Skip to content
This repository

Jul 24, 2012

  1. Michael Rash

    add test/conf/local_nat_fwknopd.conf for 'make dist'

    authored
  2. Michael Rash

    bumped version to fwknop-2.0.1-pre5

    authored
  3. Michael Rash

    [client] fix memory leak when unable to open --get-key file

    authored
  4. Michael Rash

    PCAP_LOOP_SLEEP bug fix to 1/10th of a second

    [server] Updated PCAP_LOOP_SLEEP default to 1/10th of a second (in
    microseconds).  This was supposed to be the default anyway, but C
    Anthony Risinger reported a bug where fwknopd was consuming more
    resources than necessary, and the cause was PCAP_LOOP_SLEEP set by
    default to 1/100th of a second - this has been fixed.
    authored

Jul 23, 2012

  1. Michael Rash

    replace strlen() calls with strnlen() and appropriate maximums

    authored
  2. Michael Rash

    use LOGNAME env var before cuserid() since we're already looking for …

    …SPOOF_USER
    authored
  3. Michael Rash

    [client] Fixed several minor memory leaks caught by valgrind

    This commit fixes memory leaks like the following in the fwknop client:
    
    HEAP SUMMARY:
        in use at exit: 300 bytes in 11 blocks
      total heap usage: 100 allocs, 89 frees, 16,583 bytes allocated
    
    16 bytes in 1 blocks are indirectly lost in loss record 1 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D63E: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    
    16 bytes in 1 blocks are indirectly lost in loss record 2 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D658: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    
    16 bytes in 1 blocks are indirectly lost in loss record 3 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D672: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    
    16 bytes in 1 blocks are indirectly lost in loss record 4 of 11
       at 0x4C2B6CD: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
       by 0x5146C59: __nss_lookup_function (nsswitch.c:456)
       by 0x5C3D68C: ???
       by 0x50FF3FC: getpwuid_r@@GLIBC_2.2.5 (getXXbyYY_r.c:256)
       by 0x508938E: cuserid (cuserid.c:37)
       by 0x4E3983A: fko_set_username (fko_user.c:65)
       by 0x4E38D5C: fko_new (fko_funcs.c:84)
       by 0x10A824: main (fwknop.c:75)
    authored

Jul 21, 2012

  1. Michael Rash

    Better SPA message validation upon SPA decrypt/decode.

    Added SPA message validation calls to fko decoding routines to help
    ensure that SPA messages conform to expected values.
    authored
  2. Michael Rash

    [test suite] minor filename update -> use config files for fwknopd in…

    … a hash
    authored

Jul 20, 2012

  1. Michael Rash

    Implemented server-side bounds checking on inccoming SPA data.

    Enhanced the libfko decoding routine to include bounds checking on decrypted
    SPA data.  This includes verifying the number of fields within incoming SPA
    data (colon separated) along with verifying string lengths of each field.
    authored

Jul 19, 2012

  1. Michael Rash

    added some integer bounds checking for fwknopd.conf variables

    authored
  2. Michael Rash

    minor update to print FORCE_NAT settings when access stanzas are printed

    authored
  3. Michael Rash

    minor pcap_capture update to not call atoi() against PCAP_LOOP_SLEEP …

    …for every sleep interval
    authored
  4. Michael Rash

    [test suite] minor hostname bugfix to get 'local NAT' test to work

    authored
  5. Michael Rash

    [test suite] better fwknopd is running check

    authored

Jul 18, 2012

  1. Michael Rash

    Merge branch 'master' of github.com:mrash/fwknop

    authored
  2. Michael Rash

    [test suite] file_find_regex() postive vs. negative match styles

    Positive match style requires all regex's to be found, whereas negative match
    style only requires seeing one regex.
    authored
  3. Michael Rash

    Ensure that INPUT rules are added in --nat-local mode

    This change ensures that INPUT rules are added when the fwknop client is used to
    request access to a local service with --nat-local mode.
    authored

Jul 17, 2012

  1. Michael Rash

    minor file_find_regex() logging prefix update

    authored
  2. Michael Rash

    [test suite] added local_nat_fwknopd.conf file for local NAT tests

    authored

Jul 16, 2012

  1. Michael Rash

    Add INPUT ACCEPT rule for --nat-local connections

    When using the --nat-local argument on the fwknop client command line, the
    fwknopd server needs to add an INPUT ACCEPT rule for the requested access
    since the incoming connection is destined for a local socket.  Added test
    suite support to test --nat-local access.
    
    [test suite] Minor bug fix to ensure that all file_find_regex() calls return
    true if all regex's are matched and false if any regex does not match data in
    the specified file.
    authored

Jul 15, 2012

  1. Damien Stuart

    Forgot to update the VERSION file.

    damienstuart authored
  2. Damien Stuart

    Bumped version to 2.0.1-pre4

    damienstuart authored

Jul 14, 2012

  1. Damien Stuart

    Added tweaks to ipfw command for Mac OS X

    damienstuart authored
  2. Damien Stuart

    Merge branch 'master' of ssh://github.com/mrash/fwknop

    damienstuart authored
  3. Damien Stuart

    Added gpg validity check. Tweak to rpm spec file.

    damienstuart authored

Jul 13, 2012

  1. Michael Rash

    bumped version to fwknop-2.0.1-pre3

    authored
  2. Michael Rash

    added libfko.dylib test suite fix note to the ChangeLog

    authored
  3. Michael Rash

    [test suite] Bug fix to account for libfko.dylib extension

    Richard Haas reported the test suite failing on Mac OS X systems with the
    existence check for the libfko library.  Damien Stuart advised that the library
    has a different extention '.dylib' on Mac OS X, so this change accounts for the
    difference.
    authored

Jul 10, 2012

  1. Michael Rash

    bumped version to 2.0.1-pre2

    authored
  2. Michael Rash

    added valgrind parsing note

    authored
  3. Michael Rash

    [test suite] minor directory path bug fix for --diff mode

    authored
  4. Michael Rash

    switched back to older ChangeLog format which is more readable

    authored

Jul 09, 2012

  1. Michael Rash

    bumped version to 2.0.1-pre1

    authored
  2. Michael Rash

    added dual_key_usage_access.conf to Makefile.am for 'make dist' target

    authored
Something went wrong with that request. Please try again.