9cf590ccd7
lib: Make ThreadFunc return nothing
2021-11-01 14:41:53 +02:00
815e80ec4d
lib: Remove unused threading functionality related to thread results
2021-11-01 14:41:53 +02:00
666460aced
lib/platform: Use std::function instead of IJob in MSWindowsDesks
2021-11-01 14:41:53 +02:00
4486830fdb
Merge pull request #1351 from p12tic/fix-ssl-crash-closing-connections
...
Fix ssl-related crashes when closing connections [SECURITY VULNERABILITY CVE-2021-42074]
2021-11-01 14:40:11 +02:00
f0efe043bb
lib/net: Fix incorrect sharing of data between different SSL sessions
2021-11-01 14:05:49 +02:00
8b937a4abd
lib/net: Fix race conditions when closing SSL connections
...
This fixes the following security vulnerability:
- CVE-2021-42074 SIGSEGV on quick open/close sequence while sending
Hello message
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 14:05:49 +02:00
caeebf6c36
Merge pull request #1350 from p12tic/fix-file-handles-leak
...
Fix file descriptor leak on incomplete connections [SECURITY VULNERABILITY CVE-2021-42075]
2021-11-01 14:04:45 +02:00
aaa0e4d2e0
Merge pull request #1349 from p12tic/types-cleanup
...
Cleanup declarations of {S,U}Int{8,16,32} types
2021-11-01 14:04:32 +02:00
deefecc262
lib/server: Close connection when client app-level handshake fails
...
This fixes the following security vulnerability:
- CVE-2021-42075 DoS via file descriptor exhaustion
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:58:21 +02:00
20f66fe133
lib/common: Clean up declarations of {S,U}Int{8,16,32} types
2021-11-01 05:56:53 +02:00
676fa39f9a
lib/platform: Switch remaining ObjC source files to ObjC++
2021-11-01 05:56:53 +02:00
00e182d22e
Merge pull request #1347 from p12tic/enforce-max-message-length
...
Enforce max message length [SECURITY VULNERABILITY CVE-2021-42076]
2021-11-01 05:56:38 +02:00
dd31d0a539
Merge pull request #1348 from p12tic/fix-openssl-windows-applink
...
Include openssl applink shim into Windows builds
2021-11-01 05:56:22 +02:00
e8ac56b045
lib/net: Include openssl applink shim into Windows builds
2021-11-01 05:48:26 +02:00
fd5295eb31
lib/barrier: Disconnect client on too long input packets
...
This commit is the 3/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:53 +02:00
af90f39b4a
lib/net: Limit the maximum size of TCP or SSL input buffers
...
This commit is the 2/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:52 +02:00
e33c81b835
lib: Enforce a maximum length of input messages
...
This commit is the 1/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:51 +02:00
cc369820d4
lib/server: Remove unused code
2021-11-01 05:18:50 +02:00
7ab8e0101d
lib/server: Add a note about taking pointer to virtual member function
2021-11-01 05:18:49 +02:00
b677a0b419
Merge pull request #1344 from p12tic/windows-build-cleanup
...
Windows build cleanup
2021-11-01 05:16:09 +02:00
b5adc93e2b
Merge pull request #1346 from p12tic/client-identity-verification
...
Implement client identity verification [SECURITY VULNERABILITIES CVE-2021-42072, CVE-2021-42073]
2021-11-01 05:15:48 +02:00
7cacbd1489
gui: Improve formatting of the fingerprint acceptance dialog
2021-11-01 04:50:17 +02:00
165100a0d2
gui: Extract barrier type to separate enum
2021-11-01 04:50:16 +02:00
229abab99f
Implement client identity verification
...
This commit fixes two security vulnerabilities: CVE-2021-42072 and
CVE-2021-42073.
The issues have been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 04:50:15 +02:00
e79bdf333c
gui: Fix fingerprint database being not populated due to missing dirs
2021-11-01 04:50:14 +02:00
57769cffda
lib/net: Pass connection security level to within socket classes
2021-11-01 04:50:13 +02:00
5c7d7194d5
lib/net: Use enum for connection security level instead of boolean
2021-11-01 04:50:12 +02:00
82b8fa905e
lib/net: Improve name of showCertificate() to reflect what it does
2021-11-01 04:50:11 +02:00
133e447fb6
lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint()
2021-11-01 04:50:10 +02:00
8bc280e0dd
gui: Add configuration for requiring client certificates
2021-11-01 04:50:09 +02:00
ed32e2e326
gui: Expand checkboxes in settings dialog through both grid columns
2021-11-01 04:50:08 +02:00
4d73ed9fdd
lib/net: Present client certificate when connecting to server
2021-11-01 04:50:07 +02:00
92ba6f61e6
gui: Move SSL fingerprint labels out of server frame
...
SSL fingerprints will be used to auth both server and client.
2021-11-01 04:50:06 +02:00
c0ce893711
lib/net: Load client SSL certificates when connecting
2021-11-01 04:50:05 +02:00
cb0480fe84
cmake: Silence tr1 deprecation warning on MSVC
2021-11-01 04:48:56 +02:00
f9c051fc82
Use cmake --build to build on Windows
2021-11-01 04:48:56 +02:00
6d7eca42b7
Merge pull request #1345 from p12tic/filesystem-cleanup
...
Filesystem operations cleanup
2021-11-01 04:47:16 +02:00
0f3afed664
gui: Switch SSL certificate handler to barrier::fs paths
2021-11-01 04:29:54 +02:00
b76b332f2f
lib/common: Move SSL certificate path definition to common location
2021-11-01 04:29:53 +02:00
d033ffa3d8
lib/net: Use fs::is_regular_file() to check for path existence
2021-11-01 04:29:52 +02:00
220f9e8274
lib/common: Remove unused file
2021-11-01 04:29:51 +02:00
a2ca7e29f5
lib/common: Switch data directories to fs::path
2021-11-01 04:29:50 +02:00
298980fa86
lib/common: Move DataDirectories to barrier namespace
2021-11-01 04:29:49 +02:00
677612d342
lib/common: Replace PathUtilities::basename with barrier::fs equivalent
2021-11-01 04:29:48 +02:00
e7d936b5d7
lib/common: Replace PathUtilities::concat with barrier::fs equivalent
2021-11-01 04:29:47 +02:00
bcafdc6783
src/lib: Switch to ghc::filesystem in path utilities
2021-11-01 04:29:46 +02:00
a987605513
lib/io: Rename fstream.h to filesystem.h
2021-11-01 04:29:45 +02:00
801a5a7084
ext: Add https://github.com/gulrak/filesystem for filesystem operations
2021-11-01 04:29:44 +02:00
22ac14be8c
Merge pull request #1343 from p12tic/sha256-fingerprints
...
Add support for SHA256 fingerprints
2021-11-01 04:21:17 +02:00
a428b61c7d
gui: Add support for SHA256 fingerprints
...
For the time being both SHA1 and SHA256 fingerprints will be shown in
the UI. This allows users to verify new connections between old and new
versions of Barrier. After the initial verification we use SHA256
fingerprints.
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 04:07:09 +02:00
Povilas Kanapickas