Characters should be casted as unsigned before use in functions from
<ctype.h>. Otherwise the compiler treats 8-bit characters (eg UTF-8) as
negative values (since it expects signed integers) and they no longer
match the comparison tables. Worse, the character 0xff gets interpreted
as -1 (like EOF). In turn, it helps to explicitly cast the result as a
signed integer, since this is what is expected. Characters in the range
0x80-0xff do keep their original values.
See the manual page for ctype(3) for more details (eg from NetBSD)
This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'. This option is used by
the test suite with the tests/fault_injection.pl tests.
This commit updates all authorship and copyright information to include a
standard header that references the AUTHORS and CREDITS file. This standard
header was written by the Debian legal team at the request of Franck Joncourt.
This commit implements a single shared utility function for checking the
validaty of an IPv4 address, and both libfko and the fwknopd server use it
now. The client will be updated as well.
This reverts commit e57cfa2e235261b960986ecae0c7e86307159529. This is done
because libfko now restricts the symbols it exports to only those functions
that should be visible when making use of the library - internal libfko
functions should not be exported.
Rearranged headers to reduce duplication and remove local header
references from fko.h.
Removed references to headers that did not need to be explicitly set.
Moved the MAX_PROTO_STR_LEN and MAX_PORT_STR_LEN definitions to the
fko_limits.h file.
Fixed bug where invalid nat_access or command messages were returning
FKO_ERROR_INVALID_SPA_ACCESS_MSG error code instead of the one
appropriate to the message type.
Fixed bad nat_access_msg test in Perl module test suite (caught by new
validation code).
Added validation of NAT access strings in the various NAT modes in libfko.
This applies to both the client and server, and test suite support was added
as well.
This commit fixes a condition in which the server did not properly validate
allow IP addresses from malicious authenticated clients. This has been fixed
with stronger allow IP validation.
- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key). These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data. These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation. Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.
Added the 'const' qualifier to function prototype variables where possible.
In addition, reduced some functions to file-scope with 'static' where possible.
Also made a few minor changes to remove extra whitespace, and fixed a bug
in create_fwknoprc() to ensure the new fwknoprc filehandle is closed.
