This commit adds the ability to generate SPA packets that are valid except for
the last encoding step before encryption. This is independent of supplying
invalid data for SPA packet fields. To invoke the test suite in this mode,
do something like:
# ./test-fwknop.pl --enable-perl-module-pkt-gen --fuzzing-test-tag "encoded_colon1_missing" --fuzzing-class encoding
This assumes that lib/fko_encode.c has been patched to subvert the encoding
step itself before encryption. In this case, the first colon after the random
value is removed.
Added validation of NAT access strings in the various NAT modes in libfko.
This applies to both the client and server, and test suite support was added
as well.
Applied patch from Franck Joncourt to have the perl FKO module link
against libfko in the local directory (if it exists) so that it doesn't
have to have libfko completely installed in /usr/lib/. This allows the
test suite to run FKO tests without installing libfko.
Added the ability to the test suite to compile, install, and run some
basic tests against the perl FKO module.
- [client] Added '-P udpraw' to allow the client to send SPA packets over
UDP with a spoofed source IP address. This is in addition to the
original 'tcpraw' and 'icmp' protocols that also support a spoofed
source IP.
- [server] Bug fix to accept SPA packets over ICMP if the fwknop client
is executed with '-P icmp' and the user has the required privileges.
(Vlad Glagolev) Submitted a patch to fix command exec mode
under SPA message type validity test. Support for command exec mode was
also added to the test suite.
Fernando Arnaboldi from IOActive found several conditions in
which the server did not properly throw out maliciously constructed
variables in the access.conf file. This has been fixed along with new
fuzzing tests in the test suite.
- [client+server] Fernando Arnaboldi from IOActive found that strict
filesystem permissions for various fwknop files are not verified. Added
warnings whenever permissions are not strict enough, and ensured that
files created by the fwknop client and server are only set to user
read/write.
- [client] Fernando Arnaboldi from IOActive found a local buffer overflow
in --last processing with a maliciously constructed ~/.fwknop.run file.
This has been fixed with proper validation of .fwknop.run arguments.
This commit fixes a condition in which the server did not properly validate
allow IP addresses from malicious authenticated clients. This has been fixed
with stronger allow IP validation.
- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key). These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data. These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation. Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.
