summaryrefslogtreecommitdiff
path: root/accel-pppd/ctrl
AgeCommit message (Collapse)Author
2021-03-13Fix another errors found by cppcheck[anp/hsw]
[accel-pppd/cli/tcp.c:305]: (error) Uninitialized variable: cln [accel-pppd/cli/telnet.c:642]: (error) Uninitialized variable: cln [accel-pppd/ctrl/l2tp/l2tp.c:4302]: (error) Uninitialized variable: msg_attr [accel-pppd/ctrl/l2tp/l2tp.c:4484]: (error) Uninitialized variable: msg_type [accel-pppd/ctrl/pppoe/disc.c:169]: (error) Uninitialized variable: n [accel-pppd/ctrl/pppoe/pppoe.c:1588]: (error) Uninitialized variable: pado
2021-03-13Fix some errors and warnings found by cppcheck[anp/hsw]
[accel-pppd/ctrl/ipoe/ipoe.c:4054]: (style) A pointer can not be negative so it is either pointless or an error to check if it is not. [accel-pppd/logs/log_syslog.c:148]: (error) Array 'facility_name[9]' accessed at index 35, which is out of bounds. [accel-pppd/lua/session.c:274]: (error) Common realloc mistake: 'mods' nulled but not freed upon failure [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 2) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 3) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 4) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:114]: (warning) %u in format string (no. 5) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 2) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 3) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 4) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/extra/ippool.c:141]: (warning) %u in format string (no. 5) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/main.c:97]: (warning) %d in format string (no. 1) requires 'int *' but the argument type is 'unsigned int *'. [accel-pppd/radius/radius.c:687] -> [accel-pppd/radius/radius.c:690]: (warning) Possible null pointer dereference: rpd - otherwise it is redundant to check it against null. [accel-pppd/radius/serv.c:805] -> [accel-pppd/radius/serv.c:829]: (warning) Possible null pointer dereference: ptr2 - otherwise it is redundant to check it against null. [accel-pppd/radius/serv.c:813] -> [accel-pppd/radius/serv.c:829]: (warning) Possible null pointer dereference: ptr2 - otherwise it is redundant to check it against null. [accel-pppd/radius/serv.c:823] -> [accel-pppd/radius/serv.c:829]: (warning) Possible null pointer dereference: ptr2 - otherwise it is redundant to check it against null.
2021-01-10ipoe: add option 54 (server-id) to DHCPNAKDmitry Kozlov
2020-12-19ipoe: added option 56 to DHCP NAK packetDmitry Kozlov
2020-09-13radius: keep vendor & attr numbers in orderVladislav Grishenko
2020-09-06auth/chap-secrets/dhcpv4: fix big-endian arch supportVladislav Grishenko
2020-09-06l2tp: fix RCE through buffer overflow & fix LE/BE compatibilityVladislav Grishenko
Unsufficent checks of valid l2tp header & avp length cause possible RCE through buffer overflow, reported by https://github.com/WinMin swings & leommxj, Chaitin Security Research Lab. Add missed header length and avp length validation to fix the issue. Order of struct bitfields is implementation-defined so current code doesn't play well with big-endian arch. switch to explicit flag bit checking/gathering to fix the issue. RFC 2661 and 3931 requires that length, seqeuence flags must be set and offset flag must not be set, so avp-premissive can't help in this cases.
2020-08-09sstp: avoid redundant writes to ppp socketVladislav Grishenko
2020-08-09sstp: switch to async sendingVladislav Grishenko
2020-08-01sstp: allow to configure send & receive buffer sizesVladislav Grishenko
magic value of 65535 reported to have thoughput issues on unreliable transports (3G/4G), so let it be configurable. zero value means use system defaults: [sstp] sndbuf=0 rvcbuf=0
2020-08-01sstp: speed up data pathVladislav Grishenko
2020-08-01sstp: use quick linger for closing socketsVladislav Grishenko
2020-07-01sstp: stop being noisy w/o verbose modeVladislav Grishenko
2020-06-29sstp: fix MITM w/o SSTP_MSG_CALL_CONNECTED is being sentVladislav Grishenko
3.3.2.1 Negotiation Timer When establishing the SSTP connection, the SSTP server starts the negotiation timer. 2. After sending the Call Connect Acknowledge message, if the server does not receive a Call Connected message before the Negotiation timer expires then it MUST send a Call Abort message and start the process of bringing down (disconnecting) the connection. The server MAY implement different timer values for the Call Connected message and the Call Connect Request message. 3.3.7.1 Server-Side Interface with PPP When the server receives a PPP data frame from the PPP layer, the server MUST perform the following steps: * If CurrentState is set to Server_Call_Connected: Generate an SSTP data packet (section 2.2.3) with the PPP frame as the higher-layer payload and send the packet to the HTTPS layer. * Else, drop the PPP frame. sstp-client is known to be broken, it doesn't send SSTP_MSG_CALL_CONNECTED with PAP and CHAP-MD5 auth, no network data flow and disconnect by negotiation timer is expected.
2020-06-29sstp: fix compound mac validation with broken clientsVladislav Grishenko
sstp-client sends SSTP_MSG_CALL_CONNECTED message too early, before auth response, so HLAK can't be known yet and subsequent HLAK-based validation fails. workaround the issue by defer accepting SSTP_MSG_CALL_CONNECTED after auth either has been succeeded or bypassed.
2020-06-28sstp: fix crypto-binding attr errors loggingVladislav Grishenko
2020-06-08ipoe: gracefuly terminate denied sessionsVladislav Grishenko
2020-04-30ipoe: dhcp: add rebind-time supportVladislav Grishenko
2020-04-13dhcpv4/dhcpv6: improve packet validationVladislav Grishenko
2020-04-10Check for length in pppoe tagsDenys Fedoryshchenko
2020-04-06pptp: T6: Check timer before modifyDmitriyEshenko
2020-03-10Merge pull request #121 from themiron/max-starting-cleanupxebd
Add global [common]max-starting option
2020-03-10Merge pull request #117 from themiron/echo-opt82xebd
ipoe: dhcpv4: echo back opt82 if sent by client/relay per rfc3046
2020-03-07sstp: fix max-sessions limit was not appliedVladislav Grishenko
2020-03-07session: add global [common]max-starting optionVladislav Grishenko
usually there's no need to have per-proto limitation, since the need of max starting limitation affects the whole server, not particular protocol only.
2020-03-07Revert "ipoe,pptp: introduced max-starting option (limit number of starting ↵Vladislav Grishenko
sessions)" This reverts commit 02008c74a19c538ff7d9ce643c8cd4c738886196.
2020-03-07Revert "pppoe: introduced max-starting option (limit number of starting ↵Vladislav Grishenko
sessions)" This reverts commit 61862862a9fa24db4f16c24db1aed1f1a5f0be19.
2020-02-16ipoe: dhcpv4: echo back opt82 if sent by client/unknown relay per rfc3046Vladislav Grishenko
2020-02-16ipoe: dhcpv4: move relay packet logging after paddingVladislav Grishenko
2020-02-16ipoe: dhcpv4: implement udp csum and padding per rfc1542Vladislav Grishenko
2020-01-13Merge pull request #110 from themiron/ipv6-poolxebd
Add named ipv6 pools support
2020-01-11ipv6pool: add per-proto ipv6-pool and ipv6-pool-delegate optionsVladislav Grishenko
also, disable ipv6 pools via chap-secrets, need to find another syntax for it, may be with comments.
2019-12-24pppoe: introduced max-starting option (limit number of starting sessions)Gavrilenkov A
2019-09-11ipoe: check for ipoe_create_session_dhcpv4 returns not NULLDmitry Kozlov
2019-09-04ipoe,pptp: introduced max-starting option (limit number of starting sessions)Gavrilenkov A
2019-08-29ppp/ipoe: cleanup cleck-ip supportVladislav Grishenko
let check-ip setting from [ppp]/[ipoe] sections has prio over [common] for compatibility with older configs.
2019-08-27Merge pull request #92 from themiron/sstpxebd
sstp: implement ssl-protocol option and add unsupported features logging
2019-08-20Prepared check-ip and for ipoe, migrate to [common]check-ipDmitriyEshenko
2019-07-27sstp: enable all client-compat optsVladislav Grishenko
2019-07-27sstp: tie log errors with config optionsVladislav Grishenko
2019-07-27sstp: log DH/ECDH support warnings as wellVladislav Grishenko
2019-07-27sstp: implement ssl-protocol list optionVladislav Grishenko
possible protocols are ssl2, ssl3, tls1, tls1.1, tls1.2 and tls1.3, but support does depend on openssl library. defaults are up to openssl library w/o ssl2/ssl3.
2019-05-29Added extra AVP to SCCCN as known to allow MPD5 tunnelsPedro don't want to be here
original commit author is @dyangol
2019-05-13ipoe: restored max-lease-time functionalityDmitry Kozlov
2019-05-13Revert "ipoe: restored max-lease-time functionality"Dmitry Kozlov
This reverts commit 6f433706a152ea987899fd830ff399e257b0f2a6.
2019-05-13Merge branch 'master' of github.com:xebd/accel-pppDmitry Kozlov
2019-05-13ipoe: restored max-lease-time functionalityDmitry Kozlov
2019-05-09ipoe: Fix send NAK for REQUEST with 3 same XID for not existing sessionsDmitriyEshenko
2019-03-08initialize ssl_halen = ETH_ALEN in sockaddr_ll structuresDmitry Kozlov
2019-02-12ipoe: always ignore Gratoitous ARPDmitry Kozlov
generated by cgit v1.2.3 (git 2.39.1) at 2025-02-19 13:00:06 +0000