Skip to content

HTTPS clone URL

Subversion checkout URL

You can clone with HTTPS or Subversion.

Download ZIP
Newer
Older
100644 330 lines (244 sloc) 12.113 kb
7bd0da2 @mrash minor spelling typo fixes
authored
1 commit c560dc503a27d88e700ebb57be45da14c6b92fc6 (HEAD, refs/heads/master)
2 Author: Michael Rash <mbr@cipherdyne.org>
3 Date: Tue Sep 4 21:47:30 2012 -0400
4
5 minor spelling typo fixes
6
7 ChangeLog | 8 ++++----
8 1 file changed, 4 insertions(+), 4 deletions(-)
9
10 commit 25edd17aca0450844f89971ef1bcd3bb7aa231bc
11 Author: Michael Rash <mbr@cipherdyne.org>
12 Date: Tue Sep 4 21:14:49 2012 -0400
13
14 diff update for fwknop-2.0.3 release
15
16 ChangeLog.git | 607 ++++++++++++++++++++-------------------------------------
17 1 file changed, 216 insertions(+), 391 deletions(-)
18
19 commit 40ac28df21fab384f1389607eed78f6d35159206
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
20 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
21 Date: Mon Sep 3 22:23:48 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
22
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
23 bump version to 2.0.3
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
24
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
25 ChangeLog | 6 +++---
26 VERSION | 2 +-
27 android/project/jni/config.h | 6 +++---
28 configure.ac | 2 +-
29 fwknop.spec | 2 +-
30 iphone/Classes/config.h | 6 +++---
31 lib/fko.h | 2 +-
32 todo.org | 3 +++
33 8 files changed, 16 insertions(+), 13 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
34
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
35 commit 8d26cc90ee76ba95d58ee18d90431a9883a2a89a
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
36 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
37 Date: Mon Sep 3 22:18:59 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
38
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
39 include file compilation fix for OpenBSD relative to inet_aton() IP verification
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
40
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
41 lib/fko_message.c | 2 +-
42 lib/fko_message.h | 9 +++++++--
43 2 files changed, 8 insertions(+), 3 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
44
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
45 commit b05d229bb15cb77a17a28a146b8b0dc61afa4aa9
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
46 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
47 Date: Mon Sep 3 09:09:35 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
48
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
49 sprintf() -> snprintf() calls
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
50
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
51 lib/fko_encryption.c | 6 ++++--
52 1 file changed, 4 insertions(+), 2 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
53
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
54 commit e2c0ac4821773eb335e36ad6cd35830b8d97c75a (refs/remotes/origin/master)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
55 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
56 Date: Mon Sep 3 00:21:46 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
57
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
58 [server] Strong access.conf validation
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
59
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
60 Fernando Arnaboldi from IOActive found several conditions in
61 which the server did not properly throw out maliciously constructed
62 variables in the access.conf file. This has been fixed along with new
63 fuzzing tests in the test suite.
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
64
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
65 CREDITS | 6 ++
66 ChangeLog | 4 ++
67 Makefile.am | 3 +
68 server/access.c | 114 +++++++++++++++++++++++++-------------
69 test/conf/open_ports_access.conf | 4 +-
70 test/test-fwknop.pl | 42 ++++++++++++++
71 6 files changed, 133 insertions(+), 40 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
72
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
73 commit 263fa01f2af1d336961df320f1c7a9ea84ddac9a
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
74 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
75 Date: Mon Sep 3 00:21:32 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
76
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
77 added inet_aton() call for IP strong IP validation (credit: Fernando Arnaboldi)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
78
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
79 lib/fko_message.c | 29 +++++++++++++++++++++-----
80 lib/fko_message.h | 5 +++++
81 test/conf/fuzzing_open_ports_access.conf | 4 ++++
82 test/conf/fuzzing_restrict_ports_access.conf | 5 +++++
83 test/conf/fuzzing_source_access.conf | 4 ++++
84 5 files changed, 42 insertions(+), 5 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
85
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
86 commit ffe4d3b162bbfea143704461aab4244cc4acdfcf
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
87 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
88 Date: Sun Sep 2 15:53:54 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
89
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
90 minor spacing update to make merges into hmac_master easier
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
91
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
92 test/test-fwknop.pl | 56 +++++++++++++++++++++++++--------------------------
93 1 file changed, 28 insertions(+), 28 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
94
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
95 commit 86b403dadb90c30deb51b3530e8ebbb791531615
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
96 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
97 Date: Sat Sep 1 23:37:03 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
98
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
99 fixed potential buffer overflow discovered by Fernando Arnaboldi of IOActive
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
100
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
101 server/access.c | 12 ++++++++++++
102 1 file changed, 12 insertions(+)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
103
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
104 commit e3a78a175c664ee51de1fb8086deb96a1d017ac3
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
105 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
106 Date: Sat Sep 1 21:55:52 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
107
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
108 verify_file_perms_ownership() to just return if the file doesn't exist
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
109
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
110 client/config_init.c | 2 +-
111 client/fwknop.c | 4 ++--
112 client/utils.c | 23 ++++++++++++++++-------
113 server/fwknopd.c | 3 ++-
114 server/utils.c | 25 +++++++++++++++++--------
115 5 files changed, 38 insertions(+), 19 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
116
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
117 commit 1548cbafc886af802b639913bb10e6a746222478
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
118 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
119 Date: Fri Aug 31 23:05:05 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
120
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
121 get MAX_PORT_STR_LEN constant from fko_message.h
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
122
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
123 client/spa_comm.c | 4 ++--
124 client/utils.c | 1 +
125 common/common.h | 2 --
126 lib/fko.h | 1 +
127 4 files changed, 4 insertions(+), 4 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
128
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
129 commit dafcfbc488f1e713ef6cfa9e86571a2b14e649d8
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
130 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
131 Date: Fri Aug 31 23:00:45 2012 -0400
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
132
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
133 bug fix to make sure to verify file permissions/ownership on files that actually exist
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
134
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
135 client/fwknop.c | 6 ++----
136 1 file changed, 2 insertions(+), 4 deletions(-)
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
137
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
138 commit b567514a6c722886fef5044a44abfc1514eff032
6de386b @mrash updated ChangeLog.git file for the fwknop-2.0.2 release
authored
139 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
140 Date: Fri Aug 31 22:59:44 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
141
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
142 Added fko_context.h file to lib/Makefile.am
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
143
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
144 lib/Makefile.am | 3 ++-
145 1 file changed, 2 insertions(+), 1 deletion(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
146
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
147 commit d7393318189ace0a154823b359eb746aa0b36d94
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
148 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
149 Date: Thu Aug 30 23:38:54 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
150
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
151 implemented a couple of minor stronger bounds checks
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
152
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
153 client/config_init.c | 5 +++++
154 client/http_resolve_host.c | 6 +++---
155 client/spa_comm.c | 2 +-
156 3 files changed, 9 insertions(+), 4 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
157
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
158 commit 2584521c67952855ba20c7c61b701a34ba57615c
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
159 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
160 Date: Thu Aug 30 21:43:53 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
161
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
162 Run verify_file_perms_ownership() on fwknop.pid only if it exists
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
163
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
164 Two bugs are fixed with this commit: verify permissions/ownership on the
165 fwknop.pid file only if it exists, and ensure to ru-run stat() on any directory
166 component if we're creating a directory.
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
167
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
168 server/fwknopd.c | 20 ++++++++++++++++----
169 1 file changed, 16 insertions(+), 4 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
170
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
171 commit 406e33ccc0836796a53c88f7fe118d292adf0a25
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
172 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
173 Date: Thu Aug 30 21:43:07 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
174
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
175 minor comment update
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
176
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
177 server/utils.c | 4 ++--
178 1 file changed, 2 insertions(+), 2 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
179
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
180 commit 4832312e6de8401ac6fdbe63014ef7f186cf33cb
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
181 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
182 Date: Wed Aug 29 23:12:56 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
183
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
184 added filesystem permissions test
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
185
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
186 test/test-fwknop.pl | 41 +++++++++++++++++++++++++++++++++++++++--
187 1 file changed, 39 insertions(+), 2 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
188
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
189 commit a60f05ad44e824f6230b22f8976399340cb535dc
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
190 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
191 Date: Wed Aug 29 22:21:43 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
192
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
193 file permissions and client buffer overflow fix
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
194
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
195 - [client+server] Fernando Arnaboldi from IOActive found that strict
196 filesystem permissions for various fwknop files are not verified. Added
197 warnings whenever permissions are not strict enough, and ensured that
198 files created by the fwknop client and server are only set to user
199 read/write.
200 - [client] Fernando Arnaboldi from IOActive found a local buffer overflow
201 in --last processing with a maliciously constructed ~/.fwknop.run file.
202 This has been fixed with proper validation of .fwknop.run arguments.
203
204 ChangeLog | 8 ++++++
205 client/config_init.c | 15 ++++++++---
206 client/fwknop.c | 19 ++++++++++---
207 client/utils.c | 66 +++++++++++++++++++++++++++++++++++++++++++--
208 client/utils.h | 13 +++++++++
209 configure.ac | 2 +-
210 server/access.c | 2 ++
211 server/config_init.c | 2 ++
212 server/fwknopd.c | 2 ++
213 server/replay_cache.c | 6 ++++-
214 server/utils.c | 72 +++++++++++++++++++++++++++++++++++++++++++++++--
215 server/utils.h | 2 ++
216 test/test-fwknop.pl | 21 ++++++++++++++-
217 13 files changed, 217 insertions(+), 13 deletions(-)
218
219 commit 186a424353a2e795e69f399f079a901e7dc8f24b
220 Author: Michael Rash <mbr@cipherdyne.org>
221 Date: Tue Aug 28 21:28:57 2012 -0400
222
223 Added Ctrl-C and --disable-gpg notes
224
225 todo.org | 7 +++++++
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
226 1 file changed, 7 insertions(+)
227
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
228 commit 098ae417fe91aefe501e9268aacd228374d0906d
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
229 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
230 Date: Mon Aug 27 22:30:27 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
231
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
232 migrated TODO tasks to the todo.org file
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
233
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
234 TODO | 41 -----------------------------------------
235 todo.org | 10 ++++++++++
236 2 files changed, 10 insertions(+), 41 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
237
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
238 commit 89dfa2c1fb06776646f99f722f21d47620f66695
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
239 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
240 Date: Mon Aug 27 21:20:02 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
241
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
242 minor ChangeLog update for the RPM build change
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
243
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
244 ChangeLog | 2 ++
245 1 file changed, 2 insertions(+)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
246
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
247 commit c5b229c5c87657197b0c814ff22127d870b55753
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
248 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
249 Date: Mon Aug 27 21:16:59 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
250
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
251 Added $DESTDIR prefix in uninstall-local and install-exec-hook to fix RPM builds
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
252
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
253 Makefile.am | 43 +++++++++++++++++++++----------------------
254 1 file changed, 21 insertions(+), 22 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
255
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
256 commit e8386dbe6c959365da5c08396e09c27901faed56
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
257 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
258 Date: Sun Aug 26 15:47:24 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
259
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
260 added encryption mode flags for each access stanza
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
261
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
262 server/access.c | 17 ++++++++++++-----
263 server/fwknopd_common.h | 3 +++
264 server/incoming_spa.c | 18 +++++-------------
265 3 files changed, 20 insertions(+), 18 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
266
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
267 commit 557cd6615b9cab21a9208390f5af070c66fd257d
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
268 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
269 Date: Sun Aug 26 15:46:54 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
270
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
271 consolidatd fuzzing functions within a single 'fuzzer' function
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
272
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
273 test/test-fwknop.pl | 449 +++++++++++++++++++--------------------------------
274 1 file changed, 164 insertions(+), 285 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
275
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
276 commit f4c16bc47fc24a96b63105556b62d61c1ba7d799
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
277 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
278 Date: Sat Aug 25 23:08:55 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
279
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
280 [server] Stronger IP validation based on a bug found by Fernando Arnaboldi from IOActive
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
281
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
282 This commit fixes a condition in which the server did not properly validate
283 allow IP addresses from malicious authenticated clients. This has been fixed
284 with stronger allow IP validation.
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
285
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
286 CREDITS | 2 ++
287 ChangeLog | 4 +++
288 lib/fko_message.c | 16 +++++++++---
289 test/test-fwknop.pl | 67 +++++++++++++++++++++++++++++++++++++++++++++++++++
290 4 files changed, 85 insertions(+), 4 deletions(-)
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
291
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
292 commit d46ba1c027a11e45821ba897a4928819bccc8f22
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
293 Author: Michael Rash <mbr@cipherdyne.org>
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
294 Date: Fri Aug 24 22:12:19 2012 -0400
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
295
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
296 (Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients
863838d @mrash [server] Preserve any existing config files in /etc/fwknop/
authored
297
25edd17 @mrash diff update for fwknop-2.0.3 release
authored
298 - [server] Fernando Arnaboldi from IOActive found several DoS/code
299 execution vulnerabilities for malicious fwknop clients that manage to
300 get past the authentication stage (so a such a client must be in
301 possession of a valid access.conf encryption key). These vulnerbilities
302 manifested themselves in the handling of malformed access requests, and
303 both the fwknopd server code along with libfko now perform stronger input
304 validation of access request data. These vulnerabilities affect
305 pre-2.0.3 fwknop releases.
306 - [test suite] Added a new fuzzing capability to ensure proper server-side
307 input validation. Fuzzing data is constructed with modified fwknop
308 client code that is designed to emulate malicious behavior.
309
310 CREDITS | 5 +
311 ChangeLog | 13 ++
312 Makefile.am | 1 +
313 lib/fko_message.c | 23 +-
314 lib/fko_message.h | 3 +
315 server/access.c | 89 ++++++--
316 server/access.h | 4 +-
317 server/fw_util_iptables.c | 3 +-
318 test/conf/disable_aging_fwknopd.conf | 5 +
319 test/test-fwknop.pl | 413 +++++++++++++++++++++++++++++++++-
320 10 files changed, 531 insertions(+), 28 deletions(-)
321
322 commit b0bf7f369918989bae364730c8952258aac693c6
323 Author: Michael Rash <mbr@cipherdyne.org>
324 Date: Sat Aug 18 16:30:34 2012 -0400
325
326 minor paren's syntax bug fix
327
328 server/incoming_spa.c | 2 ++
329 1 file changed, 2 insertions(+)
Something went wrong with that request. Please try again.