Per github issue #257, Jérémie Courrèges-Anglas and Ingo Feinerer
contributed a patch to fix endian detection on OpenBSD systems. This is
based on information contained at:
https://www.opengroup.org/austin/docs/austin_514.txt
By default, fwknopd will now exit if the interface that it is
sniffing goes down (patch contributed by Github user 'sgh7'). If this
happens, it is expected that the native process monitoring feature in
things like systemd or upstart will restart fwknopd. However, if fwknopd
is not being monitored by systemd, upstart, or anything else, this
behavior can be disabled with the EXIT_AT_INTF_DOWN variable in the
fwknopd.conf file. If disabled, fwknopd will try to recover when a
downed interface comes back up.
Bug fix to ensure that a User-Agent string can be specified when the
fwknop client uses wget via SSL to resolve the external IP address. This
closes issue #134 on github reported by Barry Allard. The fwknop now
uses the wget '-U' option to specify the User-Agent string with a
default of "Fwknop/<version>". In addition, a new command line argument
"--use-wget-user-agent" to allow the default wget User-Agent string to
apply instead.
With this commit PF rules are added correctly regardless of whether ALTQ support
is available or not. Thanks to Barry Allard for discovering and reporting this
issue. Closes issue #121 on github.
This commit updates all authorship and copyright information to include a
standard header that references the AUTHORS and CREDITS file. This standard
header was written by the Debian legal team at the request of Franck Joncourt.
Suggested doc update to fwknop man pages to accurately describe the usage
of digits instead of bytes for SPA random data. About 53 bits of entropy
are actually used, although this is in addition to the 64-bit random salt
in for key derivation used by PBKDF1 in Rjindael CBC mode.
This reverts commit f55b89c867ab63aaf69daae0aec0c19f1c52d521.
Damien recommended not having 'make install' run ldconfig since it breaks an RPM
build of fwknop, and most package managers should be doing this step anyway.
This change helps to maintain backwards compatibility with older fwknopd daemons
that cannot handle Rijndael keys greater than 16 bytes. Blair Zajac suggested
printing a warning in '-M legacy' mode when keys are attempted > 16 bytes long,
and this warning is included in this commit.
This commit makes sure that if running 'fwknop -h' or 'fwknopd -h' appears to
fail then run ldconfig under the 'make install' step. George Herlin reported
that on some systems ldconfig was not automatically getting executed via the
autoconf Makefile config, and since fwknop/fwknopd depend on a shared library
(libfko), ldconfig needs to be executed by 'make install' if it wasn't already
done.
Blair Zajac contributed a patch to handle endian detection on PPC systems
and issue a compile time error if it cannot be determined. This commit affects
the BYTEORDER macro.
Significant bug fix to honor the full encryption key length for
user-supplied Rijndael keys > 16 bytes long. Previous to this bug fix,
only the first 16 bytes of a key were actually used in the encryption/
decryption process even if the supplied key was longer. The result was
a weakening of expected security for users that had keys > 16 bytes,
although this is probably not too common. Note that "passphrase" is
perhaps technically a better word for "user-supplied key" in this
context since Rijndael in CBC mode derives a real encryption/decryption
key from the passphrase through a series of applications of md5 against
the passphrase and a random salt. This issue was reported by Michael T.
Dean. Closes issue #18 on github.
[client] (Franck Joncourt) Contributed a patch to allow the fwknop
client to be stopped during the password entry prompt with Ctrl-C before
any SPA packet is sent on the wire.
[client+server] Applied patch from Franck Joncourt to remove unnecessary
chmod() call when creating client rc file and server replay cache file.
The permissions are now set appropriately via open(), and at the same
time this patch fixes a potential race condition since the previous code
used fopen() followed by chmod().
Applied patch from Franck Joncourt to have the perl FKO module link
against libfko in the local directory (if it exists) so that it doesn't
have to have libfko completely installed in /usr/lib/. This allows the
test suite to run FKO tests without installing libfko.
Added the ability to the test suite to compile, install, and run some
basic tests against the perl FKO module.
(Vlad Glagolev) Submitted a patch to fix command exec mode
under SPA message type validity test. Support for command exec mode was
also added to the test suite.
Applied patch from Vlad Glagolev to fix ndbm/gdbm usage when --disable-file-cache
is used for the autoconf configure script. This functionality was broken in
be4193d734850fe60f14a26b547525ea0b9ce1e9 through improper handling of #define
macros from --disable-file-cache.
Fernando Arnaboldi from IOActive found several conditions in
which the server did not properly throw out maliciously constructed
variables in the access.conf file. This has been fixed along with new
fuzzing tests in the test suite.
This commit fixes a condition in which the server did not properly validate
allow IP addresses from malicious authenticated clients. This has been fixed
with stronger allow IP validation.
- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key). These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data. These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation. Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.
