| Age | Commit message (Collapse) | Author |
|---|
|
|
|
|
|
|
|
|
|
Unsufficent checks of valid l2tp header & avp length cause possible
RCE through buffer overflow, reported by https://github.com/WinMin
swings & leommxj, Chaitin Security Research Lab. Add missed header
length and avp length validation to fix the issue.
Order of struct bitfields is implementation-defined so current code
doesn't play well with big-endian arch. switch to explicit flag bit
checking/gathering to fix the issue.
RFC 2661 and 3931 requires that length, seqeuence flags must be set
and offset flag must not be set, so avp-premissive can't help in
this cases.
|
|
|
|
|
|
|
|
|
|
lcp auth doesn't take into account auth extra bytes
for lcp request buffer allocation for chap/mschap/mschapv2
protocols, so last byte corrupts memory with undefined behavior
incl. crash.
|
|
magic value of 65535 reported to have thoughput issues on unreliable
transports (3G/4G), so let it be configurable.
zero value means use system defaults:
[sstp]
sndbuf=0
rvcbuf=0
|
|
|
|
|
|
|
|
|
|
3.3.2.1 Negotiation Timer
When establishing the SSTP connection, the SSTP server starts the negotiation timer.
2. After sending the Call Connect Acknowledge message, if the server does not receive a Call
Connected message before the Negotiation timer expires then it MUST send a Call Abort message
and start the process of bringing down (disconnecting) the connection. The server MAY implement
different timer values for the Call Connected message and the Call Connect Request message.
3.3.7.1 Server-Side Interface with PPP
When the server receives a PPP data frame from the PPP layer, the server MUST perform the
following steps:
* If CurrentState is set to Server_Call_Connected: Generate an SSTP data
packet (section 2.2.3) with the PPP frame as the higher-layer payload and send the packet to
the HTTPS layer.
* Else, drop the PPP frame.
sstp-client is known to be broken, it doesn't send SSTP_MSG_CALL_CONNECTED with
PAP and CHAP-MD5 auth, no network data flow and disconnect by negotiation timer
is expected.
|
|
sstp-client sends SSTP_MSG_CALL_CONNECTED message too early,
before auth response, so HLAK can't be known yet and subsequent
HLAK-based validation fails.
workaround the issue by defer accepting SSTP_MSG_CALL_CONNECTED
after auth either has been succeeded or bypassed.
|
|
|
|
|
|
|
|
refer #6 for modre details.
|
|
|
|
|
|
If Delegated-IPv6-Prefix was received in Access-Accept message, it is
necessary to send it in radacct Start message
|
|
|
|
|
|
Check for length in pppoe tags
|
|
|
|
T13: Fix build procedure
|
|
|
|
|
|
Refresh interface index when moving to another netns
|
|
Fix accel-cmd compile problem on Raspbian Buster
|
|
Fix radius Framed-IP-Address
|
|
|
|
Add htonl to check if Framed-IP-Address==0xFFFFFFFE
Ignore 0xFFFFFFFE as Framed-IP-Address in DM/CoA requests
|
|
With GCC v8.x on Raspbian Buster the following warning is shown
at compile time:
...
[ 99%] Building C object accel-cmd/CMakeFiles/accel-cmd.dir/accel_cmd.c.o
/home/pi/accel-ppp/accel-cmd/accel_cmd.c: In function ‘main’:
/home/pi/accel-ppp/accel-cmd/accel_cmd.c:652:29: warning: comparison is always true due to limited range of data type [-Wtype-limits]
long_opts, &oindx)) != -1) {
^~
[100%] Linking C executable accel-cmd
[100%] Built target accel-cmd
This leads to the accel-cmd always just showing the usage
instructions rather than executing any commands.
This is because ochar is declared as a char rather than an int
so is considered to be unsigned by default. The man page says
the return value should be an int.
https://linux.die.net/man/3/getopt_long
|
|
Version number improvements
|
|
This is more efficient as its a Git build in function. If build from a non
tagged commit, the version number will be extended by the "git describe" way:
$ dpkg -I accel-ppp/build/_CPack_Packages/Linux/DEB/accel-ppp.deb | grep Vers
Version: 1.12.0-53-g7afe0f0
The version indicator shows that the last Accel-PPP release was 1.12.0 (which
was tagged) and we are now 53 commits past the 1.12.0 tag. The current commit
id is 7afe0f0 (short form).
After installation the Debian package database will show:
$ dpkg -l | grep accel
ii accel-ppp 1.12.0-53-g7afe0f0 amd64 PPtP/L2TP/PPPoE/SSTP server for Linux
Also the embedded version command will show:
$ accel-cmd -p 2005 -V
accel-cmd 1.12.0-53-g7afe0f0
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
Version number for Accel-PPP is already generated in CMakeLists.txt and thus
it should not be manually defined in a second place (cmake/cpack.cmake).
Reuse the version number obtained in CMakeLists.txt when building binary
packages -> single source.
Signed-off-by: Christian Poessinger <christian@poessinger.com>
|
|
|
|
If you move an interface into a namespace where there is alreay an
interface with the same index, the moved interface will get a new index
assigned to it. We need to update our data structure accordingly.
Signed-off-by: Simon Chopin <s.chopin@alphalink.fr>
|
|
If you move an interface into a namespace where there is alreay an
interface with the same index, the moved interface will get a new index
assigned to it. We need to update our data structure accordingly.
Signed-off-by: Simon Chopin <s.chopin@alphalink.fr>
|
|
The index of a given interface is an operation that highly depends on
the network namespace we're in. This patch simply cuts out a function to
get the index for a given interface name from the session initialization
code, and expose it in the ap_net structure.
This function can then be used to refresh the index when moving
interfaces around.
Signed-off-by: Simon Chopin <s.chopin@alphalink.fr>
|
|
Add global [common]max-starting option
|
|
ipoe: dhcpv4: echo back opt82 if sent by client/relay per rfc3046
|
|
|
|
usually there's no need to have per-proto limitation, since the need
of max starting limitation affects the whole server, not particular
protocol only.
|
|
sessions)"
This reverts commit 02008c74a19c538ff7d9ce643c8cd4c738886196.
|
|
sessions)"
This reverts commit 61862862a9fa24db4f16c24db1aed1f1a5f0be19.
|
