<feed xmlns='http://www.w3.org/2005/Atom'>
<title>accel-ppp.git/accel-pppd/ppp/ppp_auth.c, branch marekm72-patch-1-printf-h</title>
<subtitle>High performance PPTP/L2TP/SSTP/PPPoE/IPoE server for Linux (mirror of https://github.com/marekm72/accel-ppp.git)
</subtitle>
<id>https://git.amelek.net/marekm72/accel-ppp.git/atom?h=marekm72-patch-1-printf-h</id>
<link rel='self' href='https://git.amelek.net/marekm72/accel-ppp.git/atom?h=marekm72-patch-1-printf-h'/>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/'/>
<updated>2021-03-20T14:14:59+00:00</updated>
<entry>
<title>Fixed some errors found by valgrind and pvs-studio (#11)</title>
<updated>2021-03-20T14:14:59+00:00</updated>
<author>
<name>[anp/hsw]</name>
<email>sysop@880.ru</email>
</author>
<published>2021-03-20T14:14:59+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=62f7740033f05053a581e864742575a46ccc6da2'/>
<id>urn:sha1:62f7740033f05053a581e864742575a46ccc6da2</id>
<content type='text'>
* Fix errors found by valgrind

==12312== Syscall param sendmsg(msg.msg_iov[0]) points to uninitialised byte(s)
==12312==    at 0x486CCF0: sendmsg (in /lib/libpthread-2.22.so)
==12312==    by 0x12F57F: rtnl_talk (libnetlink.c:316)
==12312==    by 0x132DA3: genl_resolve_mcg (genl.c:52)
==12312==    by 0x484E1CB: init (vlan_mon.c:528)
==12312==    by 0x484CDC0: vlan_mon_register_proto (vlan_mon.c:48)
==12312==    by 0x510B763: load_vlan_mon (pppoe.c:1914)
==12312==    by 0x510BFF2: load_config (pppoe.c:2064)
==12312==    by 0x510C22A: pppoe_init (pppoe.c:2108)
==12312==    by 0x483E9EB: triton_load_modules (triton.c:704)
==12312==    by 0x1384B2: main (main.c:339)
==12312==  Address 0xbedacdd8 is on thread 1's stack
==12312==  in frame #2, created by genl_resolve_mcg (genl.c:23)

==12312== 15 bytes in 1 blocks are definitely lost in loss record 352 of 836
==12312==    at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12312==    by 0x4B97524: strdup (in /lib/libc-2.22.so)
==12312==    by 0x12C30C: init (telnet.c:769)
==12312==    by 0x483E9EB: triton_load_modules (triton.c:704)
==12312==    by 0x1384B2: main (main.c:339)
==12312==
==12312== 15 bytes in 1 blocks are definitely lost in loss record 353 of 836
==12312==    at 0x482A9A9: malloc (in /usr/lib/valgrind/vgpreload_memcheck-x86-linux.so)
==12312==    by 0x4B97524: strdup (in /lib/libc-2.22.so)
==12312==    by 0x12D60A: init (tcp.c:392)
==12312==    by 0x483E9EB: triton_load_modules (triton.c:704)
==12312==    by 0x1384B2: main (main.c:339)

* Fix another warnings by cppcheck

[accel-pppd/ctrl/ipoe/arp.c:256]: (error) Uninitialized variable: n
[accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:90]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:129]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 5) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/mac_filter.c:158]: (warning) %x in format string (no. 6) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ctrl/pppoe/pppoe.c:738]: (warning) Possible null pointer dereference
[accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'.
[accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ipv6/dhcpv6.c:911]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/libnetlink/libnetlink.c:515]: (warning) Possible null pointer dereference
[accel-pppd/ppp/ipv6cp_opt_intfid.c:185]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 1) requires 'unsigned int *' but the argument type is 'int *'.
[accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 2) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 3) requires 'unsigned int *' but the argument type is 'signed int *'.
[accel-pppd/ppp/ipv6cp_opt_intfid.c:298]: (warning) %x in format string (no. 4) requires 'unsigned int *' but the argument type is 'signed int *'.

* Suppress compiler warnings

* Fix locking errors

/opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c       279     warn    V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 279, 249.
/opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c       333     warn    V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 333, 315.
/opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c       422     warn    V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 422, 372.
/opt/pvs/accel-ppp/accel-pppd/extra/pppd_compat.c       488     warn    V1020 The function exited without calling the 'sigchld_unlock' function. Check lines: 488, 468.
/opt/pvs/accel-ppp/accel-pppd/triton/mempool.c  119     warn    V1020 The function exited without calling the 'pthread_spin_unlock' function. Check lines: 119, 116.

* Fix array len errors

/opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c        75      warn    V557 Array underrun is possible. The value of 'len - 1' index could reach -1.
/opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c        76      warn    V557 Array underrun is possible. The value of '-- len' index could reach -1.

* Fix possible memory leaks

/opt/pvs/accel-ppp/accel-pppd/radius/radius.c   936     err     V773 The function was exited without releasing the 'str' pointer. A memory leak is possible.
/opt/pvs/accel-ppp/accel-pppd/radius/serv.c     622     err     V773 The function was exited without releasing the 'str' pointer. A memory leak is possible.
/opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c        144     err     V773 The function was exited without releasing the 'raw' pointer. A memory leak is possible.

* Fix unsafe code

/opt/pvs/accel-ppp/accel-pppd/cli/tcp.c 364     warn    V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 338, 364.
/opt/pvs/accel-ppp/accel-pppd/cli/telnet.c      701     warn    V1004 The 'host' pointer was used unsafely after it was verified against nullptr. Check lines: 675, 701.
/opt/pvs/accel-ppp/accel-pppd/extra/ippool.c    241     err     V614 Potentially uninitialized pointer 'pos' used.
/opt/pvs/accel-ppp/accel-pppd/radius/dict.c     165     err     V614 Uninitialized pointer 'parent_items' used.

* Remove duplicate code

/opt/pvs/accel-ppp/accel-pppd/radius/serv.c     202     warn    V547 Expression 'ts.tv_sec &lt; req-&gt;serv-&gt;fail_time' is always false.

* Fix treating signed bool variables as unsigned

* Add nullptr checking

/opt/pvs/accel-ppp/accel-pppd/ipv6/dhcpv6.c     886     err     V595 The 'opt-&gt;val' pointer was utilized before it was verified against nullptr. Check lines: 886, 890.
/opt/pvs/accel-ppp/accel-pppd/ipv6/nd.c 479     err     V595 The 'opt-&gt;val' pointer was utilized before it was verified against nullptr. Check lines: 479, 483.
/opt/pvs/accel-ppp/accel-pppd/radius/auth.c     152     err     V595 The 'rpd-&gt;auth_ctx' pointer was utilized before it was verified against nullptr. Check lines: 152, 154.
/opt/pvs/accel-ppp/accel-pppd/triton/conf_file.c        114     err     V595 The 'cur_sect' pointer was utilized before it was verified against nullptr. Check lines: 114, 117.

* Add logging of exit conditions

* Clarify calculation

[accel-pppd/ppp/ccp_mppe.c:281]: (style) Clarify calculation precedence for '&amp;' and '?'.
[accel-pppd/ppp/ccp_mppe.c:282]: (style) Clarify calculation precedence for '&amp;' and '?'.
[accel-pppd/ppp/ccp_mppe.c:283]: (style) Clarify calculation precedence for '&amp;' and '?'.
[accel-pppd/ppp/ccp_mppe.c:284]: (style) Clarify calculation precedence for '&amp;' and '?'.
[accel-pppd/ppp/ccp_mppe.c:285]: (style) Clarify calculation precedence for '&amp;' and '?'.
[accel-pppd/ppp/ccp_mppe.c:286]: (style) Clarify calculation precedence for '&amp;' and '?'.
[drivers/ipoe/ipoe.c:307]: (style) Clarify calculation precedence for '&amp;' and '?'.

* Fix void calculations

[accel-pppd/ctrl/pppoe/disc.c:211]: (portability) 'pkt' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/ctrl/pptp/pptp.c:150]: (portability) 'buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/acct.c:37]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/auth.c:35]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/auth.c:79]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/dm_coa.c:43]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/dm_coa.c:47]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/dm_coa.c:57]: (portability) 'pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/dm_coa.c:65]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/dm_coa.c:97]: (portability) 'req.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/radius/serv.c:364]: (portability) 'req.pack.buf' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/triton/mempool.c:115]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/triton/mempool.c:122]: (portability) 'mmap_ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/triton/mempool.c:276]: (portability) 'ptr' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.

* Fix void part 2

[accel-pppd/ipv6/dhcpv6.c:844]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/ipv6/nd.c:199]: (portability) '(void*)dnsslinfo' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[accel-pppd/ipv6/nd.c:432]: (portability) 'conf_dnssl' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.

* Fix null pointer dereference

[accel-pppd/ctrl/ipoe/ipoe.c:2048]: (warning) Possible null pointer dereference: eth
[accel-pppd/ctrl/ipoe/ipoe.c:2049]: (warning) Possible null pointer dereference: iph

* Remove redundant check

/opt/pvs/accel-ppp/accel-pppd/ctrl/l2tp/packet.c        656     warn    V547 Expression 'attr-&gt;length &lt;= 16' is always false.

* PR fixes

* PR fixes 2</content>
</entry>
<entry>
<title>ppp: lcp: auth: fix one-by-one oveflow</title>
<updated>2020-08-02T14:09:13+00:00</updated>
<author>
<name>Vladislav Grishenko</name>
<email>themiron@mail.ru</email>
</author>
<published>2020-08-02T14:09:13+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=8d1f8733b1a202431b0faf91d70f935f65b0cec2'/>
<id>urn:sha1:8d1f8733b1a202431b0faf91d70f935f65b0cec2</id>
<content type='text'>
lcp auth doesn't take into account auth extra bytes
for lcp request buffer allocation for chap/mschap/mschapv2
protocols, so last byte corrupts memory with undefined behavior
incl. crash.
</content>
</entry>
<entry>
<title>sstp: fix compound mac validation with broken clients</title>
<updated>2020-06-28T23:38:42+00:00</updated>
<author>
<name>Vladislav Grishenko</name>
<email>themiron@mail.ru</email>
</author>
<published>2020-06-28T15:57:57+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=7dd9766a72d9ad26f4db09c8a52067d1dd4e777c'/>
<id>urn:sha1:7dd9766a72d9ad26f4db09c8a52067d1dd4e777c</id>
<content type='text'>
sstp-client sends SSTP_MSG_CALL_CONNECTED message too early,
before auth response, so HLAK can't be known yet and subsequent
HLAK-based validation fails.
workaround the issue by defer accepting SSTP_MSG_CALL_CONNECTED
after auth either has been succeeded or bypassed.
</content>
</entry>
<entry>
<title>lcp: reject Authentication-Protocol option in Configure-Request packets</title>
<updated>2018-11-27T06:56:54+00:00</updated>
<author>
<name>Guillaume Nault</name>
<email>g.nault@alphalink.fr</email>
</author>
<published>2018-11-19T16:44:36+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=75a880700071b9d8a4a36f7c0beae5220e8c4853'/>
<id>urn:sha1:75a880700071b9d8a4a36f7c0beae5220e8c4853</id>
<content type='text'>
If we receive a Configure-Request packet, that means the peer wants us
to authenticate to him. However, none of our authentication backends
(PAP, CHAP and MSCHAP v1/v2) supports authenticating ourself to the
peer. Therefore, the LCP negotiation completes, but we hang in the
authentication phase because accel-ppp never sends any credential.

We should reject the Authentication-Protocol option found in
Configure-Request packets sent by the peer. This way, the peer knows
that we won't authenticate to him. Then it's up to him to keep
connecting without authentication from our side or to drop the
connection.

This doesn't change the way we request the peer to authenticate to us.
That part of the negotiation is handled by Configure-Request packets
that are sent by us (not those sent by the peer).

In practice some PPP clients wouldn't connect with the previous
behaviour, but are perfectly happy with their Authentication-Protocol
option being rejected. They just resend their Configure-Request without
requesting authentication from our side.

Also, since the peer_auth field of struct auth_option_t is never set
anymore, we can remove the conditionals in auth_recv_conf_nak() and
auth_recv_conf_rej().

Signed-off-by: Guillaume Nault &lt;g.nault@alphalink.fr&gt;
</content>
</entry>
<entry>
<title>ppp: move call connect_ppp_channel to appropriate place (when noauth=1)</title>
<updated>2018-04-03T14:05:49+00:00</updated>
<author>
<name>Dmitry Kozlov</name>
<email>xeb@mail.ru</email>
</author>
<published>2018-04-03T14:05:49+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=9534b6695a4ce3f816d77df73e5d9ec85a0bca59'/>
<id>urn:sha1:9534b6695a4ce3f816d77df73e5d9ec85a0bca59</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ppp: fix use-after-free in ppp_auth_failed()</title>
<updated>2018-03-03T09:07:39+00:00</updated>
<author>
<name>Guillaume Nault</name>
<email>g.nault@alphalink.fr</email>
</author>
<published>2018-02-21T16:55:53+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=22b24dc6ceb93dca800c687e72bba89fe68a78ee'/>
<id>urn:sha1:22b24dc6ceb93dca800c687e72bba89fe68a78ee</id>
<content type='text'>
The 'username' variable can be freed at the beginning of the function.
We have to use ppp-&gt;ses.username instead.

Signed-off-by: Guillaume Nault &lt;g.nault@alphalink.fr&gt;
</content>
</entry>
<entry>
<title>ipoe: check noauth option in [auth] section too</title>
<updated>2017-12-28T17:44:00+00:00</updated>
<author>
<name>Dmitry Kozlov</name>
<email>xeb@mail.ru</email>
</author>
<published>2017-12-28T17:44:00+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=427c0e0303984c4f582429178a34b4d07d9b4444'/>
<id>urn:sha1:427c0e0303984c4f582429178a34b4d07d9b4444</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ppp_auth: fixed possible use after free</title>
<updated>2016-03-04T19:08:17+00:00</updated>
<author>
<name>Dmitry Kozlov</name>
<email>xeb@mail.ru</email>
</author>
<published>2016-03-04T19:08:17+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=3fa9e6ad35c7768ccba7381599119656b18e5eb9'/>
<id>urn:sha1:3fa9e6ad35c7768ccba7381599119656b18e5eb9</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ppp_auth: fixed broken noauth mode</title>
<updated>2015-12-25T18:41:26+00:00</updated>
<author>
<name>Dmitry Kozlov</name>
<email>xeb@mail.ru</email>
</author>
<published>2015-12-25T18:40:29+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=44ae0ed6312dd2d6f81f01e2f66b70029f08e68f'/>
<id>urn:sha1:44ae0ed6312dd2d6f81f01e2f66b70029f08e68f</id>
<content type='text'>
</content>
</entry>
<entry>
<title>ppp: create ppp units after authentication</title>
<updated>2015-02-20T08:21:41+00:00</updated>
<author>
<name>François Cachereul</name>
<email>f.cachereul@alphalink.fr</email>
</author>
<published>2015-01-27T11:07:01+00:00</published>
<link rel='alternate' type='text/html' href='https://git.amelek.net/marekm72/accel-ppp.git/commit/?id=e4b4e0eef7fe04f7c202177cee82aa5ed4829387'/>
<id>urn:sha1:e4b4e0eef7fe04f7c202177cee82aa5ed4829387</id>
<content type='text'>
This avaid allocating a ppp unit when authentication failed

Split establish_ppp in two functions estabish_ppp and
connect_ppp_channel. The fist one connect the channel on an instance of
/dev/ppp, allocate channel resources and start first ppp layer.
The second functions create ppp unit and connect the channel to this
unit. It is called after authentication.
destablish_ppp is also split in two function for symmetry and
ppp_terminate is adapted to handle the case when the unit is not
created.

Signed-off-by: François Cachereul &lt;f.cachereul@alphalink.fr&gt;
</content>
</entry>
</feed>
