fwknop/server at d46ba1c027a11e45821ba897a4928819bccc8f22 - fwknop - Defora Networks Projects

DeforaNetworks/fwknop

History

Michael Rash d46ba1c027 (Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients

- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key).  These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data.  These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation.  Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.

2012-08-24 22:12:19 -04:00

..

access.c

(Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients

2012-08-24 22:12:19 -04:00

access.conf

Per Franck Joncourt - Corrected misspelled word in fwknopd man page and access.conf.

2010-07-16 20:14:35 +00:00

access.conf.inst

[server] Preserve any existing config files in /etc/fwknop/

2012-08-13 22:39:03 -04:00

access.h

(Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients

2012-08-24 22:12:19 -04:00

cmd_opts.h

[server] iptables 'comment' match check

2012-08-12 15:44:13 -04:00

config_init.c

ipfw active/expire test bug fix (atoi() for config vars)

2012-08-16 22:30:09 -04:00

config_init.h

PCAP_LOOP_SLEEP bug fix to 1/10th of a second

2012-07-23 21:13:30 -04:00

extcmd.c

added 'const' to function prototype vars where possible

2011-10-25 21:00:40 -04:00

extcmd.h

added 'const' to function prototype vars where possible

2011-10-25 21:00:40 -04:00

fw_util_ipf.c

Added FORCE_NAT mode to the access.conf file

2011-11-30 20:51:19 -05:00

fw_util_ipf.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

fw_util_ipfw.c

[server] Added FLUSH_IPFW_AT_INIT and FLUSH_IPFW_AT_EXIT

2012-08-10 21:48:02 -04:00

fw_util_ipfw.h

Added tweaks to ipfw command for Mac OS X

2012-07-14 18:22:42 -04:00

fw_util_iptables.c

(Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients

2012-08-24 22:12:19 -04:00

fw_util_iptables.h

[server] iptables 'comment' match check

2012-08-12 15:44:13 -04:00

fw_util_pf.c

updated PF anchor check to not rely on listing the PF policy

2012-05-28 14:19:52 -04:00

fw_util_pf.h

updated PF anchor check to not rely on listing the PF policy

2012-05-28 14:19:52 -04:00

fw_util.c

Minor restructuring to suppress compiler "defined but not used warnings"

2011-08-20 12:34:57 -04:00

fw_util.h

[server] iptables 'comment' match check

2012-08-12 15:44:13 -04:00

fwknopd_common.h

[server] iptables 'comment' match check

2012-08-12 15:44:13 -04:00

fwknopd_errors.c

added 'const' to function prototype vars where possible

2011-10-25 21:00:40 -04:00

fwknopd_errors.h

added DNAT mode tests, minor memory leak fix in NAT mode, added fwknopd check for ENABLE_IPT_FORWARDING variable before attempting NAT access

2011-11-22 22:13:27 -05:00

fwknopd.8.in

minor wording update netfilter -> iptables

2011-10-13 20:59:30 -04:00

fwknopd.c

Added FORCE_NAT mode to the access.conf file

2011-11-30 20:51:19 -05:00

fwknopd.conf

[server] iptables 'comment' match check

2012-08-12 15:44:13 -04:00

fwknopd.conf.inst

[server] Preserve any existing config files in /etc/fwknop/

2012-08-13 22:39:03 -04:00

fwknopd.h

Minor PID string length fix

2011-10-18 21:28:38 -04:00

incoming_spa.c

minor paren's syntax bug fix

2012-08-18 16:30:34 -04:00

incoming_spa.h

Added access stanza expiration feature, multiple access stanza bug fix

2011-11-28 22:03:21 -05:00

log_msg.c

This commit fixes two memory leaks and adds a common exit function.

2011-11-10 22:33:32 -05:00

log_msg.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

Makefile.am

[server] Preserve any existing config files in /etc/fwknop/

2012-08-13 22:39:03 -04:00

pcap_capture.c

minor pcap_capture update to not call atoi() against PCAP_LOOP_SLEEP for every sleep interval

2012-07-18 23:00:58 -04:00

pcap_capture.h

Added tweaks to ipfw command for Mac OS X

2012-07-14 18:22:42 -04:00

process_packet.c

Refactored configure.ac to use a custom macro for compiler flag checks.

2011-12-29 14:20:18 -05:00

process_packet.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

replay_cache.c

Only cache replay digests for SPA packets that decrypt

2012-07-08 08:36:30 -04:00

replay_cache.h

Only cache replay digests for SPA packets that decrypt

2012-07-08 08:36:30 -04:00

sig_handler.c

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

sig_handler.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

tcp_server.c

Refactored configure.ac to use a custom macro for compiler flag checks.

2011-12-29 14:20:18 -05:00

tcp_server.h

Removed legacy $Id$ tags from svn

2011-06-18 20:53:40 -04:00

utils.c

Fixed fwknopd memory leak, several other fixes and updates

2011-11-03 22:15:19 -04:00

utils.h

Fixed fwknopd memory leak, several other fixes and updates

2011-11-03 22:15:19 -04:00