Commit Graph

3924 Commits

Author SHA1 Message Date
Povilas Kanapickas fc6d4e41d8
Merge pull request #1352 from p12tic/cleanup-callbacks
Cleanup internal callback APIs
2021-11-01 17:28:53 +02:00
Povilas Kanapickas d7de571fdc lib/net: Simplify handling of socket multiplexer jobs 2021-11-01 14:41:53 +02:00
Povilas Kanapickas d2c106db53 lib: Pass jobs to barrier::Thread as std::function 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 53356697d9 lib/arch: Pass jobs to Arch threads as std::function 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 9cf590ccd7 lib: Make ThreadFunc return nothing 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 815e80ec4d lib: Remove unused threading functionality related to thread results 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 666460aced lib/platform: Use std::function instead of IJob in MSWindowsDesks 2021-11-01 14:41:53 +02:00
Povilas Kanapickas 4486830fdb
Merge pull request #1351 from p12tic/fix-ssl-crash-closing-connections
Fix ssl-related crashes when closing connections [SECURITY VULNERABILITY CVE-2021-42074]
2021-11-01 14:40:11 +02:00
Povilas Kanapickas f0efe043bb lib/net: Fix incorrect sharing of data between different SSL sessions 2021-11-01 14:05:49 +02:00
Povilas Kanapickas 8b937a4abd lib/net: Fix race conditions when closing SSL connections
This fixes the following security vulnerability:
- CVE-2021-42074 SIGSEGV on quick open/close sequence while sending
Hello message

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 14:05:49 +02:00
Povilas Kanapickas caeebf6c36
Merge pull request #1350 from p12tic/fix-file-handles-leak
Fix file descriptor leak on incomplete connections [SECURITY VULNERABILITY CVE-2021-42075]
2021-11-01 14:04:45 +02:00
Povilas Kanapickas aaa0e4d2e0
Merge pull request #1349 from p12tic/types-cleanup
Cleanup declarations of {S,U}Int{8,16,32} types
2021-11-01 14:04:32 +02:00
Povilas Kanapickas deefecc262 lib/server: Close connection when client app-level handshake fails
This fixes the following security vulnerability:
 - CVE-2021-42075 DoS via file descriptor exhaustion

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:58:21 +02:00
Povilas Kanapickas 20f66fe133 lib/common: Clean up declarations of {S,U}Int{8,16,32} types 2021-11-01 05:56:53 +02:00
Povilas Kanapickas 676fa39f9a lib/platform: Switch remaining ObjC source files to ObjC++ 2021-11-01 05:56:53 +02:00
Povilas Kanapickas 00e182d22e
Merge pull request #1347 from p12tic/enforce-max-message-length
Enforce max message length [SECURITY VULNERABILITY CVE-2021-42076]
2021-11-01 05:56:38 +02:00
Povilas Kanapickas dd31d0a539
Merge pull request #1348 from p12tic/fix-openssl-windows-applink
Include openssl applink shim into Windows builds
2021-11-01 05:56:22 +02:00
Povilas Kanapickas e8ac56b045 lib/net: Include openssl applink shim into Windows builds 2021-11-01 05:48:26 +02:00
Povilas Kanapickas fd5295eb31 lib/barrier: Disconnect client on too long input packets
This commit is the 3/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:53 +02:00
Povilas Kanapickas af90f39b4a lib/net: Limit the maximum size of TCP or SSL input buffers
This commit is the 2/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:52 +02:00
Povilas Kanapickas e33c81b835 lib: Enforce a maximum length of input messages
This commit is the 1/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:51 +02:00
Povilas Kanapickas cc369820d4 lib/server: Remove unused code 2021-11-01 05:18:50 +02:00
Povilas Kanapickas 7ab8e0101d lib/server: Add a note about taking pointer to virtual member function 2021-11-01 05:18:49 +02:00
Povilas Kanapickas b677a0b419
Merge pull request #1344 from p12tic/windows-build-cleanup
Windows build cleanup
2021-11-01 05:16:09 +02:00
Povilas Kanapickas b5adc93e2b
Merge pull request #1346 from p12tic/client-identity-verification
Implement client identity verification [SECURITY VULNERABILITIES CVE-2021-42072, CVE-2021-42073]
2021-11-01 05:15:48 +02:00
Povilas Kanapickas 7cacbd1489 gui: Improve formatting of the fingerprint acceptance dialog 2021-11-01 04:50:17 +02:00
Povilas Kanapickas 165100a0d2 gui: Extract barrier type to separate enum 2021-11-01 04:50:16 +02:00
Povilas Kanapickas 229abab99f Implement client identity verification
This commit fixes two security vulnerabilities: CVE-2021-42072 and
CVE-2021-42073.

The issues have been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 04:50:15 +02:00
Povilas Kanapickas e79bdf333c gui: Fix fingerprint database being not populated due to missing dirs 2021-11-01 04:50:14 +02:00
Povilas Kanapickas 57769cffda lib/net: Pass connection security level to within socket classes 2021-11-01 04:50:13 +02:00
Povilas Kanapickas 5c7d7194d5 lib/net: Use enum for connection security level instead of boolean 2021-11-01 04:50:12 +02:00
Povilas Kanapickas 82b8fa905e lib/net: Improve name of showCertificate() to reflect what it does 2021-11-01 04:50:11 +02:00
Povilas Kanapickas 133e447fb6 lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint() 2021-11-01 04:50:10 +02:00
Povilas Kanapickas 8bc280e0dd gui: Add configuration for requiring client certificates 2021-11-01 04:50:09 +02:00
Povilas Kanapickas ed32e2e326 gui: Expand checkboxes in settings dialog through both grid columns 2021-11-01 04:50:08 +02:00
Povilas Kanapickas 4d73ed9fdd lib/net: Present client certificate when connecting to server 2021-11-01 04:50:07 +02:00
Povilas Kanapickas 92ba6f61e6 gui: Move SSL fingerprint labels out of server frame
SSL fingerprints will be used to auth both server and client.
2021-11-01 04:50:06 +02:00
Povilas Kanapickas c0ce893711 lib/net: Load client SSL certificates when connecting 2021-11-01 04:50:05 +02:00
Povilas Kanapickas cb0480fe84 cmake: Silence tr1 deprecation warning on MSVC 2021-11-01 04:48:56 +02:00
Povilas Kanapickas f9c051fc82 Use cmake --build to build on Windows 2021-11-01 04:48:56 +02:00
Povilas Kanapickas 6d7eca42b7
Merge pull request #1345 from p12tic/filesystem-cleanup
Filesystem operations cleanup
2021-11-01 04:47:16 +02:00
Povilas Kanapickas 0f3afed664 gui: Switch SSL certificate handler to barrier::fs paths 2021-11-01 04:29:54 +02:00
Povilas Kanapickas b76b332f2f lib/common: Move SSL certificate path definition to common location 2021-11-01 04:29:53 +02:00
Povilas Kanapickas d033ffa3d8 lib/net: Use fs::is_regular_file() to check for path existence 2021-11-01 04:29:52 +02:00
Povilas Kanapickas 220f9e8274 lib/common: Remove unused file 2021-11-01 04:29:51 +02:00
Povilas Kanapickas a2ca7e29f5 lib/common: Switch data directories to fs::path 2021-11-01 04:29:50 +02:00
Povilas Kanapickas 298980fa86 lib/common: Move DataDirectories to barrier namespace 2021-11-01 04:29:49 +02:00
Povilas Kanapickas 677612d342 lib/common: Replace PathUtilities::basename with barrier::fs equivalent 2021-11-01 04:29:48 +02:00
Povilas Kanapickas e7d936b5d7 lib/common: Replace PathUtilities::concat with barrier::fs equivalent 2021-11-01 04:29:47 +02:00
Povilas Kanapickas bcafdc6783 src/lib: Switch to ghc::filesystem in path utilities 2021-11-01 04:29:46 +02:00