04 22:00:08 +09:00