Commit Graph

1154 Commits

Author SHA1 Message Date
Martin Furter 020ae96bf3
Restoring terminal settings after daemonizing.
Signed-off-by: Dom Rodriguez <shymega@shymega.org.uk>
2021-11-06 21:48:05 +00:00
Jonas Berlin 2c8f92206f
ServerApp help: Describe the role of the server
Signed-off-by: Dom Rodriguez <shymega@shymega.org.uk>
2021-11-05 19:52:15 +00:00
James Le Cuirot 4b12265ae5 Add missing cstddef includes for NULL
Fixes https://github.com/debauchee/barrier/issues/1366.
2021-11-03 18:12:56 +02:00
Chih-Hsuan Yen dd3ea8adfe lib/platform: Fix encoding for text copied between linux and windows
Copied from https://github.com/symless/synergy-core/pull/7029. I don't
include the application/x-moz-nativehtml part in that patch as I already
added it in https://github.com/debauchee/barrier/pull/1164.

Fixes https://github.com/debauchee/barrier/issues/1037
Fixes https://github.com/debauchee/barrier/issues/1137

Original author: Serhii Hadzhilov <serhii-external@symless.com>
2021-11-03 03:12:41 +02:00
Povilas Kanapickas d7de571fdc lib/net: Simplify handling of socket multiplexer jobs 2021-11-01 14:41:53 +02:00
Povilas Kanapickas d2c106db53 lib: Pass jobs to barrier::Thread as std::function 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 53356697d9 lib/arch: Pass jobs to Arch threads as std::function 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 9cf590ccd7 lib: Make ThreadFunc return nothing 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 815e80ec4d lib: Remove unused threading functionality related to thread results 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 666460aced lib/platform: Use std::function instead of IJob in MSWindowsDesks 2021-11-01 14:41:53 +02:00
Povilas Kanapickas f0efe043bb lib/net: Fix incorrect sharing of data between different SSL sessions 2021-11-01 14:05:49 +02:00
Povilas Kanapickas 8b937a4abd lib/net: Fix race conditions when closing SSL connections
This fixes the following security vulnerability:
- CVE-2021-42074 SIGSEGV on quick open/close sequence while sending
Hello message

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 14:05:49 +02:00
Povilas Kanapickas caeebf6c36
Merge pull request #1350 from p12tic/fix-file-handles-leak
Fix file descriptor leak on incomplete connections [SECURITY VULNERABILITY CVE-2021-42075]
2021-11-01 14:04:45 +02:00
Povilas Kanapickas deefecc262 lib/server: Close connection when client app-level handshake fails
This fixes the following security vulnerability:
 - CVE-2021-42075 DoS via file descriptor exhaustion

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:58:21 +02:00
Povilas Kanapickas 20f66fe133 lib/common: Clean up declarations of {S,U}Int{8,16,32} types 2021-11-01 05:56:53 +02:00
Povilas Kanapickas 676fa39f9a lib/platform: Switch remaining ObjC source files to ObjC++ 2021-11-01 05:56:53 +02:00
Povilas Kanapickas 00e182d22e
Merge pull request #1347 from p12tic/enforce-max-message-length
Enforce max message length [SECURITY VULNERABILITY CVE-2021-42076]
2021-11-01 05:56:38 +02:00
Povilas Kanapickas e8ac56b045 lib/net: Include openssl applink shim into Windows builds 2021-11-01 05:48:26 +02:00
Povilas Kanapickas fd5295eb31 lib/barrier: Disconnect client on too long input packets
This commit is the 3/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:53 +02:00
Povilas Kanapickas af90f39b4a lib/net: Limit the maximum size of TCP or SSL input buffers
This commit is the 2/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:52 +02:00
Povilas Kanapickas e33c81b835 lib: Enforce a maximum length of input messages
This commit is the 1/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:51 +02:00
Povilas Kanapickas cc369820d4 lib/server: Remove unused code 2021-11-01 05:18:50 +02:00
Povilas Kanapickas 7ab8e0101d lib/server: Add a note about taking pointer to virtual member function 2021-11-01 05:18:49 +02:00
Povilas Kanapickas 165100a0d2 gui: Extract barrier type to separate enum 2021-11-01 04:50:16 +02:00
Povilas Kanapickas 229abab99f Implement client identity verification
This commit fixes two security vulnerabilities: CVE-2021-42072 and
CVE-2021-42073.

The issues have been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 04:50:15 +02:00
Povilas Kanapickas 57769cffda lib/net: Pass connection security level to within socket classes 2021-11-01 04:50:13 +02:00
Povilas Kanapickas 5c7d7194d5 lib/net: Use enum for connection security level instead of boolean 2021-11-01 04:50:12 +02:00
Povilas Kanapickas 82b8fa905e lib/net: Improve name of showCertificate() to reflect what it does 2021-11-01 04:50:11 +02:00
Povilas Kanapickas 133e447fb6 lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint() 2021-11-01 04:50:10 +02:00
Povilas Kanapickas 4d73ed9fdd lib/net: Present client certificate when connecting to server 2021-11-01 04:50:07 +02:00
Povilas Kanapickas c0ce893711 lib/net: Load client SSL certificates when connecting 2021-11-01 04:50:05 +02:00
Povilas Kanapickas b76b332f2f lib/common: Move SSL certificate path definition to common location 2021-11-01 04:29:53 +02:00
Povilas Kanapickas d033ffa3d8 lib/net: Use fs::is_regular_file() to check for path existence 2021-11-01 04:29:52 +02:00
Povilas Kanapickas 220f9e8274 lib/common: Remove unused file 2021-11-01 04:29:51 +02:00
Povilas Kanapickas a2ca7e29f5 lib/common: Switch data directories to fs::path 2021-11-01 04:29:50 +02:00
Povilas Kanapickas 298980fa86 lib/common: Move DataDirectories to barrier namespace 2021-11-01 04:29:49 +02:00
Povilas Kanapickas 677612d342 lib/common: Replace PathUtilities::basename with barrier::fs equivalent 2021-11-01 04:29:48 +02:00
Povilas Kanapickas e7d936b5d7 lib/common: Replace PathUtilities::concat with barrier::fs equivalent 2021-11-01 04:29:47 +02:00
Povilas Kanapickas bcafdc6783 src/lib: Switch to ghc::filesystem in path utilities 2021-11-01 04:29:46 +02:00
Povilas Kanapickas a987605513 lib/io: Rename fstream.h to filesystem.h 2021-11-01 04:29:45 +02:00
Povilas Kanapickas a428b61c7d gui: Add support for SHA256 fingerprints
For the time being both SHA1 and SHA256 fingerprints will be shown in
the UI. This allows users to verify new connections between old and new
versions of Barrier. After the initial verification we use SHA256
fingerprints.

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 04:07:09 +02:00
Povilas Kanapickas b7757fbd68 lib/net: Implement a way to generate fingerprint randomart
The code has been copied from OpenSSH.
2021-11-01 04:07:09 +02:00
Povilas Kanapickas 7cced74119 lib/net: Use FingerprintData to represent fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas 50534ecb43 lib/net: Use new FingerprintDatabase to handle fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas be8ba0d132 gui: Use new FingerprintDatabase to handle fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas 9cac96b4af lib/net: Implement a reusable fingerprint database 2021-11-01 04:07:09 +02:00
Povilas Kanapickas 3e71b468f6 lib: Remove useless empty constructors 2021-11-01 04:07:09 +02:00
Povilas Kanapickas 8f88dc2585 lib/base: Support colons in from_hex() 2021-11-01 04:07:09 +02:00
Povilas Kanapickas aa3afa9062 Use openssl library instead of CLI to generate certificates 2021-11-01 04:07:09 +02:00
Povilas Kanapickas dbf56a9375 gui: Use openssl library instead of CLI tool to generate fingerprints 2021-11-01 04:07:09 +02:00