DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
1,932 Commits 15 Branches 0 Tags
5c3a7090148f824f1495594de6d789de6d60072b
Commit Graph

480 Commits

Author SHA1 Message Date
Franck Joncourt
b7ecb3334a Merge upstream changes to our changes 2014-12-28 15:00:24 +01:00
Michael Rash
9dc56d6bb7 [test suite / server] rule deletion/addition tests mid-cycle 2014-12-15 17:06:07 -08:00
Michael Rash
fd582487db [server] minor typo fix 2014-12-15 17:03:08 -08:00
Michael Rash
67f969f2c7 [server] compilation bug fix for firewalld platforms in DESTINATION processing code 2014-12-10 17:06:45 -08:00
Michael Rash
74f114603b check fiu_init() and fiu_enable() return values 2014-12-07 16:29:30 -05:00
Michael Rash
76b1c6dd50 Merge branch 'spa_destination_ip' 2014-12-04 20:07:05 -05:00
Michael Rash
d6dee352af minor update to get DESTINATION filtering tests passing 2014-12-03 20:57:06 -05:00
Michael Rash
285ec0ddcb [server] add AFL support for fuzzing SPA Rijndael decryption routine directly with --afl-pkt-file 2014-12-03 20:25:05 -05:00
Grant Pannell
af6087c48d Keep the documentation consistent 2014-11-29 15:14:31 +10:30
Grant Pannell
624872ef48 Add DESTINATION access.conf directive and ENABLE_DESTINATION_RULE fwknopd.conf directive 2014-11-29 15:05:06 +10:30
Michael Rash
7a2763a133 [server] minor fix to add AFL_FUZZING macro 2014-11-28 19:18:38 -05:00
Michael Rash
01e294aed3 [test suite] use -A mode for AFL fuzzing, make sure fwknopd does not init digest cache in -A mode 2014-11-28 19:13:35 -05:00
Michael Rash
7938e6fbbf [server] manpage update 2014-11-26 08:46:24 -05:00
Michael Rash
a64542c7a4 [server] add --run-dir command line arg 2014-11-25 22:06:56 -05:00
Michael Rash
82cf8b1c9c [server] Enforce proper bounds checking on digest cache file import 
Bug fix to ensure that proper bounds are enforced when importing digest
cache files from previous fwknopd executions. This bug
was discovered through fuzzing with American Fuzzy Lop (AFL) as driven
by the test/afl/fuzzing-wrappers/server-digest-cache.sh wrapper.
Previous to this fix, fwknopd could be made to crash through a malicious
digest cache file (normally in /var/run/fwknop/digest.cache) upon
initial import.
 2014-11-25 22:05:15 -05:00
Michael Rash
8872e50818 [test suite] use digest tracking override for ALF fwknopd fuzzing 2014-11-25 15:04:30 -05:00
Michael Rash
a72b69eee7 manpage updates 2014-11-15 10:51:48 -05:00
Michael Rash
d2880021ca [server] document --udp-server option 2014-11-15 10:45:59 -05:00
Michael Rash
2e1d076160 [server] minor status wording update 2014-11-15 00:16:17 -05:00
Michael Rash
aaa44656bc [server] add support for American Fuzzy Lop (ALF) fuzzing 2014-11-13 20:55:04 -05:00
Michael Rash
7022d79ca7 [server] minor code cleanup 2014-11-06 20:24:50 -05:00
Michael Rash
a8879231c3 [server] add run_extcmd_write() call in code coverage mode 2014-11-06 20:24:33 -05:00
Michael Rash
0c59f6e500 add CODE_COVERAGE macro for ./configure --enable-profile-coverage 2014-11-06 20:23:40 -05:00
Michael Rash
04f8b9669a [server] check number of cmd args even when execvpe() is not available 2014-11-05 23:19:51 -05:00
Michael Rash
e7942f48e0 [server] allow loop restart after select() sets EINTR (since we handle signals) - fixes cmd execution through UDP on FreeBSD 2014-11-04 22:44:59 -05:00
Michael Rash
c5f0389281 [server] minor code restructure, use FD_ISSET() test on file descriptors 2014-11-04 22:43:04 -05:00
Michael Rash
50009115b3 [server] bug fix to close write filehandle in _run_extcmd_write() 2014-11-01 12:03:49 -04:00
Michael Rash
34e38fe39e [server] first pass at eliminating popen() write calls with run_extcmd_write() (used for PF firewalls) 2014-10-28 21:28:21 -04:00
Michael Rash
d2abbd8720 [test suite] more code coverage tests 2014-10-25 22:29:49 -04:00
Michael Rash
17608dd01d [test suite] additional code coverage 2014-10-25 08:42:30 -04:00
Michael Rash
58d47cb385 [test suite] additional code coverage for a few areas 2014-10-24 20:39:40 -04:00
Michael Rash
7b70ed08d2 [server] ensure to break out of while loop and close() UDP socket before returning 2014-10-23 23:05:21 -04:00
Michael Rash
0af8faa0b3 Merge branch 'udp_listener' into execvpe 2014-10-13 20:25:14 -04:00
Michael Rash
c70e1c72a0 [server] update firewalld code to use run_extcmd() instead of popen() and system() - allows execvpe() to be used 2014-10-12 21:57:04 -04:00
Michael Rash
62ee780d65 [server] make pid_status a static var at the top of each fw_util_*.c file 2014-10-10 14:20:18 -04:00
Michael Rash
6dd599f3de [server] update ipfw and pf firewall interace code to latest run_extcmd() API 2014-10-07 23:23:05 -04:00
Michael Rash
06f3db1de8 [server] restore shell stderr redirect when execvpe() is not available 2014-10-07 21:42:36 -04:00
Michael Rash
1905baa0e8 [server] minor macro usage update 2014-10-07 21:37:29 -04:00
Michael Rash
b7785a9304 [server] extend run_extcmd() to allow the caller to specify whether to collect stderr 2014-10-07 21:01:17 -04:00
Michael Rash
ed9e1ac236 added setgid() call for command execution along with CMD_EXEC_GROUP access.conf var 2014-10-07 16:18:14 -04:00
Michael Rash
248c4b301e added configure detection of execvpe() - doesn't exist on Mac OS X yet 2014-10-06 20:04:00 -04:00
Michael Rash
652b8cb80e [server] have run_extcmd() collect process exit status for calling function (in addition to return value) 2014-10-05 20:21:05 -04:00
Michael Rash
a47ddfcb1e [server] added WIFEXITED(status) check for external commands run via execvpe() 2014-10-04 21:14:49 -04:00
Michael Rash
841d732c07 [server] removed remaining popen() call for iptables firewalls 2014-10-04 19:56:26 -04:00
Michael Rash
87f3bbdd23 [server] hex_dump() '%' bug fix, minor verbose criteria update 2014-10-04 16:40:44 -04:00
Michael Rash
d71f386971 [server] add search_extcmd() to replace all popen() calls with the execvpe() no env strategy 2014-10-04 10:31:15 -04:00
Michael Rash
e271442aa9 [server] first cut at converting iptables commands to use execvpe() 2014-10-03 21:58:51 -04:00
Michael Rash
0d6917fa4e minor hex_dump() update to use a consistent macro definition for ascii str length 2014-10-03 14:40:48 -04:00
Michael Rash
ddbba5bc90 autoconf update to ensure libpcap is not linked against in --enable-udp-server mode 2014-09-29 11:42:11 -04:00
Michael Rash
52d34a70a2 fwknopd man page updates, added UDPSERV_SELECT_TIMEOUT config option 2014-09-28 22:32:20 -04:00