Skip to content
100644 75 lines (61 sloc) 3.33 KB
bcba9d6 @mrash added CREDITS file, bumped software version, added ChangeLog files
authored Dec 5, 2011
1 Jonathan Bennett
2 - Contributed OpenWRT support - see the extras/openwrt/ directory.
4 Sebastien Jeanquier
5 - Assisted with getting fwknop included in BackTrack Linux - the choice
6 distro for pentation testers.
8 Ozmart
9 - Suggested the idea for setting an access stanza expiration time.
10 - Suggested the abiliy to have certain incoming connections automatically
11 NAT'd through to specific internal systems. The result was the FORCE_NAT
12 mode.
13 - Assisted with getting fwknop running under the Pentoo Linux distro.
15 Max Kastanas
16 - Contributed both an Android and an iPhone fwknop client port - see the
17 top level android/ and iphone/ directories.
5c26c0a @mrash added Ted Wynnychenko for OpenBSD PF testing
authored May 28, 2012
19 Ted Wynnychenko
20 - Helped test fwknop PF support on OpenBSD.
ba3b7d1 @mrash Bug fix for multi-stanza key use and replay attack detection
authored Jul 7, 2012
22 Andy Rowland
23 - Reported a bug where the same encryption key used for two stanzas in the
24 access.conf file would result in access requests that matched the second
25 stanza to always be treated as a replay attack. This has been fixed for
26 the fwknop-2.0.1 release.
5387242 @mrash PCAP_LOOP_SLEEP bug fix to 1/10th of a second
authored Jul 23, 2012
28 C Anthony Risinger
29 - Caught a bug where the default PCAP_LOOP_SLEEP value was 1/100th of a
30 second instead of the intended default of 1/10th of a second.
3c533de @mrash updated Debian init script (contributed by Franck Joncourt)
authored Jul 23, 2012
32 Franck Joncourt
33 - fwknop Debian package maintainer.
34 - Contributed a new Debian init script.
7061b7b @mrash added Jonathan Schulz
authored Aug 1, 2012
36 Jonathan Schulz
37 - Submitted patches to change HTTP connection type to 'close' for -R mode
38 in the client and fix a bug for recv() calls against returned HTTP data.
fd30440 @mrash added Aldan Beaubien for reporting the Morpheus NULL IP problem
authored Aug 5, 2012
40 Aldan Beaubien
41 - Reported an issue with the Morpheus client sending SPA packets with NULL
42 IP addresses, and code was added to fwknopd to better validate incoming
43 SPA data as a result of this report.
fbdae50 @mrash added Geoff Carstairs for the FORCE_NAT idea
authored Aug 8, 2012
45 Geoff Carstairs
46 - Suggested a way to redirect valid connection requests to a specific
47 internal service via NAT, configurable by each stanza in access.conf.
48 This allows for better access control for multple users requiring access
49 to multiple internal systems, in a manner that is transparent to the
50 user. The result was the FORCE_NAT mode.
543de16 @mrash [server] iptables 'comment' match check
authored Aug 12, 2012
52 Hank Leininger
53 - For iptables firewalls, suggested a check for the 'comment' match to
54 ensure the local environment will properly support fwknopd operations.
55 The result is the new ENABLE_IPT_COMMENT_CHECK functionality.
d46ba1c @mrash (Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execu…
authored Aug 24, 2012
57 Fernando Arnaboldi (IOActive)
58 - Found important buffer overflow conditions for authenticated SPA clients
59 in the fwknopd server (pre-2.0.3). These findings enabled fixes to be
60 developed along with a new fuzzing capability in the test suite.
f4c16bc @mrash [server] Stronger IP validation based on a bug found by Fernando Arna…
authored Aug 25, 2012
61 - Found a condition in which an overly long IP from malicious authenticated
62 clients is not properly validated by the fwknopd server (pre-2.0.3).
e2c0ac4 @mrash [server] Strong access.conf validation
authored Sep 3, 2012
63 - Found a local buffer overflow in --last processing with a maliciously
64 constructed ~/ file. This has been fixed with proper
65 validation of arguments.
66 - Found several conditions in which the server did not properly throw out
67 maliciously constructed variables in the access.conf file. This has been
68 fixed along with new fuzzing tests in the test suite.
591416e @mrash [server] bug fix in --disable-file-cache mode
authored Sep 10, 2012
70 Vlad Glagolev
71 - Submitted a patch to fix ndbm/gdbm usage when --disable-file-cache is
72 used for the autoconf configure script. This functionality was broken in
73 be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of
74 #define macros from --disable-file-cache.
Something went wrong with that request. Please try again.