mirror of
https://github.com/SoftEtherVPN/SoftEtherVPN.git
synced 2026-05-02 11:49:33 +03:00
Compare commits
7 Commits
a0cbe2daf6
...
master
| Author | SHA1 | Date | |
|---|---|---|---|
 Ilya Shipitsin
|
41c85953c1 | ||
 Koichiro Iwao
|
d77c258dac | ||
|
Koichiro Iwao
|
7bb2a6753a | ||
|
Ilya Shipitsin
|
cf559617b1 | ||
 Evengard
|
11fa0a4891 | ||
|
Ilya Shipitsin
|
193ebdba12 | ||
 dependabot[bot]
|
617d668651 |
-25
@@ -1,25 +0,0 @@
|
||||
FreeBSD_task:
|
||||
matrix:
|
||||
env:
|
||||
SSL: openssl
|
||||
OPENSSL_ROOT_DIR: /usr/local
|
||||
env:
|
||||
SSL: openssl36
|
||||
OPENSSL_ROOT_DIR: /usr/local
|
||||
env:
|
||||
# base openssl
|
||||
SSL:
|
||||
matrix:
|
||||
freebsd_instance:
|
||||
image_family: freebsd-14-3
|
||||
prepare_script:
|
||||
- pkg install -y pkgconf cmake git libsodium cpu_features $SSL
|
||||
- git submodule update --init --recursive
|
||||
configure_script:
|
||||
- CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
|
||||
build_script:
|
||||
- make -j $(sysctl -n hw.ncpu || echo 4) -C build
|
||||
test_script:
|
||||
- ldd build/vpnserver
|
||||
- .ci/memory-leak-test.sh
|
||||
- .ci/vpntools-check.sh
|
||||
@@ -0,0 +1,39 @@
|
||||
name: FreeBSD
|
||||
|
||||
on: [push, pull_request]
|
||||
|
||||
permissions:
|
||||
contents: read
|
||||
|
||||
jobs:
|
||||
build_and_test:
|
||||
runs-on: ubuntu-latest
|
||||
strategy:
|
||||
fail-fast: false
|
||||
matrix:
|
||||
include:
|
||||
- ssl: openssl # currently 3.0
|
||||
openssl_root_dir: /usr/local
|
||||
- ssl: openssl36
|
||||
openssl_root_dir: /usr/local
|
||||
- ssl: # base openssl
|
||||
openssl_root_dir:
|
||||
name: FreeBSD with ${{ matrix.ssl || 'base openssl' }}
|
||||
env:
|
||||
SSL: ${{ matrix.ssl }}
|
||||
OPENSSL_ROOT_DIR: ${{ matrix.openssl_root_dir }}
|
||||
steps:
|
||||
- uses: actions/checkout@v6
|
||||
with:
|
||||
submodules: true
|
||||
- uses: vmactions/freebsd-vm@v1
|
||||
with:
|
||||
envs: 'OPENSSL_ROOT_DIR SSL'
|
||||
prepare: |
|
||||
pkg install -y $SSL pkgconf cmake git libsodium cpu_features
|
||||
run: |
|
||||
CMAKE_FLAGS="-DUSE_SYSTEM_CPU_FEATURES=1" CFLAGS="-I/usr/local/include/cpu_features" ./configure
|
||||
make -j $(nproc || echo 4) -C build
|
||||
ldd build/vpnserver
|
||||
.ci/memory-leak-test.sh
|
||||
.ci/vpntools-check.sh
|
||||
@@ -3615,6 +3615,8 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
|
||||
dataBuffer = eap_packet->Tls.TlsDataWithLength.Data;
|
||||
dataSize -= 4;
|
||||
tlsLength = Endian32(eap_packet->Tls.TlsDataWithLength.TlsLength);
|
||||
// Let's just clamp it to a safe size to avoid DoS (GHSA-q5g3-qhc6-pr3h)
|
||||
tlsLength = MIN(tlsLength, PPP_MRU_MAX * 10);
|
||||
}
|
||||
/*Debug("=======RECV EAP-TLS PACKET DUMP=======\n");
|
||||
for (i = 0; i < dataSize; i++)
|
||||
@@ -3659,10 +3661,13 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
|
||||
sizeLeft = GetMemSize(p->Eap_TlsCtx.CachedBufferRecv);
|
||||
sizeLeft -= (UINT)(p->Eap_TlsCtx.CachedBufferRecvPntr - p->Eap_TlsCtx.CachedBufferRecv);
|
||||
|
||||
if (sizeLeft > 0)
|
||||
{
|
||||
Copy(p->Eap_TlsCtx.CachedBufferRecvPntr, dataBuffer, MIN(sizeLeft, dataSize));
|
||||
|
||||
p->Eap_TlsCtx.CachedBufferRecvPntr += MIN(sizeLeft, dataSize);
|
||||
}
|
||||
}
|
||||
|
||||
// If we got a cached buffer, we should feed the FIFOs via it
|
||||
if (p->Eap_TlsCtx.CachedBufferRecv != NULL)
|
||||
@@ -3783,6 +3788,8 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
|
||||
}
|
||||
AcUnlock(hub);
|
||||
ReleaseHub(hub);
|
||||
// Making sure the stale pntr is cleared and can't be reused (GHSA-7437-282p-7465)
|
||||
hub = NULL;
|
||||
}
|
||||
|
||||
if (found == false)
|
||||
@@ -3790,8 +3797,6 @@ bool PPPProcessEAPTlsResponse(PPP_SESSION *p, PPP_EAP *eap_packet, UINT eapSize)
|
||||
PPP_PACKET* pack;
|
||||
UINT identificator = p->Eap_PacketId;
|
||||
|
||||
ReleaseHub(hub);
|
||||
|
||||
PPPSetStatus(p, PPP_STATUS_AUTH_FAIL);
|
||||
|
||||
pack = ZeroMalloc(sizeof(PPP_PACKET));
|
||||
|
||||
+3
-45
@@ -1359,16 +1359,6 @@
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/randombytes": {
|
||||
"version": "2.1.0",
|
||||
"resolved": "https://registry.npmjs.org/randombytes/-/randombytes-2.1.0.tgz",
|
||||
"integrity": "sha512-vYl3iOX+4CKUWuxGi9Ukhie6fsqXqS9FE2Zaic4tNFD2N2QQaXOMFbuKK4QmDHC0JO6B1Zp41J0LpT0oR68amQ==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"safe-buffer": "^5.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/rechoir": {
|
||||
"version": "0.8.0",
|
||||
"resolved": "https://registry.npmjs.org/rechoir/-/rechoir-0.8.0.tgz",
|
||||
@@ -1438,27 +1428,6 @@
|
||||
"node": ">=8"
|
||||
}
|
||||
},
|
||||
"node_modules/safe-buffer": {
|
||||
"version": "5.2.1",
|
||||
"resolved": "https://registry.npmjs.org/safe-buffer/-/safe-buffer-5.2.1.tgz",
|
||||
"integrity": "sha512-rp3So07KcdmmKbGvgaNxQSJr7bGVSVk5S9Eq1F+ppbRo70+YeaDxkw5Dd8NPN+GD6bjnYm2VuPuCXmpuYvmCXQ==",
|
||||
"dev": true,
|
||||
"funding": [
|
||||
{
|
||||
"type": "github",
|
||||
"url": "https://github.com/sponsors/feross"
|
||||
},
|
||||
{
|
||||
"type": "patreon",
|
||||
"url": "https://www.patreon.com/feross"
|
||||
},
|
||||
{
|
||||
"type": "consulting",
|
||||
"url": "https://feross.org/support"
|
||||
}
|
||||
],
|
||||
"license": "MIT"
|
||||
},
|
||||
"node_modules/schema-utils": {
|
||||
"version": "4.3.3",
|
||||
"resolved": "https://registry.npmjs.org/schema-utils/-/schema-utils-4.3.3.tgz",
|
||||
@@ -1488,16 +1457,6 @@
|
||||
"semver": "bin/semver"
|
||||
}
|
||||
},
|
||||
"node_modules/serialize-javascript": {
|
||||
"version": "6.0.2",
|
||||
"resolved": "https://registry.npmjs.org/serialize-javascript/-/serialize-javascript-6.0.2.tgz",
|
||||
"integrity": "sha512-Saa1xPByTTq2gdeFZYLLo+RFE35NHZkAbqZeWNd3BpzppeVisAqpDjcp8dyf6uIvEqJRd46jemmyA4iFIeVk8g==",
|
||||
"dev": true,
|
||||
"license": "BSD-3-Clause",
|
||||
"dependencies": {
|
||||
"randombytes": "^2.1.0"
|
||||
}
|
||||
},
|
||||
"node_modules/shallow-clone": {
|
||||
"version": "3.0.1",
|
||||
"resolved": "https://registry.npmjs.org/shallow-clone/-/shallow-clone-3.0.1.tgz",
|
||||
@@ -1616,16 +1575,15 @@
|
||||
}
|
||||
},
|
||||
"node_modules/terser-webpack-plugin": {
|
||||
"version": "5.3.16",
|
||||
"resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.3.16.tgz",
|
||||
"integrity": "sha512-h9oBFCWrq78NyWWVcSwZarJkZ01c2AyGrzs1crmHZO3QUg9D61Wu4NPjBy69n7JqylFF5y+CsUZYmYEIZ3mR+Q==",
|
||||
"version": "5.4.0",
|
||||
"resolved": "https://registry.npmjs.org/terser-webpack-plugin/-/terser-webpack-plugin-5.4.0.tgz",
|
||||
"integrity": "sha512-Bn5vxm48flOIfkdl5CaD2+1CiUVbonWQ3KQPyP7/EuIl9Gbzq/gQFOzaMFUEgVjB1396tcK0SG8XcNJ/2kDH8g==",
|
||||
"dev": true,
|
||||
"license": "MIT",
|
||||
"dependencies": {
|
||||
"@jridgewell/trace-mapping": "^0.3.25",
|
||||
"jest-worker": "^27.4.5",
|
||||
"schema-utils": "^4.3.0",
|
||||
"serialize-javascript": "^6.0.2",
|
||||
"terser": "^5.31.1"
|
||||
},
|
||||
"engines": {
|
||||
|
||||
Reference in New Issue
Block a user