chiark / gitweb /
summary |
shortlog | log |
commit |
commitdiff |
tree
first ⋅ prev ⋅ next
Ian Jackson [Sun, 11 Dec 2011 12:40:37 +0000 (12:40 +0000)]
authbind: get endianness right (again)
It appears that:
* authbind's documentation authbind-helper(8) describes the
endianness convention of authbind's helper program incorrectly.
See Debian #651694.
* The version of secnet 0.1.16 tagged as such in revision control
contains a "fix" which was based on the authbind documentation but
not apparently tested against authbind. Ie, this part from NEWS:
4) Change the endianess of the arguments to authbind-helper.
sprintf("%04X") already translates from machine repesentation to most
significant octet first so htons reversed it again.
* The version of secnet 0.1.16 actually in service on chiark had an
out-of-version-control change to udp.c to make it work with
chiark's authbind 1.2.0. The actual code found has been recorded
on the dead branch "chiark-0.1.16" in the master git repo, but the
version of udp.c is exactly that from 0.1.15 so it looks like we
just reverted to the previous udp.c during deployment of 0.1.16.
* We (re)discovered all this after the release of secnet 0.2.0
because my attempt to deploy 0.2.0 on chiark was not actually
effective.
Therefore, undo the authbind endianness change introduced in secnet
0.1.16. This is most easily achieved by constructing the arguments to
the helper from the sockaddr rather than the contents of "st".
Thanks are due to Simon Tatham for the bug report.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
(cherry picked from commit
51b259535294bb46757a040596ab052e53f29483)
Ian Jackson [Sat, 10 Dec 2011 22:22:21 +0000 (22:22 +0000)]
build system: Include signing of tarballs in release checklist
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
(cherry picked from commit
b57cc2eba7de61952a8633637f8f2fd91486ec71)
Ian Jackson [Sat, 10 Dec 2011 22:16:55 +0000 (22:16 +0000)]
Update VERSION
Richard Kettlewell [Sat, 10 Dec 2011 17:17:14 +0000 (17:17 +0000)]
Set group ID and group list.
More sensible username lookup.
Signed-off-by: Richard Kettlewell <rjk@terraraq.org.uk>
Richard Kettlewell [Sat, 10 Dec 2011 16:13:18 +0000 (16:13 +0000)]
md5: correct size arg to memset().
On realistic targets the effect of the error was that the MD5 context
wasn't fully cleared.
Signed-off-by: Richard Kettlewell <rjk@terraraq.org.uk>
(cherry picked from commit
dfa6ab137e7565bd1afc03b045fff4aa737a7c9e)
Richard Kettlewell [Sat, 10 Dec 2011 16:09:13 +0000 (16:09 +0000)]
cleanup: build on Ubuntu Lucid
The discard() idiom is chosen because Clang tolerates it.
Signed-off-by: Richard Kettlewell <rjk@terraraq.org.uk>
(cherry picked from commit
5a8a70536e4fa79612405a88c50743976abb2d50)
Ian Jackson [Sat, 10 Dec 2011 21:44:53 +0000 (21:44 +0000)]
Security: Reduce impact of bogus key setup packet DoS
If a MSG1 (key setup initiation packet) is received containing
expected local and remote site names, the receiving secnet will start
a key setup attempt with details from that packet.
MSG1 packets are (almost necessarily) unauthenticated, so anyone on
the Internet can cause this to happen. secnet is only willing to have
one key exchange attempt ongoing at once, and will ignore subsequent
incoming MSG1s until it has dealt with the first key exchange attempt.
So this means that an attacker who can send packets to any secnet
instance can DoS secnet at session setup (or key renewal) time. All
the attacker needs to know is the secnet site names, and the IP
address and port number of one of the secnets. The attacker does not
need to spoof their IP address or know any secret keys.
If the attacker sends a contant stream of bogus packets they can
probably prevent the link coming up at all.
This is difficult to fix without changing the protocol.
However, there is worse: when the key setup with the bogus peer
eventually fails, as it must, secnet invalidates the current session
key and its note of where to send actual data packets. It will then
refuse to attempt a new key exchange for a timeout period. During
this period, data packets will not flow.
This means that sending one fairly easy to construct udp packet can
cause a 20s outage. Worse, after this one packet has had its effect,
the attacker can prevent the connection being reestablished, as
described above.
In this patch we fix the latter problem. It is simply a bug that the
session key and data transport peer address (resulting from a previous
successful key exchange) are discarded when a key setup fails.
We also provide a test program "test-example/bogus-setutp-request.c"
which can be used to reproduce the problem.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
(cherry picked from commit
78d458950e6cec7e8fce890362e54e4e9ba5c635)
Conflicts:
.gitignore
Ian Jackson [Sun, 12 Jun 2011 19:00:10 +0000 (20:00 +0100)]
possible security fix: do not call slilog with intended message as format string
vMessage would call slilog with part of the intended log message as
the format string. This is a potential format string vulnerability,
detected by -Wformat-security.
I have not analysed the code in detail to determine in exactly which
circumstances a secnet installation will be vulnerable, but in general
a vulnerability (at least for DOS) will exist in any situation where
an attacker can cause a log message to contain things which look like
printf directives.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
(cherry picked from commit
7908f2c6b5be419f8f4031876139953d4ee8340d)
Ian Jackson [Sat, 10 Dec 2011 21:42:31 +0000 (21:42 +0000)]
build system: include "configure" in .gitignore
On the stable branch we are not including autoconf output.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 10 Dec 2011 21:24:59 +0000 (21:24 +0000)]
build system: Add release checklist at bottom of Makefile.in
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 10 Dec 2011 21:13:47 +0000 (21:13 +0000)]
build system: change "make dist" --exclude from CVS to .git
We maintain even the stable branch in git now, so we need to exclude
the .git directory, not CVS. Leave the exclude of .cvsignore alone;
actually the .gitignore is harmless in the release tarball.
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Ian Jackson [Sat, 10 Dec 2011 21:08:26 +0000 (21:08 +0000)]
build system: import .gitignore
Copy the .gitignore from the master branch to the stable branch.
(Version is that from
364e35df4fec5bdae53579ffe97297c280be4d88)
Signed-off-by: Ian Jackson <ijackson@chiark.greenend.org.uk>
Stephen Early [Tue, 18 Mar 2008 18:21:25 +0000 (18:21 +0000)]
Import release 0.1.18
Stephen Early [Tue, 14 Jun 2005 23:24:02 +0000 (00:24 +0100)]
Python encoding declaration
Add encoding declaration to ipaddr.py to stop deprecation warnings on
recent python implementations.
Stephen Early [Sat, 11 Jun 2005 23:18:00 +0000 (00:18 +0100)]
Import release 0.1.17
Stephen Early [Wed, 6 Apr 2005 00:58:29 +0000 (01:58 +0100)]
MacOS X support
Patch from Richard Kettlewell <richard@sfere.greenend.org.uk> to
support MacOS X; see also http://www.greenend.org.uk/rjk/2004/osx.html
Stephen Early [Wed, 6 Apr 2005 00:44:21 +0000 (01:44 +0100)]
Minor Makefile update
Update bison pattern rule to indicate that both the .tab.c and .tab.h
files are generated by the same command.
Stephen Early [Wed, 6 Apr 2005 00:30:07 +0000 (01:30 +0100)]
Update i386 implementation of ip_csum
Update i386 implementation of ip_csum from recent linux
include/asm-i386/checksum.h to fix gcc quote syntax issue.
Stephen Early [Wed, 6 Apr 2005 00:23:59 +0000 (01:23 +0100)]
Rename log() to slilog()
Rename global 'log' to 'slilog' to avoid conflict with gcc built-in
log() function.
Stephen Early [Wed, 6 Apr 2005 00:18:28 +0000 (01:18 +0100)]
autoconf-related updates from Ross Younger <ross@crazyscot.com>
configure.in:
+ require autoconf 2.50
+ use new AC_INIT syntax (NB. This required me to specify an explicit
package version number and maintainer address!)
+ fix linux/if.h header check
+ add some quoting
+ barf at configure time if gmp, fl or adns are missing
+ use new AC_LIBOBJ syntax for snprintf and getopt
+ include config.h fragments formerly in config.h.bot and config.h.top
Makefile.in: distfiles and dependencies updated to suit.
config.h.bot and config.h.top: removed.
Stephen Early [Fri, 19 Sep 2003 14:40:00 +0000 (15:40 +0100)]
Import release 0.1.16
Stephen Early [Thu, 21 Feb 2002 16:28:00 +0000 (16:28 +0000)]
Import release 0.1.15
Stephen Early [Fri, 28 Dec 2001 19:31:00 +0000 (19:31 +0000)]
Import release 0.1.14
Stephen Early [Thu, 6 Dec 2001 17:36:00 +0000 (17:36 +0000)]
Import release 0.1.13
Stephen Early [Mon, 5 Nov 2001 14:51:00 +0000 (14:51 +0000)]
Import release 0.1.12
Stephen Early [Sat, 27 Oct 2001 14:29:00 +0000 (15:29 +0100)]
Import release 0.1.11
Stephen Early [Mon, 22 Oct 2001 13:13:00 +0000 (14:13 +0100)]
Import release 0.1.10
Stephen Early [Sat, 20 Oct 2001 17:03:00 +0000 (18:03 +0100)]
Import release 0.1.9
Stephen Early [Tue, 16 Oct 2001 13:05:00 +0000 (14:05 +0100)]
Import release 0.1.8
Stephen Early [Mon, 15 Oct 2001 00:37:00 +0000 (01:37 +0100)]
Import release 0.1.7
Stephen Early [Sat, 13 Oct 2001 17:02:00 +0000 (18:02 +0100)]
Import release 0.1.6
Stephen Early [Thu, 11 Oct 2001 17:16:00 +0000 (18:16 +0100)]
Import release 0.1.5
Stephen Early [Wed, 10 Oct 2001 23:37:00 +0000 (00:37 +0100)]
Import release 0.1.4
Stephen Early [Wed, 10 Oct 2001 15:11:00 +0000 (16:11 +0100)]
Import release 0.1.3
Stephen Early [Thu, 4 Oct 2001 16:57:00 +0000 (17:57 +0100)]
Import release 0.1.2
Stephen Early [Thu, 27 Sep 2001 18:10:00 +0000 (19:10 +0100)]
Import release 0.1.1
Stephen Early [Tue, 25 Sep 2001 23:19:00 +0000 (00:19 +0100)]
Import release 0.1.0
Stephen Early [Mon, 24 Sep 2001 16:25:00 +0000 (17:25 +0100)]
Import release 0.09
Stephen Early [Mon, 24 Sep 2001 13:25:00 +0000 (14:25 +0100)]
Import release 0.08
Stephen Early [Sun, 23 Sep 2001 23:48:00 +0000 (00:48 +0100)]
Import release 0.07
Stephen Early [Sun, 23 Sep 2001 20:49:00 +0000 (21:49 +0100)]
Import release 0.06
Stephen Early [Sun, 23 Sep 2001 17:30:00 +0000 (18:30 +0100)]
Import release 0.05
Stephen Early [Sun, 23 Sep 2001 15:28:00 +0000 (16:28 +0100)]
Import release 0.04
Stephen Early [Wed, 19 Sep 2001 23:24:00 +0000 (00:24 +0100)]
Import release 0.03