DeforaNetworks/fwknop
3
0
Fork 0
Code Releases Activity
Files
ffe4d3b162bbfea143704461aab4244cc4acdfcf
fwknop/lib/fko_message.h
Michael Rash d46ba1c027 (Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients 
- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key).  These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data.  These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation.  Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.
2012-08-24 22:12:19 -04:00

49 lines
1.5 KiB
C
Raw Blame History

/*
*****************************************************************************
*
* File: fko_message.h
*
* Author: Michael Rash
*
* Purpose: Provide validation functions for SPA messages
*
* Copyright 2012 Michael Rash (mbr@cipherdyne.org)
*
* License (GNU Public License):
*
* This program is free software; you can redistribute it and/or
* modify it under the terms of the GNU General Public License
* as published by the Free Software Foundation; either version 2
* of the License, or (at your option) any later version.
*
* This program is distributed in the hope that it will be useful,
* but WITHOUT ANY WARRANTY; without even the implied warranty of
* MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the
* GNU General Public License for more details.
*
* You should have received a copy of the GNU General Public License
* along with this program; if not, write to the Free Software
* Foundation, Inc., 59 Temple Place, Suite 330, Boston, MA 02111-1307
* USA
*
*****************************************************************************
*/
#ifndef FKO_MESSAGE_H
#define FKO_MESSAGE_H 1
#define MAX_PROTO_STR_LEN 4 /* tcp, udp, icmp for now */
#define MAX_PORT_STR_LEN 5
/* SPA message format validation functions.
*/
int validate_cmd_msg(const char *msg);
int validate_access_msg(const char *msg);
int validate_proto_port_spec(const char *msg);
int validate_nat_access_msg(const char *msg);
int got_allow_ip(const char *msg);
#endif /* FKO_MESSAGE_H */
/***EOF***/
View Git Blame Copy Permalink