commit 5befed6bae9228ab649e41217df21b5b32740fe0 (HEAD, refs/heads/master) Author: Michael Rash Date: Mon Jul 28 22:40:13 2014 -0400 removed gdbm/gdbm-devel dependencies for the RPM, bumped libfko to 2.0.3 for the RPM fwknop.spec | 17 +++++++++++------ 1 file changed, 11 insertions(+), 6 deletions(-) commit 96e16cf6f4b690fda1cb90b1bba6aba95bc8919d Author: Michael Rash Date: Mon Jul 28 22:28:46 2014 -0400 extended ChangeLog.git to include libfko version bump ChangeLog.git | 20 +++++++++++++++++++- 1 file changed, 19 insertions(+), 1 deletion(-) commit 71b97b6cad00223b2061309c2e87e2ede5a2da2f Author: Michael Rash Date: Mon Jul 28 21:46:32 2014 -0400 bumped libfko version to 2.0.3 lib/Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 67ca2f69ea8c59495e9b6a341d258eb2851e5828 Author: Michael Rash Date: Sun Jul 27 23:20:55 2014 -0400 changes since 2.6.2 to ChangeLog.git ChangeLog.git | 1676 +++++++++++++++++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 1627 insertions(+), 49 deletions(-) commit 03000dde5dda307ea421d19181cf7638240d8fbc Author: Michael Rash Date: Sun Jul 27 23:03:11 2014 -0400 bumped version to 2.6.3 in preparation for release ChangeLog | 2 +- VERSION | 2 +- configure.ac | 2 +- fwknop.spec | 5 ++++- 4 files changed, 7 insertions(+), 4 deletions(-) commit fa154259d5c425ad5f6e436a7353918225c797d9 Author: Michael Rash Date: Sun Jul 27 22:56:15 2014 -0400 [test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests test/tests/os_compatibility.pl | 52 ++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 52 insertions(+) commit 24ccf03a90b5338cc82d6fae2bef6f78145dcf06 Author: Michael Rash Date: Sun Jul 27 22:40:04 2014 -0400 added configure_max_coverage.sh helper script Makefile.am | 1 + 1 file changed, 1 insertion(+) commit 655abf6f0bbf865addb07df6020b072203e30bb3 Author: Michael Rash Date: Sun Jul 27 22:31:49 2014 -0400 [test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage Makefile.am | 1 + test/conf/fwknoprc_hmac_http_only_resolve | 22 ++++++++++++++++++++++ test/conf/fwknoprc_hmac_https_resolve | 1 + test/test-fwknop.pl | 4 ++++ test/tests/rijndael_hmac.pl | 12 ++++++++++++ 5 files changed, 40 insertions(+) commit 7f830e02391d6505063372c9eb2abd42b0802d1f Author: Michael Rash Date: Sun Jul 27 22:10:01 2014 -0400 revert gpg trustdb.gpg update from test suite test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes 1 file changed, 0 insertions(+), 0 deletions(-) commit b06447384e8d5f5c68efaf959c0d390daf984d94 Author: Michael Rash Date: Sun Jul 27 22:03:58 2014 -0400 [client] have autoconf resolve the absolute path to wget for SSL IP resolution client/cmd_opts.h | 3 +- client/config_init.c | 48 ++++++++++++++++++++++++++++-- client/fwknop.8.in | 52 +++++++++++++++++++++++++++++++-- client/fwknop.c | 2 ++ client/fwknop_common.h | 3 +- client/http_resolve_host.c | 31 +++++++++++++++----- configure.ac | 22 ++++++++++++++ doc/fwknop.man.asciidoc | 23 ++++++++++++++- test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes test/tests/basic_operations.pl | 39 +++++++++++++++++++++++++ 10 files changed, 207 insertions(+), 16 deletions(-) commit 4fcd5b317a649645316e63eedf7f7dbf8ff0c565 Author: Michael Rash Date: Sat Jul 26 23:43:48 2014 -0400 [server] fix shift operation bug in SOURCE subnet processing spotted by Coverity server/access.c | 4 +++- test/tests/basic_operations.pl | 32 ++++++++++++++++++++++++++++++++ 2 files changed, 35 insertions(+), 1 deletion(-) commit 134f4c6cfb936d2a5d7932128ba7d0f51980057c Merge: 2f9b920 59718f1 Author: Michael Rash Date: Fri Jul 25 17:44:27 2014 -0400 Merge branch 'libfiu_fault_injection' Conflicts: test/tests/rijndael_hmac_fuzzing.pl commit 59718f1a3668683acf9c64b3e86ad66fadebdc84 (refs/heads/libfiu_fault_injection) Author: Michael Rash Date: Fri Jul 25 17:42:06 2014 -0400 [client] Updated IP resolution mode -R to use SSL External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip', and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified (it is safer just to use the default). The fwknop client leverages 'wget' for this operation since that is cleaner than having fwknop link against an SSL library. ChangeLog | 6 ++ Makefile.am | 1 + client/cmd_opts.h | 3 + client/config_init.c | 57 ++++++++++++----- client/fwknop.8.in | 50 ++++++++++----- client/fwknop.c | 21 +++++-- client/fwknop_common.h | 15 +++-- client/http_resolve_host.c | 112 +++++++++++++++++++++++++++++++--- doc/fwknop.man.asciidoc | 49 +++++++++------ test/conf/fwknoprc_hmac_https_resolve | 20 ++++++ test/test-fwknop.pl | 6 +- test/tests/basic_operations.pl | 32 ++++++++-- test/tests/rijndael.pl | 31 +++++++++- test/tests/rijndael_hmac.pl | 45 +++++++++++++- 14 files changed, 368 insertions(+), 80 deletions(-) commit e1608b90fec440bf1b13b76b474a153d6091c2fe Author: Michael Rash Date: Tue Jul 22 22:35:43 2014 -0400 [client] call freeaddrinfo() early after iterating through getaddrinfo() results client/http_resolve_host.c | 20 ++++++++++++-------- client/spa_comm.c | 19 +++++++++++-------- 2 files changed, 23 insertions(+), 16 deletions(-) commit 5fadf56af42a6b320a5752cfb048df4697fb190e Author: Michael Rash Date: Tue Jul 22 22:05:29 2014 -0400 added extras/coverity/ directory for Coverity script extras/coverity/coverity_scan.sh | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 666d150affdedc7604a729941422a42dbf9b73db Author: Michael Rash Date: Tue Jul 22 22:04:44 2014 -0400 [client] make close() on socket handle more intuitive (resolves 'double close' bugs flagged by Coverity) client/http_resolve_host.c | 15 ++++++++------- client/spa_comm.c | 13 +++++-------- 2 files changed, 13 insertions(+), 15 deletions(-) commit 73490209f7d4a6d6c990da119cab2138387928b0 Author: Michael Rash Date: Tue Jul 22 18:56:12 2014 -0400 [test suite] add access.conf file path to a few basic tests test/tests/basic_operations.pl | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 3df08e3c0ebe48b06b6066ebfd549841f54a72f3 Author: Michael Rash Date: Tue Jul 22 18:48:54 2014 -0400 [test suite] handle PF on FreeBSD test/test-fwknop.pl | 21 +++++++++++++++++++++ 1 file changed, 21 insertions(+) commit eed3418996cc5de92b92bca20d980f3d700846a6 Author: Michael Rash Date: Tue Jul 22 18:40:29 2014 -0400 [test suite] update wrapper Makefile gcc -> cc test/fko-wrapper/Makefile | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) commit 9470b3ce21b409c1258ed64561499b2a389bcd8b Author: Michael Rash Date: Mon Jul 21 23:59:44 2014 -0400 [test suite] README update to include --enable-complete mode test/README | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 7df1186c66796f0d3b41ebfa95c3a2303e0ceaf1 Author: Michael Rash Date: Mon Jul 21 23:55:08 2014 -0400 fixed several socket handle leaks under error conditions spotted by Coverity client/http_resolve_host.c | 6 ++++-- client/spa_comm.c | 5 +++++ server/tcp_server.c | 14 +++++++++++++- 3 files changed, 22 insertions(+), 3 deletions(-) commit 7d5b75886c94f1647276eebeb139ac36e299668b Author: Michael Rash Date: Sat Jul 19 17:26:15 2014 -0400 added lcov coverage link ChangeLog | 4 ++++ 1 file changed, 4 insertions(+) commit b2117e6fe7a3832ab9e4e7164a5b5f66397a8ef1 Author: Michael Rash Date: Sat Jul 19 17:18:59 2014 -0400 ChangeLog updates ChangeLog | 47 +++++++++++++++++++++++++++++++++++------------ 1 file changed, 35 insertions(+), 12 deletions(-) commit 641866deffcd767b4f4a4cb439575e5e4479a49d Author: Michael Rash Date: Sat Jul 19 16:40:59 2014 -0400 [server] minor update print -> fprintf for PF firewall interface server/fw_util_pf.c | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) commit 764d9ca26da2b6359534b3faea537e288922ce5b Author: Michael Rash Date: Sat Jul 19 16:30:53 2014 -0400 fix gcc -Wstrlcpy-strlcat-size warnings client/config_init.c | 7 ++++--- client/fwknop.c | 7 ++++--- server/access.c | 2 +- 3 files changed, 9 insertions(+), 7 deletions(-) commit ec54b4fd11c707fb11efd61a09c2e7a240286065 Author: Michael Rash Date: Sat Jul 19 16:30:00 2014 -0400 fixed README paths Makefile.am | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2012d2d7d1a15863323b9849a3c6a528dd13b810 Author: Michael Rash Date: Sat Jul 19 16:22:42 2014 -0400 fixed README paths README | 1 + 1 file changed, 1 insertion(+) commit 74428adae63f93c8e5679ce8ba0793e8e786f2ec Author: Michael Rash Date: Fri Jul 18 20:54:11 2014 -0400 [server] Bug fix for PF firewalls without ALTQ support on FreeBSD. With this commit PF rules are added correctly regardless of whether ALTQ support is available or not. Thanks to Barry Allard for discovering and reporting this issue. Closes issue #121 on github. CREDITS | 4 ++++ ChangeLog | 4 ++++ server/fw_util_pf.h | 2 +- 3 files changed, 9 insertions(+), 1 deletion(-) commit 51506db24c0683e45b7a7ad80c25d8b905c022ad Author: Michael Rash Date: Fri Jul 11 22:41:32 2014 -0500 minor README.md summary update README.md | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) commit 6fe1107bbf1d85072f71c934cd540b8367ebc932 Author: Michael Rash Date: Fri Jul 11 22:29:13 2014 -0500 minor README.md formating updates Makefile.am | 2 +- README.md | 76 +++++++++++++++++++++++++++++++++++++++++-------------------- 2 files changed, 52 insertions(+), 26 deletions(-) commit f7004cec62f1814493060a351e7b78af0e76deeb (refs/remotes/origin/libfiu_fault_injection) Merge: 3bd1d07 3d504cf Author: Michael Rash Date: Fri Jul 11 09:43:50 2014 -0500 Merge pull request #122 from steakknife/convert_readme readme -> md commit 3d504cfc17f82dc3e081106774cc4be355d81b18 Author: Barry Allard Date: Tue Jul 8 19:09:29 2014 -0700 readme -> md Signed-off-by: Barry Allard README | 150 -------------------------------------------------------------- README.md | 123 +++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 123 insertions(+), 150 deletions(-) commit 3bd1d0742e8f68d6a5f6b9e479a391ba605a2385 Author: Michael Rash Date: Mon Jul 7 22:55:34 2014 -0500 [test suite] add --gpg-home-dir arg to GPG test test/tests/gpg_no_pw.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7e1346c49ad2dfd8118deae3c9dbb09a300a0bbb Author: Michael Rash Date: Mon Jul 7 22:50:24 2014 -0500 [test suite] add variable expansion and fwknopd override tests Makefile.am | 3 +++ test/conf/override2_fwknopd.conf | 2 ++ test/conf/override_fwknopd.conf | 1 + test/conf/var_expansion_fwknopd.conf | 2 ++ test/conf/var_expansion_invalid_fwknopd.conf | 2 ++ test/tests/basic_operations.pl | 30 ++++++++++++++++++++++++++++ 6 files changed, 40 insertions(+) commit 824ebe94f8b8c5c86034cad212309adbfeb35d4b Author: Michael Rash Date: Mon Jul 7 22:41:17 2014 -0500 [test suite] run interrupt signal test against foreground fwknopd process test/test-fwknop.pl | 35 +++++++++++++++++++++++++++++------ 1 file changed, 29 insertions(+), 6 deletions(-) commit 1dccab0fc84f15ca5dd105538e033f883a0d91f7 Author: Michael Rash Date: Mon Jul 7 22:37:08 2014 -0500 [server] handle signal vars in dedicated function server/fwknopd.c | 99 ++++++++++++++++++++++++++++++-------------------------- 1 file changed, 53 insertions(+), 46 deletions(-) commit 3c0694841488381013de7e2f5947fb74aec1b41b Author: Michael Rash Date: Mon Jul 7 22:30:49 2014 -0500 [server] alert the user when config file variable expansion references invalid var server/config_init.c | 18 +++++++++--------- 1 file changed, 9 insertions(+), 9 deletions(-) commit 0e5c4644fca4e8d9d9c39eb07a1a95fcc0b67c32 Author: Michael Rash Date: Mon Jul 7 22:16:47 2014 -0500 [test suite] add GPG test for a manually altered SPA packet test/tests/gpg_no_pw.pl | 31 +++++++++++++++++++++++++++++++ 1 file changed, 31 insertions(+) commit 1b47173906ff76d9a520eb2b756fa9e89e4b4b27 Author: Michael Rash Date: Mon Jul 7 21:35:27 2014 -0500 [test suite] add SYSLOG_FACILITY tests server/log_msg.c | 18 ++--- test/tests/basic_operations.pl | 164 +++++++++++++++++++++++++++++++++++++++++ 2 files changed, 172 insertions(+), 10 deletions(-) commit 5c54ef00ad271b71383d95c3ecb6d8a5d74dffdf Author: Michael Rash Date: Mon Jul 7 21:34:45 2014 -0500 [server] refactor main() into a more natural breakdown of functions server/fwknopd.c | 413 ++++++++++++++++++++++++++++++------------------------- 1 file changed, 228 insertions(+), 185 deletions(-) commit 9f2e01eb0114ee0cb0bc101dda036779c456915d Author: Michael Rash Date: Mon Jul 7 21:27:53 2014 -0500 [server] Fix uninitialized value usage after proper SPA authentication/decryption Bug fix discovered with the libfiu fault injection tag "fko_get_username_init" combined with valgrind analysis. This bug is only triggered after a valid authenticated and decrypted SPA packet is sniffed by fwknopd: ==11181== Conditional jump or move depends on uninitialised value(s) ==11181== at 0x113B6D: incoming_spa (incoming_spa.c:707) ==11181== by 0x11559F: process_packet (process_packet.c:211) ==11181== by 0x5270857: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.4.0) ==11181== by 0x114BCC: pcap_capture (pcap_capture.c:270) ==11181== by 0x10F32C: main (fwknopd.c:195) ==11181== Uninitialised value was created by a stack allocation ==11181== at 0x113476: incoming_spa (incoming_spa.c:294) ChangeLog | 13 +++++++++++++ server/incoming_spa.c | 18 +++++++++--------- 2 files changed, 22 insertions(+), 9 deletions(-) commit 5474ced90b2f272e4a1e97ddd863765839eafae6 Author: Michael Rash Date: Sat Jul 5 23:10:26 2014 -0500 [test suite] extend invalid sniff interface test to include promisc mode test/tests/basic_operations.pl | 13 +++++++++++-- 1 file changed, 11 insertions(+), 2 deletions(-) commit 77eb1a763fb7a41a02b2a7ab3ee9844a76d54724 Author: Michael Rash Date: Sat Jul 5 22:44:40 2014 -0500 [test suite] add invalid sniff interface test test/tests/basic_operations.pl | 9 +++++++++ 1 file changed, 9 insertions(+) commit f0285ae2b54940156a35ef0cd276cbd0a8c0954c Author: Michael Rash Date: Fri Jul 4 20:05:54 2014 -0400 [test suite] add invalid gpg sig ID list Makefile.am | 1 + test/conf/gpg_invalid_sig_id_access.conf | 7 +++++++ test/test-fwknop.pl | 1 + test/tests/gpg_no_pw.pl | 11 +++++++++++ 4 files changed, 20 insertions(+) commit ffa77a9e54653fdd3a411f672b586c0fd6a8b685 Author: Michael Rash Date: Fri Jul 4 19:54:56 2014 -0400 [test suite] add GPG_DISABLE_SIG test Makefile.am | 1 + test/conf/gpg_no_sig_verify_access.conf | 8 ++++++++ test/test-fwknop.pl | 1 + test/tests/gpg_no_pw.pl | 13 +++++++++++++ 4 files changed, 23 insertions(+) commit a2ff2a396c99fb3f2ab41e2325a3e5bdf7971328 Author: Michael Rash Date: Thu Jul 3 10:31:30 2014 -0400 [server] call clean_exit() upon check_dir_path() error Makefile.am | 1 + server/fwknopd.c | 18 ++++++++++-------- test/conf/invalid_run_dir_path_fwknopd.conf | 2 ++ test/test-fwknop.pl | 1 + test/tests/basic_operations.pl | 10 ++++++++++ 5 files changed, 24 insertions(+), 8 deletions(-) commit 5ced103207865877eceaee2f29d36a0f8f3f7e47 Author: Michael Rash Date: Thu Jul 3 10:17:52 2014 -0400 [test suite] minor test coverage addition for invalid locale setting test/tests/basic_operations.pl | 11 +++++++++++ 1 file changed, 11 insertions(+) commit fed2da3bb00a6a98a4d5a8d0753218f49417d846 Author: Michael Rash Date: Thu Jul 3 08:52:48 2014 -0400 [test suite] additional valgrind suppression for pcap-file processing test/valgrind_suppressions | 9 +++++++++ 1 file changed, 9 insertions(+) commit 43b770320ad5b38e9d1c97ebc1200a28ecdbe1b0 Author: Michael Rash Date: Sun Jun 29 18:46:19 2014 -0400 [server] Require sig ID's or fingerprints when sigs are validated When validating access.conf stanzas make sure that one of GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG signatures are to be verified for incoming SPA packets. Signature verification is the default, and can only be disabled with GPG_DISABLE_SIG but this is NOT recommended. ChangeLog | 6 ++++++ Makefile.am | 1 + server/access.c | 14 ++++++++++++++ test/conf/gpg_no_pw_no_fpr_access.conf | 5 +++++ test/test-fwknop.pl | 1 + test/tests/basic_operations.pl | 10 ++++++++++ 6 files changed, 37 insertions(+) commit 77384a904e44e92db7c5240d1a31449543692b7c Author: Michael Rash Date: Sun Jun 29 17:07:55 2014 -0400 [server] add access.conf variable GPG_FINGERPRINT_ID Add a new GPG_FINGERPRINT_ID variable to the access.conf file so that full GnuPG fingerprints can be required for incoming SPA packets in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID. From the test suite, an example fingerprint is GPG_FINGERPRINT_ID 00CC95F05BC146B6AC4038C9E36F443C6A3FAD56 ChangeLog | 6 ++++ Makefile.am | 2 ++ server/access.c | 33 +++++++++++++++++++-- server/fwknopd_common.h | 2 ++ server/incoming_spa.c | 52 +++++++++++++++++++++++++++++---- test/conf/gpg_no_pw_bad_fpr_access.conf | 6 ++++ test/conf/gpg_no_pw_fpr_access.conf | 6 ++++ test/test-fwknop.pl | 9 ++++-- test/tests/gpg_no_pw.pl | 25 ++++++++++++++++ 9 files changed, 132 insertions(+), 9 deletions(-) commit 11b9732c1641cb6c972fbc5f32613b1d27fbe308 Author: Michael Rash Date: Sun Jun 29 17:23:20 2014 -0400 [server] Call clean_exit() from daemon parent process When becoming a daemon, make sure the fwknopd parent process calls clean_exit() to release memory before calling exit(). server/fwknopd.c | 9 ++++----- 1 file changed, 4 insertions(+), 5 deletions(-) commit e41e0f5aafba244e8d94965dd9e690c68a48fa4b Author: Michael Rash Date: Tue Jun 24 22:54:27 2014 -0400 [test suite] added iptables OUTPUT chain test Makefile.am | 1 + test/conf/invalid_ipt_input_chain_2_fwknopd.conf | 1 - test/conf/invalid_ipt_input_chain_3_fwknopd.conf | 1 - test/conf/invalid_ipt_input_chain_4_fwknopd.conf | 1 - test/conf/invalid_ipt_input_chain_5_fwknopd.conf | 1 - test/conf/invalid_ipt_input_chain_6_fwknopd.conf | 1 - test/conf/invalid_ipt_input_chain_fwknopd.conf | 1 - test/conf/ipt_output_chain_fwknopd.conf | 2 ++ test/test-fwknop.pl | 1 + test/tests/rijndael_hmac.pl | 12 ++++++++++++ 10 files changed, 16 insertions(+), 6 deletions(-) commit a4615a76b5e4975ca2f1c34f4c3d26bc086e7e58 Author: Michael Rash Date: Mon Jun 23 18:27:22 2014 -0400 [test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53 test/tests/rijndael_hmac.pl | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit 125f99aa3bd1fe509f3cd6c9c5d990e26cedd120 Author: Michael Rash Date: Mon Jun 23 18:21:29 2014 -0400 [test suite] updated --gdb mode to run the first found fwknop command from an output/*.test file test/test-fwknop.pl | 3 +++ 1 file changed, 3 insertions(+) commit e0001e4a5d5bf68c004edf007cf589a3e4591b31 Author: Michael Rash Date: Mon Jun 23 18:10:01 2014 -0400 [server] call clean_exit() on expand_acc_string_list() error server/access.c | 33 ++++++++++++++++++++------------- 1 file changed, 20 insertions(+), 13 deletions(-) commit 189d0ea0bca75cbc6d7e670102b10831ccb6a19b Author: Michael Rash Date: Mon Jun 23 18:02:57 2014 -0400 [server] call clean_exit() on add_acc_string() error server/access.c | 120 +++++++++++++++++++++++++++++++++++++++++++------------- 1 file changed, 92 insertions(+), 28 deletions(-) commit ff65274e28738e3bf14a54b2708112a8403c4352 Author: Michael Rash Date: Fri Jun 20 19:35:02 2014 -0400 [server] make sure clean_exit() is called on any add_acc_b64_string() errs server/access.c | 31 ++++++++++++++++++++++--------- 1 file changed, 22 insertions(+), 9 deletions(-) commit fd0805c57ab0972d9a52c4b8f6abc7981fabd873 Author: Michael Rash Date: Fri Jun 20 19:22:35 2014 -0400 [server] minor memory leak fix for invalid FORCE_NAT var in access.conf This commit fixes the following leak found by valgrind: ==6241== 568 bytes in 1 blocks are still reachable in loss record 1 of 1 ==6241== at 0x4C2A2DB: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so) ==6241== by 0x551537A: __fopen_internal (iofopen.c:73) ==6241== by 0x118C8E: parse_access_file (access.c:1143) ==6241== by 0x10F134: main (fwknopd.c:250) server/access.c | 18 ++++++++++++------ 1 file changed, 12 insertions(+), 6 deletions(-) commit 74440be6535b66d8585aac63c0efc1e170f70e96 Author: Michael Rash Date: Mon Jun 16 23:08:50 2014 -0400 [server] minor pointer typo fix server/fwknopd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 3557158620f3a576cf4a958a80f3534ea3e85edc Author: Michael Rash Date: Sun Jun 15 23:10:02 2014 -0400 [test suite] add valgrind suppressions for libfiu test/valgrind_suppressions | 38 ++++++++++++++++++++++++++++++-------- 1 file changed, 30 insertions(+), 8 deletions(-) commit 389e55ddfcd5a8a2d7c75fdca905768a8318ed2a Author: Michael Rash Date: Sun Jun 15 10:55:19 2014 -0400 [test suite] consolidate valgrind success/failure criteria into a single function test/test-fwknop.pl | 33 +++++++++++++++++++++------------ 1 file changed, 21 insertions(+), 12 deletions(-) commit 55a03f33927dd95719dbe0683a3b29b6d3501344 Author: Michael Rash Date: Sun Jun 15 10:34:52 2014 -0400 [test suite] added suppressions to fko-wrapper/run_valgrind.sh test/fko-wrapper/run_valgrind.sh | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 487860725451f5f290b55b8cbe729af58f7d5413 Author: Michael Rash Date: Sun Jun 15 10:21:21 2014 -0400 [libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called lib/fko_funcs.c | 4 ---- test/fko-wrapper/fko_fault_injection.c | 3 +-- test/tests/fault_injection.pl | 9 --------- 3 files changed, 1 insertion(+), 15 deletions(-) commit 054793fd9e79b5aa70c5be7759fec1e9e23a9108 Author: Michael Rash Date: Sun Jun 15 09:48:37 2014 -0400 [server] check fiu_enable() return value in --fault-injection mode server/fwknopd.c | 7 ++++++- 1 file changed, 6 insertions(+), 1 deletion(-) commit 34f7ebd0829b3dd5545e120fe3e9af9cca7a7119 Author: Michael Rash Date: Sun Jun 15 09:41:43 2014 -0400 [test suite] added strtol_wrapper() fault injection tags lib/fko_util.c | 10 ++++++++++ 1 file changed, 10 insertions(+) commit 42a20616b499003d59b21abba2ee6ce9431622e1 Author: Michael Rash Date: Sat Jun 14 21:27:18 2014 -0400 [libfko] additional fault injection additions with test suite support lib/fko_funcs.c | 19 ++++---- lib/fko_hmac.c | 10 ++++ test/tests/fault_injection.pl | 103 ++++++++++++++++++++++++++++++++++++++++++ 3 files changed, 123 insertions(+), 9 deletions(-) commit c00a3e7b2670566c9a403e07a5a34df0fcda1811 Author: Michael Rash Date: Thu Jun 12 20:29:54 2014 -0400 [test suite] additional fault injection tests lib/fko_util.c | 11 ++++++++ test/tests/fault_injection.pl | 58 +++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 69 insertions(+) commit 13ca6261b362382dd42b56cafadd903dcd851412 Author: Michael Rash Date: Thu Jun 12 20:29:24 2014 -0400 [test suite] minor update to not parse crash messages out of crash test output file test/test-fwknop.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 06ce514111ad9838eee1cf82955140099c78ffe5 Author: Michael Rash Date: Thu Jun 12 00:02:18 2014 -0400 [test suite] add several fault injection tests lib/fko_client_timeout.c | 2 +- lib/fko_digest.c | 46 ++++++++ server/fw_util_iptables.c | 4 + test/fko-wrapper/fko_wrapper.c | 8 +- test/tests/fault_injection.pl | 243 ++++++++++++++++++++++++++++++++++++++++- 5 files changed, 294 insertions(+), 9 deletions(-) commit d8b2ae370afcd211338bc91d880b61fbb83c0c77 Author: Michael Rash Date: Thu Jun 12 00:01:58 2014 -0400 [test suite] always run crash check at the end of test run test/test-fwknop.pl | 28 ++++++++++++++-------------- 1 file changed, 14 insertions(+), 14 deletions(-) commit e02750e6662204ad1020c4128e2e34c505e26ad6 Author: Michael Rash Date: Thu Jun 12 00:01:12 2014 -0400 [server] skip firewall rules check in --test mode server/pcap_capture.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 410624a85828a23290bbac25c8ac3a8627660e22 Author: Michael Rash Date: Thu Jun 12 00:00:40 2014 -0400 [libfko] free() temp buffer right after strdup() call, add libfiu fault injection tags lib/fko_encode.c | 46 ++++++++++++++++++++++++++++------------------ 1 file changed, 28 insertions(+), 18 deletions(-) commit 816962982f631cd8e6d15dc40171a3755c263a18 Author: Michael Rash Date: Wed Jun 11 23:59:08 2014 -0400 [server] clean up fko_destroy() calls in main access stanza loop server/incoming_spa.c | 57 ++++++--------------------------------------------- 1 file changed, 6 insertions(+), 51 deletions(-) commit b8ad48eaa97646b48a4debc4e4e7f49cc279c05d Author: Michael Rash Date: Mon Jun 9 21:50:55 2014 -0400 [test suite] added fiu-run fault injection tests against the fwknopd server test/tests/fault_injection.pl | 56 +++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 56 insertions(+) commit 8d31de729571be2e2bfc28e0889d904305c881ee Author: Michael Rash Date: Mon Jun 9 20:48:23 2014 -0400 [server] skip replay storage in --test mode (since we're not granting access anyway) server/incoming_spa.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 70f70091b12f929f4dd56d2b783d7ea77a4b06f3 Author: Michael Rash Date: Mon Jun 9 20:45:01 2014 -0400 [server] skip fw initialization and cleanup in --test mode server/fwknopd.c | 17 ++++------------- 1 file changed, 4 insertions(+), 13 deletions(-) commit 4ab677cfe0ac2bd99f2b7c84b1f17a6e84f2b440 Author: Michael Rash Date: Mon Jun 9 20:40:44 2014 -0400 [server] minor fwknopd --help output update server/config_init.c | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit ffde9c3f1ae38d1a5c0f72ed3d721bc0bfaeaa16 Author: Michael Rash Date: Sun Jun 8 23:09:55 2014 -0400 [libfko] bug fix to check strdup() return value Using the 'fiu-run' fault injection binary, a couple of cases were turned up with libfko does not properly check the strdup() return value. This commit fixes these issues, and here is an illustration of the stack trace for one such issue: Core was generated by `../client/.libs/fwknop -A tcp/22 -a 127.0.0.2 -D 127.0.0.1 --get-key local_spa.'. Program terminated with signal 11, Segmentation fault. #0 __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34 34 ../sysdeps/x86_64/multiarch/../strnlen.S: No such file or directory. (gdb) where #0 __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34 #1 0x00007effa38189bc in _rijndael_encrypt (enc_key_len=, enc_key=, ctx=0x7effa5945750) at fko_encryption.c:141 #2 fko_encrypt_spa_data (ctx=0x7effa5945750, enc_key=, enc_key_len=) at fko_encryption.c:605 #3 0x00007effa381a2d6 in fko_spa_data_final (ctx=0x7effa5945750, enc_key=enc_key@entry=0x7fff3ff4aa10 "fwknoptest", enc_key_len=, hmac_key=hmac_key@entry=0x7fff3ff4aaa0 "", hmac_key_len=0) at fko_funcs.c:489 #4 0x00007effa405f2fb in main (argc=, argv=) at fwknop.c:449 lib/fko_encryption.c | 10 ++++++---- lib/fko_hmac.c | 8 ++++++-- 2 files changed, 12 insertions(+), 6 deletions(-) commit 989d48b7e97ebd8186f4b9ec364bc2389edcb623 Author: Michael Rash Date: Sun Jun 8 20:22:19 2014 -0400 [test suite] make valgrind suppressions slightly more perscriptive test/valgrind_suppressions | 46 ++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 46 insertions(+) commit 7fb2f292bcd74c39772816d617912ad7febc351b Author: Michael Rash Date: Sun Jun 8 20:20:19 2014 -0400 [test suite] in valgrind mode, make tests fail whenever there are 'definitely' or 'indirectly' lost bytes in memory test/test-fwknop.pl | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) commit 53a1e1bc0047b116807f715c326edad93c164c7e Author: Michael Rash Date: Sun Jun 8 20:19:03 2014 -0400 [client] minor bug fix for condition under which fiu_* functions are called for fault injection client/fwknop.c | 6 ++---- 1 file changed, 2 insertions(+), 4 deletions(-) commit 82b05b95302744d1c1dba55b4e1792868114bf8d Author: Michael Rash Date: Fri Jun 6 21:28:28 2014 -0400 [libfko] fko_new() bug fix to not leak memory under fko_set_... error conditions This commit changes how fko_new() deals with FKO context initialization to not set ctx->initval back to zero (uninitialized) imediately after calling each fko_set_... function and before checking the fko_set_... return value. The reason for this change is that fko_destroy() checks for context initialization via ctx->initval before calling free() against any heap allocated context member. So, if fko_set_... returns an error, fko_destroy() (previous to this commit) would have no opportunity to free such members. This bug was found with fault injection testing provided by libfiu together with valgrind. Specifically the following test suite command exposes the problem (from the test/ directory): ./test-fwknop.pl --enable-complete --include "fault injection.*libfko" In the resulting output/2.test file valgrind reports the following: ==27941== LEAK SUMMARY: ==27941== definitely lost: 264 bytes in 1 blocks ==27941== indirectly lost: 28 bytes in 3 blocks ==27941== possibly lost: 0 bytes in 0 blocks ==27941== still reachable: 1,099 bytes in 12 blocks ==27941== suppressed: 0 bytes in 0 blocks After this commit is applied, this changes to: ==7137== LEAK SUMMARY: ==7137== definitely lost: 0 bytes in 0 blocks ==7137== indirectly lost: 0 bytes in 0 blocks ==7137== possibly lost: 0 bytes in 0 blocks ==7137== still reachable: 1,099 bytes in 12 blocks ==7137== suppressed: 0 bytes in 0 blocks Note that 'definitely lost' in valgrind output means there is a real memory leak that needs to be fixed whereas 'still reachable' is most likely not a real problem according to: http://valgrind.org/docs/manual/faq.html#faq.deflost lib/fko_funcs.c | 37 ++++++++----------------------------- 1 file changed, 8 insertions(+), 29 deletions(-) commit dfeecf5c293af02bca9c830052bc85ea7e0279e4 Author: Michael Rash Date: Thu Jun 5 23:13:01 2014 -0400 [test suite] additional fix for duplicate fault injection tags test/fko-wrapper/fko_fault_injection.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 1b4d7f5b1935d4882db1c85d95676f51e446fd3b Author: Michael Rash Date: Thu Jun 5 23:10:41 2014 -0400 [test suite] minor fix for duplicate fault injection tags test/fko-wrapper/fko_fault_injection.c | 4 +--- 1 file changed, 1 insertion(+), 3 deletions(-) commit 6d1d66fe032c33894252d3b88253255f68019a4c Author: Michael Rash Date: Thu Jun 5 23:05:49 2014 -0400 add --fault-injection-tag support to the client/server/libfko This is a significant commit to add the ability to leverage libfko fault injections from both the fwknop client and server command lines via a new option '--fault-injection-tag '. This option is used by the test suite with the tests/fault_injection.pl tests. client/cmd_opts.h | 3 + client/config_init.c | 9 + client/fwknop.8.in | 12 +- client/fwknop.c | 29 +++ client/fwknop_common.h | 3 + common/common.h | 4 + doc/fwknop.man.asciidoc | 7 + doc/fwknopd.man.asciidoc | 9 + lib/fko_client_timeout.c | 11 ++ lib/fko_funcs.c | 22 +++ lib/fko_message.c | 19 ++ lib/fko_nat_access.c | 21 +++ lib/fko_server_auth.c | 12 ++ lib/fko_timestamp.c | 9 + lib/fko_user.c | 9 + server/cmd_opts.h | 5 +- server/config_init.c | 8 + server/fwknopd.8.in | 12 +- server/fwknopd.c | 30 +++ server/fwknopd_common.h | 1 + test/test-fwknop.pl | 63 ++++++- test/tests/fault_injection.pl | 427 ++++++++++++++++++++++++++++++++++++++++++ 22 files changed, 717 insertions(+), 8 deletions(-) commit 6a0af8ed8ef1b585a346475005c81c062e81ab4b Author: Michael Rash Date: Sun Jun 1 22:30:54 2014 -0400 [test suite] added coverage_diff.py This commit adds support for diff'ing before and after gcov/lcov results to see when new function/line coverage is added by the test suite. Here is an example of its output: Sun Jun 1 22:28:00 2014 CMD: ./coverage_diff.py [+] Coverage: /home/mbr/git/fwknop.git/server/config_init.c [+] new 'fcns' coverage: usage() [+] new 'lines' coverage: 1015 [+] new 'lines' coverage: 1017 [+] new 'lines' coverage: 1019 [+] new 'lines' coverage: 1059 [+] new 'lines' coverage: 979 [+] Coverage: /home/mbr/git/fwknop.git/server/fw_util_iptables.c [+] new 'lines' coverage: 560 [+] new 'lines' coverage: 561 test/coverage_diff.py | 77 +++++++++++++++++++++++++++++++++++++++++++++++++++ test/test-fwknop.pl | 5 ++++ 2 files changed, 82 insertions(+) commit 040b7b10a002d2f9b98a5b73c7b846ca61edbe5c Author: Michael Rash Date: Mon May 26 23:15:09 2014 -0400 [test suite] add shell escape for /usr/include/* wildcard on lcov command line test/test-fwknop.pl | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 2e150d47a7d905f4cbf7e3c0188343b45d87b471 Author: Michael Rash Date: Mon May 26 23:06:14 2014 -0400 restore trustdb.gpg files test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes 2 files changed, 0 insertions(+), 0 deletions(-) commit 2697bd260ce821c7be632cfd87e381805a7db1a0 Author: Michael Rash Date: Mon May 26 22:53:44 2014 -0400 [test suite] fix LD_LIBRARY_PATH for fiu-run execution against fko-wrapper binaries test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes test/conf/server-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes test/test-fwknop.pl | 4 +++- 3 files changed, 3 insertions(+), 1 deletion(-) commit ed58dcb635b7d3b0f89b3f3191aa903fa18d0d76 Author: Michael Rash Date: Mon May 26 21:28:19 2014 -0400 Revert "add gcc '-pg' flag in --enable-profile-coverage mode" This reverts commit bbe5626566d617317f2d25f5650f2299c95f2c9f because -pg is needed for gprof, not gcov, and valgrind is incompatible with -pg. configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit ddaf0134d6d6b42284047ee6b543a6258c61e34d Author: Michael Rash Date: Mon May 26 15:54:12 2014 -0400 use fiu.h instead of fiu-local.h common/common.h | 2 +- lib/fko_common.h | 2 +- test/fko-wrapper/fko_basic.c | 6 ++++++ test/fko-wrapper/fko_fault_injection.c | 2 +- test/tests/fault_injection.pl | 4 ++-- 5 files changed, 11 insertions(+), 5 deletions(-) commit e893ecad21d2152edd3e9e661eedb3f0d0bd9ac2 Author: Michael Rash Date: Mon May 26 15:09:02 2014 -0400 [test suite] added first test to run fwknop client underneath fiu-run for libc fault injection test/tests/fault_injection.pl | 12 +++++++++++- 1 file changed, 11 insertions(+), 1 deletion(-) commit a1f1e4b32891f710f52cd6b486bf026fde77d50d Author: Michael Rash Date: Mon May 26 14:18:27 2014 -0400 [test suite] in --enable-fuzzing-interfaces mode create fko-wrapper/send_spa_payloads file if it does exist test/test-fwknop.pl | 14 ++++++++++++++ 1 file changed, 14 insertions(+) commit 237602114fc20d55187d797e3f1d553bf12684ae Author: Michael Rash Date: Mon May 26 08:40:26 2014 -0400 [test suite] minor fko_wrapper comment update test/fko-wrapper/fko_wrapper.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 15aff82980c7b093f231c8218ff5d84553e79dc0 Author: Michael Rash Date: Mon May 26 08:39:44 2014 -0400 client/server added libfiu header files in --enable-libfiu-support mode common/common.h | 5 +++++ 1 file changed, 5 insertions(+) commit 55ae7d509576c1279ba9b7b90f33eb7a6a88bbbc Author: Michael Rash Date: Sun May 25 22:10:43 2014 -0400 [test suite] auto-generate fko-wrapper/fuzz_spa_payload file with spa_fuzzing.py if necessary in --enable-complete/--enable-fuzzing-interfaces mode test/test-fwknop.pl | 26 +++++++++++++++++++++++--- test/tests/rijndael_hmac_fuzzing.pl | 2 +- 2 files changed, 24 insertions(+), 4 deletions(-) commit 23e8dcfddd16c687563b45dae8f7bcd608b1c27b Author: Michael Rash Date: Sun May 25 16:23:40 2014 -0400 [test suite] added configure_max_coverage.sh for --enable-complete mode test/configure_max_coverage.sh | 13 +++++++++++++ 1 file changed, 13 insertions(+) commit fa53cc62e14e9c235bffe64e22d383b95d59ce35 Author: Michael Rash Date: Sun May 25 15:50:09 2014 -0400 [test suite] SPA packet fuzzer minor comment additions to clearly define SPA packet types test/spa_fuzzing.py | 36 +++++++++++++++++++++++++++++++++--- 1 file changed, 33 insertions(+), 3 deletions(-) commit d625a24a87e541295f3457867e8933bcd3eb54e5 Author: Michael Rash Date: Sun May 25 15:08:31 2014 -0400 [test suite] added fko_new_with_data() call with SPA data that is too short test/fko-wrapper/fko_wrapper.c | 6 +++++- 1 file changed, 5 insertions(+), 1 deletion(-) commit 00ea2ce0efffb0a5fadab8ada3b873a07cb1068f Author: Michael Rash Date: Sun May 25 12:37:35 2014 -0400 [test suite] added --enable-complete option for fuzzing, fault injection, and code coverage test/test-fwknop.pl | 21 +++++++++++++++------ 1 file changed, 15 insertions(+), 6 deletions(-) commit de03ed702ea30748e876bf2cdbe22aa75f25c69b Author: Michael Rash Date: Sat May 24 17:55:57 2014 -0400 [test suite] added the ability to run fiu-run fault injection binary against fwknop test/test-fwknop.pl | 36 +++++++++++++++++++++++++++++++++++- 1 file changed, 35 insertions(+), 1 deletion(-) commit 597a3d395363af43c3a46617649c6f786aa69dbb Author: Michael Rash Date: Sat May 24 15:12:07 2014 -0400 [libfko] added fault injections for remaining ...set...() functions called by fko_new() lib/fko_digest.c | 7 +++++++ lib/fko_encryption.c | 16 ++++++++++++++++ lib/fko_message.c | 8 ++++++++ lib/fko_timestamp.c | 8 ++++++++ test/fko-wrapper/fko_fault_injection.c | 28 ++++++++++++++++++++++++++-- 5 files changed, 65 insertions(+), 2 deletions(-) commit 5f227cfa488e28bba60376e7f10c387cc0c3f9c5 Author: Michael Rash Date: Sat May 24 14:47:10 2014 -0400 [libfko] added fault injections for fko_set_username() lib/fko_user.c | 14 ++++++++++++++ test/fko-wrapper/fko_fault_injection.c | 13 ++++++++++--- 2 files changed, 24 insertions(+), 3 deletions(-) commit 17f325ecebd69d7421f590c0fcf00058a8cc6990 Author: Michael Rash Date: Sat May 24 14:01:49 2014 -0400 [libfko] added fault injections for fko_set_rand_value() lib/fko_rand_value.c | 20 ++++++++++++++++++++ test/fko-wrapper/fko_fault_injection.c | 16 ++++++++++++++-- 2 files changed, 34 insertions(+), 2 deletions(-) commit 35ad8323928ebdf07fad38bed22e65f099dfae02 Author: Michael Rash Date: Sat May 24 10:14:28 2014 -0400 [libfko] started on libfiu fault injection code lib/fko_common.h | 4 ++++ lib/fko_funcs.c | 9 +++++++ test/fko-wrapper/fko_fault_injection.c | 43 +++++++++++++++++++--------------- 3 files changed, 37 insertions(+), 19 deletions(-) commit 2f9b92068d7239e9a617e21b4cb8febbaf06f436 (refs/remotes/origin/master, refs/remotes/origin/HEAD) Author: Michael Rash Date: Fri May 23 18:55:06 2014 -0400 [test suite] added tests/rijndael_hmac_fuzzing.pl file test/tests/rijndael_hmac_fuzzing.pl | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 23997b62aac680a97d3040806786cd5f6e738d61 Author: Michael Rash Date: Fri May 23 18:50:47 2014 -0400 [test suite] add hmac_fuzzing_access.conf file test/conf/hmac_fuzzing_access.conf | 5 +++++ 1 file changed, 5 insertions(+) commit 8d61a8cf7fab4cf0caeed0e1bffe4de4e9c86fa3 Author: Michael Rash Date: Fri May 23 18:55:06 2014 -0400 [test suite] added tests/rijndael_hmac_fuzzing.pl file test/tests/rijndael_hmac_fuzzing.pl | 11 +++++++++++ 1 file changed, 11 insertions(+) commit 0a82c68451b3ea6543fc1a97409212b1b8402841 Author: Michael Rash Date: Fri May 23 18:50:47 2014 -0400 [test suite] add hmac_fuzzing_access.conf file test/conf/hmac_fuzzing_access.conf | 5 +++++ 1 file changed, 5 insertions(+) commit cf3f41821b43d4a87367ffd899b81e5bd5862568 Author: Michael Rash Date: Thu May 22 08:36:11 2014 -0500 [test suite] add fault injection tests Makefile.am | 1 + test/test-fwknop.pl | 43 ++++++++++++++++++++++++++++++++----------- test/tests/fault_injection.pl | 37 +++++++++++++++++++++++++++++++++++-- 3 files changed, 68 insertions(+), 13 deletions(-) commit a65fff7e7b9689bdae06a7791c573097a7a83b2d Author: Michael Rash Date: Thu May 22 08:30:36 2014 -0500 [test suite] make fko_wrapper binary path absolute test/tests/basic_operations.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit c5e8eee74325ed7ce01c025cc820fea3e6c2e04a Author: Michael Rash Date: Thu May 22 08:29:06 2014 -0500 [test suite] make fko_wrapper binary path absolute test/tests/rijndael_fuzzing.pl | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit a2f2777e9f9e89a5af484d0df68437dfc23f2a62 Author: Michael Rash Date: Thu May 22 08:24:16 2014 -0500 [test suite] add fko_basic.c file to the FKO wrapper Makefile.am | 3 ++- test/fko-wrapper/fko_basic.c | 19 +++++++++++++++++++ 2 files changed, 21 insertions(+), 1 deletion(-) commit bbe5626566d617317f2d25f5650f2299c95f2c9f Author: Michael Rash Date: Thu May 22 08:19:45 2014 -0500 add gcc '-pg' flag in --enable-profile-coverage mode configure.ac | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) commit 8666788a16bd206a5a14562e2cccb873015b89d4 Author: Michael Rash Date: Wed May 21 09:12:20 2014 -0400 [test suite] minor line counter addition for file_find_regex() test/test-fwknop.pl | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) commit 02389932bc23db025b13a07665858ed50fe48b6a Author: Michael Rash Date: Wed May 21 08:27:31 2014 -0400 added --enable-libfiu-support to build fwknop with fault injection support configure.ac | 19 ++++++++++++++++++- 1 file changed, 18 insertions(+), 1 deletion(-) commit 84821438bdfedabaac16185308ec65149fdf31b9 Author: Michael Rash Date: Tue May 20 21:20:10 2014 -0400 [test suite] started on support for libfiu fault injection tests test/fko-wrapper/Makefile | 6 +- test/fko-wrapper/fko_fault_injection.c | 34 +++++++++++ test/fko-wrapper/run.sh | 7 +++ test/fko-wrapper/run_valgrind.sh | 6 +- test/test-fwknop.pl | 105 ++++++++++++++++++--------------- test/tests/basic_operations.pl | 18 ++++++ test/tests/fault_injection.pl | 21 +++++++ test/tests/rijndael_fuzzing.pl | 10 +++- 8 files changed, 154 insertions(+), 53 deletions(-) commit 55582c31f8bd661408dc3b11f46ad7808d5ea784 Author: Michael Rash Date: Sat May 10 23:16:32 2014 -0400 [test suite] expand libfko username coverage testing by adding undef LOGNAME env variable test test/tests/basic_operations.pl | 9 +++++++++ 1 file changed, 9 insertions(+) commit d5e5961ca1cad0f62e280a51d8b38b9c76bc8e6e Author: Michael Rash Date: Fri May 9 21:13:48 2014 -0400 [test suite] stronger valgrind test requirements This commit adds a couple of suppressions for known issues that valgrind finds in libcap, and then makes a significant change to how the test suite deals with any valgrind errors (in --enable-valgrind mode) that are outside of these suppressions. That is, any new valgrind errors that are discovered will cause the test that triggers them to fail. Previous to this commit, the final valgrind "flagged functions" test attmpted to do this by comparing valgrind output across test runs. This worked well enough for a while, but this latest commit enforces a stricter stance for valgrind validation of the fwknop code base. test/test-fwknop.pl | 188 ++++++++++++++++++++++++++------------------- test/valgrind_suppressions | 28 ++++++- 2 files changed, 134 insertions(+), 82 deletions(-) commit 7cb8ad95280f09fceaaee1488b54fc15e75f3ff5 Author: Michael Rash Date: Fri May 9 20:53:32 2014 -0400 [fko-wrapper] add missing fko_destroy() call test/fko-wrapper/fko_wrapper.c | 2 ++ 1 file changed, 2 insertions(+) commit 22ad9044cdd2d5da86e23534c5d8acf1ee4cb397 Author: Michael Rash Date: Fri May 9 20:51:29 2014 -0400 [test suite] python fuzzer pkt_id counter minor bug fix test/spa_fuzzing.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 3e0c983bbd0d13ec7354e86678951f3d3a832c22 Author: Michael Rash Date: Fri May 9 07:57:46 2014 -0400 [test suite] add lib path and valgrind string to server start/stop cycle tests test/test-fwknop.pl | 14 +++++++------- 1 file changed, 7 insertions(+), 7 deletions(-) commit 2b5029a4eed188986e0e6d810d5161d6542727b8 Author: Michael Rash Date: Fri May 9 07:49:57 2014 -0400 [test suite] add SIGINT, SIGUSR1, and SIGUSR2 signals to restart cycle test for code coverage test/test-fwknop.pl | 24 +++++++++++++++++++++--- test/tests/basic_operations.pl | 1 - 2 files changed, 21 insertions(+), 4 deletions(-) commit 33234183dfe8cca858d83f0ce81df14b8eb2ba1e Author: Michael Rash Date: Mon May 5 01:15:20 2014 -0400 [test stuie] fko-wrapper PKT_ID generation + send fuzzing packets back through fko_new_with_data() cycle test/fko-wrapper/fko_wrapper.c | 50 ++++++++++++++++++++++++++++++++++++++++-- 1 file changed, 48 insertions(+), 2 deletions(-) commit 0c544f2690640719da243ffbdd7b0d8560673945 Author: Michael Rash Date: Mon May 5 23:51:21 2014 -0400 [server] add --test mode to enable broader fuzzing coverage ChangeLog | 5 +++++ doc/fwknopd.man.asciidoc | 6 ++++++ server/cmd_opts.h | 3 ++- server/config_init.c | 3 +++ server/fwknopd.8.in | 13 +++++++++++-- server/incoming_spa.c | 24 +++++++++++++++++++++++- 6 files changed, 50 insertions(+), 4 deletions(-) commit 64a4642c479e9d0bd2434b86dcf1f0ca3b0883fb Author: Michael Rash Date: Mon May 5 23:11:32 2014 -0400 [server] minor fix to remove unnecessary opts.status check server/fwknopd.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) commit 7d1ad9a4fa2b12d9a6754432e880f88519f8d2ee Author: Michael Rash Date: Mon May 5 23:05:02 2014 -0400 add new test suite conf files Makefile.am | 2 ++ 1 file changed, 2 insertions(+) commit 16b391109183c8f4d76359ed9fd3aa8bbc4ea706 Author: Michael Rash Date: Mon May 5 23:01:44 2014 -0400 [test suite] Rijndael HMAC fuzzing support and a few minor test additions test/spa_fuzzing.py | 188 +++++++++++++++++++++++++++++------------ test/test-fwknop.pl | 107 +++++++++++++++++++++++ test/tests/basic_operations.pl | 23 ++++- 3 files changed, 264 insertions(+), 54 deletions(-) commit 02ed5f5ad4aab6b9734f30ca58633dc1431f46cd Author: Michael Rash Date: Sun May 4 09:17:27 2014 -0400 [server] add --exit-parse-config option, man page updates (minor formatting change) client/fwknop.8.in | 10 +- doc/fwknop.man.asciidoc | 300 +++++++++++++++++++++++------------------------ doc/fwknopd.man.asciidoc | 208 ++++++++++++++++---------------- server/cmd_opts.h | 2 + server/config_init.c | 4 + server/fwknopd.8.in | 17 ++- server/fwknopd.c | 6 + server/fwknopd_common.h | 1 + server/fwknopd_errors.h | 1 + 9 files changed, 296 insertions(+), 253 deletions(-) commit d7e9ae578b0e41555f6260d848d6f2566bce315c Author: Michael Rash Date: Sun May 4 09:16:39 2014 -0400 [test suite] add digest cache rewrite feature for test coverage, add config line and pcap filter validation tests test/test-fwknop.pl | 7 +++- test/tests/basic_operations.pl | 78 ++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 84 insertions(+), 1 deletion(-) commit 24f9c582bb1fa9b6074a0f97698c9139ed298590 Author: Michael Rash Date: Sun May 4 09:15:44 2014 -0400 [test suite] add multi-port access request to python fuzzer test/spa_fuzzing.py | 1 + 1 file changed, 1 insertion(+) commit 5f24fc8c5ff9900199838dda47d9b7b21c70da25 Author: Michael Rash Date: Tue Apr 29 23:50:54 2014 -0400 [server] add --dump-serv-err-codes for test coverage server/cmd_opts.h | 4 +++- server/config_init.c | 4 ++++ server/fwknopd_errors.c | 20 ++++++++++++++++++++ test/tests/basic_operations.pl | 10 ++++++++++ 4 files changed, 37 insertions(+), 1 deletion(-) commit 11f3e9b8d3ed919e13b9c22d6c94745919028ddf Author: Michael Rash Date: Tue Apr 29 23:41:01 2014 -0400 [server] add test coverage for tcp server when FUZZING_INTERFACES is defined server/fwknopd.c | 14 +++----------- server/incoming_spa.c | 3 +++ server/tcp_server.c | 38 +++++++++++++++++++++++++------------- 3 files changed, 31 insertions(+), 24 deletions(-) commit fb21e3a575954b7898eececa0c1c2a39ea88283a Author: Michael Rash Date: Tue Apr 29 23:25:31 2014 -0400 [server] bug fix to handle SPA packets via http ChangeLog | 5 ++++ Makefile.am | 2 ++ server/incoming_spa.c | 5 +++- test/conf/spa_over_http.pcap | Bin 0 -> 1846 bytes test/conf/spa_over_http_fwknopd.conf | 1 + test/test-fwknop.pl | 2 ++ test/tests/basic_operations.pl | 52 +++++++++++++++++++++++++++++++++++ test/tests/rijndael_hmac.pl | 14 ++++++++++ 8 files changed, 80 insertions(+), 1 deletion(-) commit 6dde30bc91e20d57891e27ecda3aa0116f33d02b Author: Michael Rash Date: Tue Apr 29 20:54:01 2014 -0400 [test suite] significant test coverage update This commit adds a lot of test coverage support as guided by gcov + lcov. Also added the --no-ipt-check-support option to fwknopd (this is only useful in practice on older Linux distros where 'iptables -C' is not available, but it helps with test coverage). doc/fwknopd.man.asciidoc | 5 + server/access.c | 2 +- server/cmd_opts.h | 54 ++-- server/config_init.c | 3 + server/fw_util_iptables.c | 5 +- server/fwknopd.8.in | 64 +++-- server/fwknopd_common.h | 2 + test/conf/gpg_hmac_access.conf | 2 +- test/conf/gpg_no_pw_hmac_access.conf | 2 +- test/test-fwknop.pl | 11 +- test/tests/basic_operations.pl | 500 ++++++++++++++++++++++++++++++++++- test/tests/rijndael_hmac.pl | 13 + 12 files changed, 609 insertions(+), 54 deletions(-) commit 40e14fc4002d00d63f55591ef58fc1ca323f9222 Merge: 964f28e 9901d8a Author: Michael Rash Date: Mon Apr 28 23:00:16 2014 -0400 Merge branch 'spa_encoding_fuzzing' commit 9901d8a76a75e8d2bb5088fe92cc370f084e85cb (refs/remotes/origin/spa_encoding_fuzzing, refs/heads/spa_encoding_fuzzing) Author: Michael Rash Date: Sat Apr 26 23:04:44 2014 -0400 [libfko/test suite] add the FUZZING_INTERFACES macro Add a new fko_set_encoded_data() function gated by #define FUZZING_INTERFACES to allow encryption and authentication to be bypassed for fuzzing purposes (and only fuzzing purposes). The fko-wrapper code has been extended to process data in the test/fko-wrapper/fuzz_spa_payloads file, which is created by the new python fuzzer. Typical workflow is: $ cd test/fko-wrapper $ ../spa_fuzzer.py > fuzz_spa_payloads $ make fuzzing (as root): ./test-fwknop.pl --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper [+] Starting the fwknop test suite... args: --enable-profile-coverage --enable-fuzzing-interfaces --enable-all --include wrapper Saved results from previous run to: output.last/ Valgrind mode enabled, will import previous coverage from: output.last/valgrind-coverage/ [+] Total test buckets to execute: 2 [Rijndael] [fko-wrapper] multiple libfko calls (with valgrind)......pass (1) [Rijndael] [fko-wrapper] multiple libfko calls......................pass (2) [profile coverage] gcov profile coverage............................pass (3) [valgrind output] [flagged functions] ..............................pass (4) Run time: 5.85 minutes [+] 0/0/0 OpenSSL tests passed/failed/executed [+] 0/0/0 OpenSSL HMAC tests passed/failed/executed [+] 4/0/4 test buckets passed/failed/executed configure.ac | 14 +++++ lib/fko.h | 2 + lib/fko_encode.c | 4 +- test/conf/client-gpg-no-pw/trustdb.gpg | Bin 1360 -> 1360 bytes test/fko-wrapper/Makefile | 3 ++ test/fko-wrapper/fko_wrapper.c | 90 +++++++++++++++++++++++++++++++++ 6 files changed, 112 insertions(+), 1 deletion(-) commit e1dde1733a3b7f5512fdb2c104f56e0c45d52589 Author: Michael Rash Date: Sat Apr 26 23:01:47 2014 -0400 [test suite] python fuzzer - more field length variations to hit MAX_SPA_MESSAGE_SIZE test/spa_fuzzing.py | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) commit 91a60b8d91afd7bc11902151a0ea8995ead31a70 Author: Michael Rash Date: Sat Apr 26 22:35:57 2014 -0400 [test suite] libfko wrapper is already called in Rijndael tests test/test-fwknop.pl | 7 ------- 1 file changed, 7 deletions(-) commit 367424ece5aaf0b0f4c9926e32b36b6d53e36d3a Author: Michael Rash Date: Sat Apr 26 22:03:32 2014 -0400 [test suite] python fuzzer - account for base64 strings that have stripped '=' chars test/spa_fuzzing.py | 86 +++++++++++++++++++++++++++++------------------------ 1 file changed, 47 insertions(+), 39 deletions(-) commit e00add778ed7f04791d8f9380da766deaa8e5874 Author: Michael Rash Date: Sat Apr 26 17:03:47 2014 -0400 [test suite] python fuzzer - add fuzzing fields to original fields (interim commit) test/spa_fuzzing.py | 51 ++++++++++++++++++++++++++++++++++++++++++--------- 1 file changed, 42 insertions(+), 9 deletions(-) commit 1deccfd0053f5e4649dce697de7cd662a4cb47ec Author: Michael Rash Date: Thu Apr 24 22:11:04 2014 -0400 [test suite] python fuzzer - break out fuzzing sections into dedicated functions test/spa_fuzzing.py | 198 +++++++++++++++++++++++++++++++++++----------------- 1 file changed, 134 insertions(+), 64 deletions(-) commit 4b11232249a89e4b917779546f6beee2d9e17a91 Author: Michael Rash Date: Wed Apr 23 23:31:37 2014 -0400 [test suite] add command mode SPA payload and splicing tests to python fuzzer test/spa_fuzzing.py | 10 ++++++++++ 1 file changed, 10 insertions(+) commit b9e2a42c5c55286017020d5048e76f375aac060f Author: Michael Rash Date: Tue Apr 22 23:48:13 2014 -0400 [test suite] support multiple initial SPA payloads in the python fuzzer test/spa_fuzzing.py | 121 +++++++++++++++++++++++++++++----------------------- 1 file changed, 68 insertions(+), 53 deletions(-) commit cd8a2493a7d0679bc2c7e02d49ed46c3831972bf Author: Michael Rash Date: Tue Apr 22 23:20:06 2014 -0400 [test suite] python fuzzer additional tests test/spa_fuzzing.py | 65 ++++++++++++++++++++++++++++++++++++++++++++++++----- 1 file changed, 60 insertions(+), 5 deletions(-) commit b28b8b5de124828f6987f26fc824a0a989c4f5b7 Author: Michael Rash Date: Tue Apr 22 21:58:09 2014 -0400 [libfko] fix double free bug in SPA parser This commit fixes a double free condition discovered through the new python SPA payload fuzzer. This bug could be triggered in fwknopd with a malicious SPA payload but only when GnuPG is used. When Rijndael is used for SPA packet encryption, this bug cannot be triggered due to an length/format check towards the end of _rijndael_decrypt(). It should be noted that only a person in possession of the correct encryption and authentication GnuPG keys could trigger this bug. lib/fko_decode.c | 7 +------ 1 file changed, 1 insertion(+), 6 deletions(-) commit beb8df46432d46afe1b60bed132b03285fd86f0e Author: Michael Rash Date: Tue Apr 22 21:00:16 2014 -0400 [test suite] add python SPA packet payload fuzzer test/spa_fuzzing.py | 61 +++++++++++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 61 insertions(+) commit 63a59bf48b2cbea3755bb774b2007ffd8d881c54 Author: Michael Rash Date: Tue Apr 22 20:58:03 2014 -0400 [test suite] add --enable-fuzzing-interfaces, fix profile coverage file handling test/test-fwknop.pl | 135 +++++++++++++++++++++++----------------------------- 1 file changed, 59 insertions(+), 76 deletions(-) commit f4a8c0fda84ec5ebafb68506ff0059f3dbeae396 Author: Michael Rash Date: Fri Apr 18 21:39:54 2014 -0400 [libfko] for fuzzing purposes, added fko_set_encoded_data() to bypass encryption and authentication for SPA payloads lib/fko.h | 2 ++ lib/fko_encode.c | 70 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++ 2 files changed, 72 insertions(+)