High performance PPTP/L2TP/PPPoE/IPoE server for Linux (mirror of https://github.com/marekm72/accel-ppp-xebd.git) https://git.amelek.net/marekm72/accel-ppp-xebd.git/atom?h=master 2022-05-08T12:38:04+00:00 2022-05-08T12:38:04+00:00 DmitriyEshenko dmitriy.eshenko@vyos.io 2022-05-08T12:38:04+00:00 urn:sha1:e489ddac3840bf66eaa30474dbe4e9a2a2444d75 2021-03-20T14:14:59+00:00 [anp/hsw] sysop@880.ru 2021-03-20T14:14:59+00:00 urn:sha1:62f7740033f05053a581e864742575a46ccc6da2 * Fix errors found by valgrind ==12312== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s) ==12312== at 0x486CCF0: sendmsg (in /lib/libpthread-2.22.so) ==12312== by 0x12F57F: rtnl_talk (libnetlink.c:316) ==12312== by 0x132DA3: genl_resolve_mcg (genl.c:52) ==12312== by 0x484E1CB: init (vlan_mon.c:528) ==12312== by 0x484CDC0: vlan_mon_register_proto (vlan_mon.c:48) ==12312== by 0x510B763: load_vlan_mon (pppoe.c:1914) ==12312== by 0x510BFF2: load_config (pppoe.c:2064) ==12312== by 0x510C22A: pppoe_init (pppoe.c:2108) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) ==12312== Address 0xbedacdd8 is on thread 1's stack ==12312== in frame #2, created by genl_resolve_mcg (genl.c:23) ==12312== 15 bytes in 1 blocks are definitely lost in loss record 352 of 836 ==12312== at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==12312== by 0x4B97524: strdup (in /lib/libc-2.22.so) ==12312== by 0x12C30C: init (telnet.c:769) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) ==12312== ==12312== 15 bytes in 1 blocks are definitely lost in loss record 353 of 836 ==12312== at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so) ==12312== by 0x4B97524: strdup (in /lib/libc-2.22.so) ==12312== by 0x12D60A: init (tcp.c:392) ==12312== by 0x483E9EB: triton_load_modules (triton.c:704) ==12312== by 0x1384B2: main (main.c:339) * Fix another warnings by cppcheck [accel-pppd/ctrl/ipoe/arp.c:256]: (error) Uninitialized variable: n [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ctrl/pppoe/pppoe.c:738]: (warning) Possible null pointer dereference [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/libnetlink/libnetlink.c:515]: (warning) Possible null pointer dereference [accel-pppd/ppp/ipv6cp_opt_intfid.c:185]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'. [accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'. * Suppress compiler warnings * Fix locking errors /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 279 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 279, 249. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 333 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 333, 315. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 422 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 422, 372. /opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c 488 warn V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 488, 468. /opt/pvs/accel-ppp/accel-pppd/triton/mempool.c 119 warn V1020 The function exited without calling the 'pthread_spin_unlock' function. Check lines: 119, 116. * Fix array len errors /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 75 warn V557 Array underrun is possible. The value of 'len - 1' index could reach -1. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 76 warn V557 Array underrun is possible. The value of '-- len' index could reach -1. * Fix possible memory leaks /opt/pvs/accel-ppp/accel-pppd/radius/radius.c 936 err V773 The function was exited without releasing the 'str' pointer. A memory leak is possible. /opt/pvs/accel-ppp/accel-pppd/radius/serv.c 622 err V773 The function was exited without releasing the 'str' pointer. A memory leak is possible. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 144 err V773 The function was exited without releasing the 'raw' pointer. A memory leak is possible. * Fix unsafe code /opt/pvs/accel-ppp/accel-pppd/cli/tcp.c 364 warn V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 338, 364. /opt/pvs/accel-ppp/accel-pppd/cli/telnet.c 701 warn V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 675, 701. /opt/pvs/accel-ppp/accel-pppd/extra/ippool.c 241 err V614 Potentially uninitialized pointer 'pos' used. /opt/pvs/accel-ppp/accel-pppd/radius/dict.c 165 err V614 Uninitialized pointer 'parent_items' used. * Remove duplicate code /opt/pvs/accel-ppp/accel-pppd/radius/serv.c 202 warn V547 Expression 'ts.tv_sec < req->serv->fail_time' is always false. * Fix treating signed bool variables as unsigned * Add nullptr checking /opt/pvs/accel-ppp/accel-pppd/ipv6/dhcpv6.c 886 err V595 The 'opt->val' pointer was utilized before it was verified against nullptr. Check lines: 886, 890. /opt/pvs/accel-ppp/accel-pppd/ipv6/nd.c 479 err V595 The 'opt->val' pointer was utilized before it was verified against nullptr. Check lines: 479, 483. /opt/pvs/accel-ppp/accel-pppd/radius/auth.c 152 err V595 The 'rpd->auth_ctx' pointer was utilized before it was verified against nullptr. Check lines: 152, 154. /opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c 114 err V595 The 'cur_sect' pointer was utilized before it was verified against nullptr. Check lines: 114, 117. * Add logging of exit conditions * Clarify calculation [accel-pppd/ppp/ccp_mppe.c:281]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:282]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:283]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:284]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:285]: (style) Clarify calculation precedence for '&' and '?'. [accel-pppd/ppp/ccp_mppe.c:286]: (style) Clarify calculation precedence for '&' and '?'. [drivers/ipoe/ipoe.c:307]: (style) Clarify calculation precedence for '&' and '?'. * Fix void calculations [accel-pppd/ctrl/pppoe/disc.c:211]: (portability) 'pkt' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ctrl/pptp/pptp.c:150]: (portability) 'buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/acct.c:37]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/auth.c:35]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/auth.c:79]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:43]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:47]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:57]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:65]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/dm_coa.c:97]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/radius/serv.c:364]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:115]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:122]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/triton/mempool.c:276]: (portability) 'ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. * Fix void part 2 [accel-pppd/ipv6/dhcpv6.c:844]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ipv6/nd.c:199]: (portability) '(void*)dnsslinfo' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. [accel-pppd/ipv6/nd.c:432]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined. * Fix null pointer dereference [accel-pppd/ctrl/ipoe/ipoe.c:2048]: (warning) Possible null pointer dereference: eth [accel-pppd/ctrl/ipoe/ipoe.c:2049]: (warning) Possible null pointer dereference: iph * Remove redundant check /opt/pvs/accel-ppp/accel-pppd/ctrl/l2tp/packet.c 656 warn V547 Expression 'attr->length <= 16' is always false. * PR fixes * PR fixes 2 2021-03-13T13:22:05+00:00 [anp/hsw] sysop@880.ru 2021-03-13T13:22:05+00:00 urn:sha1:6c2fb7f07692ec8d9aad971b177dbb8718bf391a [accel-pppd/cli/tcp.c:305]: (error) Uninitialized variable: cln [accel-pppd/cli/telnet.c:642]: (error) Uninitialized variable: cln [accel-pppd/ctrl/l2tp/l2tp.c:4302]: (error) Uninitialized variable: msg_attr [accel-pppd/ctrl/l2tp/l2tp.c:4484]: (error) Uninitialized variable: msg_type [accel-pppd/ctrl/pppoe/disc.c:169]: (error) Uninitialized variable: n [accel-pppd/ctrl/pppoe/pppoe.c:1588]: (error) Uninitialized variable: pado 2020-09-12T20:11:49+00:00 Vladislav Grishenko themiron@mail.ru 2020-09-12T19:51:13+00:00 urn:sha1:6e851767b3074244d01f58da4208c9f2c779fa58 2020-09-05T21:38:35+00:00 Vladislav Grishenko themiron@mail.ru 2020-09-05T21:38:35+00:00 urn:sha1:2324bcd5ba12cf28f47357a8f03cd41b7c04c52b Unsufficent checks of valid l2tp header & avp length cause possible RCE through buffer overflow, reported by https://github.com/WinMin swings & leommxj, Chaitin Security Research Lab. Add missed header length and avp length validation to fix the issue. Order of struct bitfields is implementation-defined so current code doesn't play well with big-endian arch. switch to explicit flag bit checking/gathering to fix the issue. RFC 2661 and 3931 requires that length, seqeuence flags must be set and offset flag must not be set, so avp-premissive can't help in this cases. 2020-03-06T23:31:11+00:00 Vladislav Grishenko themiron@mail.ru 2020-03-06T23:25:00+00:00 urn:sha1:6b04e5778c1c0c9686066dd44caccfd755917c25 usually there's no need to have per-proto limitation, since the need of max starting limitation affects the whole server, not particular protocol only. 2020-01-10T20:57:14+00:00 Vladislav Grishenko themiron@mail.ru 2020-01-10T20:57:14+00:00 urn:sha1:f532c72d0cb33b16b9794d83a46969538bdf2596 also, disable ipv6 pools via chap-secrets, need to find another syntax for it, may be with comments. 2019-05-29T12:37:28+00:00 Pedro don't want to be here 39959198+pedro-nonfree@users.noreply.github.com 2019-05-29T12:37:28+00:00 urn:sha1:0f3eceb673985546178e139453eb75cfa0ed3fb1 original commit author is @dyangol 2018-03-03T21:41:47+00:00 Vladislav Grishenko themiron@mail.ru 2018-03-03T21:29:46+00:00 urn:sha1:939e952452dd856a574a1d78c15181a93a593996 2017-12-05T15:39:15+00:00 Vladislav Grishenko themiron@mail.ru 2017-10-30T12:27:22+00:00 urn:sha1:ae72e179afa46d82865aa8d459b32cc27541e4a7 Reuse exsisting radius functionality and allow set iterface name template for pppoe/pptp/l2tp, '%d' specification will be replaced automagically to the next available index by kernel. PPP interface rename allows to easy differ client's interfaces from the other ppp ones, for example, with just netfilter interface rules. Example: [pptp] ifname=pptp%d will produce pptp0, pptp1, ...