AMajor/SoftEtherVPN
1
0
Fork 0
mirror of https://github.com/SoftEtherVPN/SoftEtherVPN.git synced 2026-03-11 10:49:19 +03:00
Code Releases Activity

Compare commits

base: AMajor:copilot/fix-vpn-server-access-issue
Branches Tags
AMajor:master AMajor:copilot/add-ikev2-support-ipsec-vpn AMajor:copilot/fix-vpn-server-access-issue AMajor:copilot/add-windows-arm64-docs AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658
..
compare: AMajor:1411d4ceb42e59d0f54c2d9b542d6001f4e09f46
Branches Tags
AMajor:master AMajor:copilot/add-ikev2-support-ipsec-vpn AMajor:copilot/fix-vpn-server-access-issue AMajor:copilot/add-windows-arm64-docs AMajor:copilot/fix-false-positive-detection AMajor:dependabot/npm_and_yarn/developer_tools/vpnserver-jsonrpc-clients/vpnserver-jsonrpc-client-nodejs-package/js-yaml-3.14.2
AMajor:5.2.5188 AMajor:5.02.5187 AMajor:5.02.5186 AMajor:5.02.5185 AMajor:5.02.5184 AMajor:5.02.5183 AMajor:5.02.5182 AMajor:5.02.5181 AMajor:5.02.5180 AMajor:5.02.0 AMajor:5.01.9674 AMajor:5.01.9673 AMajor:5.01.9672 AMajor:5.01.9671 AMajor:5.01.9670 AMajor:5.01.9669 AMajor:5.01.9668 AMajor:5.01.9667 AMajor:5.01.9666 AMajor:5.01.9665 AMajor:5.01.9664 AMajor:5.01.9663 AMajor:5.01.9662 AMajor:5.01.9661 AMajor:5.01.9660 AMajor:5.01.9659 AMajor:5.01.9658

4 Commits
copilot/fi ... 1411d4ceb4

Author SHA1 Message Date
Ilya Shipitsin
1411d4ceb4 Merge pull request #2217 from synqa/fix-preserve-errno 
Fix preserve errno in SIGCHLD signal handler
 2026-02-05 15:46:13 +01:00
Ilya Shipitsin
a3176175f9 Merge pull request #2216 from synqa/fix-ub-leftshift 
Fix undefined behavior of left shift
 2026-02-05 15:13:46 +01:00
synqa
88af7986b4 Fix preserve errno in SIGCHLD signal handler 
Signal handler may interrupt code that depends on errno, and waitpid()
may modify errno, therefore, errno must be saved and restored before
returning.
 2026-02-05 18:51:58 +09:00
synqa
38f102e2e7 Fix undefined behavior of left shift 
Left shifting UCHAR promotes it to a signed integer. When the
value is >= 128 and shifted by 24, the result sets the sign bit,
causing undefined behavior. Fixes it by explicit casting to UINT.
 2026-02-05 18:48:01 +09:00
5 changed files with 5 additions and 111 deletions
Expand all files Collapse all files

2
.gitignore vendored
View File

@ -210,5 +210,3 @@ developer_tools/stbchecker/**/*.binlog
developer_tools/stbchecker/**/*.nvuser
developer_tools/stbchecker/**/.mfractor/
/vcpkg_installed
_codeql_build_dir/
_codeql_detected_source_root

103
src/Cedar/Virtual.c
View File

@ -1190,67 +1190,6 @@ void NnIpSendForInternet(NATIVE_NAT *t, UCHAR ip_protocol, UCHAR ttl, UINT src_i
}
}
// Host IP address cache TTL in milliseconds (60 seconds)
#define HOST_IP_CACHE_TTL_MS 60000
// Check if destination IP is one of the host's own IP addresses
// Uses caching to avoid frequent system calls
// Returns true if dest_ip matches any of the host's IPs
bool IsDestinationHostOwnIP(VH *v, UINT dest_ip)
{
bool is_host_ip = false;
UINT64 now;
LIST *new_list = NULL;
// Validate arguments
if (v == NULL)
{
return false;
}
now = Tick64();
Lock(v->HostIPCacheLock);
{
// Check if cache needs refresh (every 60 seconds or if not initialized)
if (v->HostIPAddressCache == NULL || now >= v->HostIPCacheExpires)
{
// Get new list while holding the lock to prevent multiple threads from refreshing
new_list = GetHostIPAddressList();
// Free old cache
if (v->HostIPAddressCache != NULL)
{
FreeHostIPAddressList(v->HostIPAddressCache);
}
// Set new cache with TTL
v->HostIPAddressCache = new_list;
v->HostIPCacheExpires = now + HOST_IP_CACHE_TTL_MS;
}
// Check if dest_ip matches any cached host IP
if (v->HostIPAddressCache != NULL)
{
UINT i;
IP dest_ip_obj;
UINTToIP(&dest_ip_obj, dest_ip);
for (i = 0; i < LIST_NUM(v->HostIPAddressCache); i++)
{
IP *host_ip = LIST_DATA(v->HostIPAddressCache, i);
if (IsIP4(host_ip) && CmpIpAddr(&dest_ip_obj, host_ip) == 0)
{
is_host_ip = true;
break;
}
}
}
}
Unlock(v->HostIPCacheLock);
return is_host_ip;
}
// Communication of ICMP towards the Internet
void NnIcmpEchoRecvForInternet(VH *v, UINT src_ip, UINT dest_ip, void *data, UINT size, UCHAR ttl, void *icmp_data, UINT icmp_size, UCHAR *ip_header, UINT ip_header_size, UINT max_l3_size)
{
@ -1270,15 +1209,6 @@ void NnIcmpEchoRecvForInternet(VH *v, UINT src_ip, UINT dest_ip, void *data, UIN
return;
}
// Check if destination is the host's own IP address
// When Native NAT tries to send packets to the host's own IP, the OS routing
// may fail or behave unexpectedly. Drop such packets to avoid issues.
if (IsDestinationHostOwnIP(v, dest_ip))
{
// Destination is the host's own IP - drop the packet
return;
}
t = v->NativeNat;
old_icmp_header = (ICMP_HEADER *)icmp_data;
@ -1421,15 +1351,6 @@ void NnUdpRecvForInternet(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT
return;
}
// Check if destination is the host's own IP address
// When Native NAT tries to send packets to the host's own IP, the OS routing
// may fail or behave unexpectedly. Drop such packets to avoid issues.
if (IsDestinationHostOwnIP(v, dest_ip))
{
// Destination is the host's own IP - drop the packet
return;
}
t = v->NativeNat;
// Search whether there is an existing session
@ -1528,15 +1449,6 @@ void NnTcpRecvForInternet(VH *v, UINT src_ip, UINT src_port, UINT dest_ip, UINT
return;
}
// Check if destination is the host's own IP address
// When Native NAT tries to send packets to the host's own IP, the OS routing
// may fail or behave unexpectedly. Drop such packets to avoid issues.
if (IsDestinationHostOwnIP(v, dest_ip))
{
// Destination is the host's own IP - drop the packet
return;
}
t = v->NativeNat;
// Search whether there is an existing session
@ -10281,13 +10193,6 @@ void Virtual_Free(VH *v)
LockVirtual(v);
{
// Free host IP cache
if (v->HostIPAddressCache != NULL)
{
FreeHostIPAddressList(v->HostIPAddressCache);
v->HostIPAddressCache = NULL;
}
// Release the IP combining list
FreeIpCombineList(v);
@ -10322,9 +10227,6 @@ void Virtual_Free(VH *v)
}
UnlockVirtual(v);
// Release the host IP cache lock
DeleteLock(v->HostIPCacheLock);
// Release the logger
FreeLog(v->Logger);
}
@ -10455,11 +10357,6 @@ VH *NewVirtualHostEx(CEDAR *cedar, CLIENT_OPTION *option, CLIENT_AUTH *auth, VH_
v->nat = nat;
// Initialize host IP cache for Native NAT
v->HostIPAddressCache = NULL;
v->HostIPCacheExpires = 0;
v->HostIPCacheLock = NewLock();
// Examine whether ICMP Raw Socket can be created
s = NewUDP4(MAKE_SPECIAL_PORT(IP_PROTO_ICMPV4), NULL);
if (s != NULL)

5
src/Cedar/Virtual.h
View File

@ -313,11 +313,6 @@ struct VH
HUB_OPTION *HubOption; // Pointer to the Virtual HUB options
NATIVE_NAT *NativeNat; // Native NAT
// Host IP cache for Native NAT packet filtering
LIST *HostIPAddressCache; // Cached list of host IP addresses
UINT64 HostIPCacheExpires; // When the cache expires (tick64)
LOCK *HostIPCacheLock; // Lock for cache access
};
// Virtual host option

2
src/Mayaqua/Encrypt.c
View File

@ -4761,7 +4761,7 @@ static void MY_SHA0_Transform(MY_SHA0_CTX* ctx) {
UCHAR* p = ctx->buf;
int t;
for(t = 0; t < 16; ++t) {
UINT tmp = *p++ << 24;
UINT tmp = (UINT)*p++ << 24;
tmp |= *p++ << 16;
tmp |= *p++ << 8;
tmp |= *p++;

4
src/Mayaqua/Unix.c
View File

@ -2140,9 +2140,13 @@ void UnixMemoryFree(void *addr)
// SIGCHLD handler
void UnixSigChldHandler(int sig)
{
int old_errno = errno;
// Recall the zombie processes
while (waitpid(-1, NULL, WNOHANG) > 0);
signal(SIGCHLD, UnixSigChldHandler);
errno = old_errno;
}
// Disable core dump