Povilas Kanapickas
fc6d4e41d8
Merge pull request #1352 from p12tic/cleanup-callbacks
...
Cleanup internal callback APIs
2021-11-01 17:28:53 +02:00
Povilas Kanapickas
d7de571fdc
lib/net: Simplify handling of socket multiplexer jobs
2021-11-01 14:41:53 +02:00
Povilas Kanapickas
d2c106db53
lib: Pass jobs to barrier::Thread as std::function
2021-11-01 14:41:53 +02:00
Povilas Kanapickas
53356697d9
lib/arch: Pass jobs to Arch threads as std::function
2021-11-01 14:41:53 +02:00
Povilas Kanapickas
9cf590ccd7
lib: Make ThreadFunc return nothing
2021-11-01 14:41:53 +02:00
Povilas Kanapickas
815e80ec4d
lib: Remove unused threading functionality related to thread results
2021-11-01 14:41:53 +02:00
Povilas Kanapickas
666460aced
lib/platform: Use std::function instead of IJob in MSWindowsDesks
2021-11-01 14:41:53 +02:00
Povilas Kanapickas
4486830fdb
Merge pull request #1351 from p12tic/fix-ssl-crash-closing-connections
...
Fix ssl-related crashes when closing connections [SECURITY VULNERABILITY CVE-2021-42074]
2021-11-01 14:40:11 +02:00
Povilas Kanapickas
f0efe043bb
lib/net: Fix incorrect sharing of data between different SSL sessions
2021-11-01 14:05:49 +02:00
Povilas Kanapickas
8b937a4abd
lib/net: Fix race conditions when closing SSL connections
...
This fixes the following security vulnerability:
- CVE-2021-42074 SIGSEGV on quick open/close sequence while sending
Hello message
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 14:05:49 +02:00
Povilas Kanapickas
caeebf6c36
Merge pull request #1350 from p12tic/fix-file-handles-leak
...
Fix file descriptor leak on incomplete connections [SECURITY VULNERABILITY CVE-2021-42075]
2021-11-01 14:04:45 +02:00
Povilas Kanapickas
aaa0e4d2e0
Merge pull request #1349 from p12tic/types-cleanup
...
Cleanup declarations of {S,U}Int{8,16,32} types
2021-11-01 14:04:32 +02:00
Povilas Kanapickas
deefecc262
lib/server: Close connection when client app-level handshake fails
...
This fixes the following security vulnerability:
- CVE-2021-42075 DoS via file descriptor exhaustion
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:58:21 +02:00
Povilas Kanapickas
20f66fe133
lib/common: Clean up declarations of {S,U}Int{8,16,32} types
2021-11-01 05:56:53 +02:00
Povilas Kanapickas
676fa39f9a
lib/platform: Switch remaining ObjC source files to ObjC++
2021-11-01 05:56:53 +02:00
Povilas Kanapickas
00e182d22e
Merge pull request #1347 from p12tic/enforce-max-message-length
...
Enforce max message length [SECURITY VULNERABILITY CVE-2021-42076]
2021-11-01 05:56:38 +02:00
Povilas Kanapickas
dd31d0a539
Merge pull request #1348 from p12tic/fix-openssl-windows-applink
...
Include openssl applink shim into Windows builds
2021-11-01 05:56:22 +02:00
Povilas Kanapickas
e8ac56b045
lib/net: Include openssl applink shim into Windows builds
2021-11-01 05:48:26 +02:00
Povilas Kanapickas
fd5295eb31
lib/barrier: Disconnect client on too long input packets
...
This commit is the 3/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:53 +02:00
Povilas Kanapickas
af90f39b4a
lib/net: Limit the maximum size of TCP or SSL input buffers
...
This commit is the 2/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:52 +02:00
Povilas Kanapickas
e33c81b835
lib: Enforce a maximum length of input messages
...
This commit is the 1/3 part of the fix for the following security
vulnerability:
- CVE-2021-42076 DoS via excess length messages
The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 05:18:51 +02:00
Povilas Kanapickas
cc369820d4
lib/server: Remove unused code
2021-11-01 05:18:50 +02:00
Povilas Kanapickas
7ab8e0101d
lib/server: Add a note about taking pointer to virtual member function
2021-11-01 05:18:49 +02:00
Povilas Kanapickas
b677a0b419
Merge pull request #1344 from p12tic/windows-build-cleanup
...
Windows build cleanup
2021-11-01 05:16:09 +02:00
Povilas Kanapickas
b5adc93e2b
Merge pull request #1346 from p12tic/client-identity-verification
...
Implement client identity verification [SECURITY VULNERABILITIES CVE-2021-42072, CVE-2021-42073]
2021-11-01 05:15:48 +02:00
Povilas Kanapickas
7cacbd1489
gui: Improve formatting of the fingerprint acceptance dialog
2021-11-01 04:50:17 +02:00
Povilas Kanapickas
165100a0d2
gui: Extract barrier type to separate enum
2021-11-01 04:50:16 +02:00
Povilas Kanapickas
229abab99f
Implement client identity verification
...
This commit fixes two security vulnerabilities: CVE-2021-42072 and
CVE-2021-42073.
The issues have been reported by Matthias Gerstner <mgerstner@suse.de>.
2021-11-01 04:50:15 +02:00
Povilas Kanapickas
e79bdf333c
gui: Fix fingerprint database being not populated due to missing dirs
2021-11-01 04:50:14 +02:00
Povilas Kanapickas
57769cffda
lib/net: Pass connection security level to within socket classes
2021-11-01 04:50:13 +02:00
Povilas Kanapickas
5c7d7194d5
lib/net: Use enum for connection security level instead of boolean
2021-11-01 04:50:12 +02:00
Povilas Kanapickas
82b8fa905e
lib/net: Improve name of showCertificate() to reflect what it does
2021-11-01 04:50:11 +02:00
Povilas Kanapickas
133e447fb6
lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint()
2021-11-01 04:50:10 +02:00
Povilas Kanapickas
8bc280e0dd
gui: Add configuration for requiring client certificates
2021-11-01 04:50:09 +02:00
Povilas Kanapickas
ed32e2e326
gui: Expand checkboxes in settings dialog through both grid columns
2021-11-01 04:50:08 +02:00
Povilas Kanapickas
4d73ed9fdd
lib/net: Present client certificate when connecting to server
2021-11-01 04:50:07 +02:00
Povilas Kanapickas
92ba6f61e6
gui: Move SSL fingerprint labels out of server frame
...
SSL fingerprints will be used to auth both server and client.
2021-11-01 04:50:06 +02:00
Povilas Kanapickas
c0ce893711
lib/net: Load client SSL certificates when connecting
2021-11-01 04:50:05 +02:00
Povilas Kanapickas
cb0480fe84
cmake: Silence tr1 deprecation warning on MSVC
2021-11-01 04:48:56 +02:00
Povilas Kanapickas
f9c051fc82
Use cmake --build to build on Windows
2021-11-01 04:48:56 +02:00
Povilas Kanapickas
6d7eca42b7
Merge pull request #1345 from p12tic/filesystem-cleanup
...
Filesystem operations cleanup
2021-11-01 04:47:16 +02:00
Povilas Kanapickas
0f3afed664
gui: Switch SSL certificate handler to barrier::fs paths
2021-11-01 04:29:54 +02:00
Povilas Kanapickas
b76b332f2f
lib/common: Move SSL certificate path definition to common location
2021-11-01 04:29:53 +02:00
Povilas Kanapickas
d033ffa3d8
lib/net: Use fs::is_regular_file() to check for path existence
2021-11-01 04:29:52 +02:00
Povilas Kanapickas
220f9e8274
lib/common: Remove unused file
2021-11-01 04:29:51 +02:00
Povilas Kanapickas
a2ca7e29f5
lib/common: Switch data directories to fs::path
2021-11-01 04:29:50 +02:00
Povilas Kanapickas
298980fa86
lib/common: Move DataDirectories to barrier namespace
2021-11-01 04:29:49 +02:00
Povilas Kanapickas
677612d342
lib/common: Replace PathUtilities::basename with barrier::fs equivalent
2021-11-01 04:29:48 +02:00
Povilas Kanapickas
e7d936b5d7
lib/common: Replace PathUtilities::concat with barrier::fs equivalent
2021-11-01 04:29:47 +02:00
Povilas Kanapickas
bcafdc6783
src/lib: Switch to ghc::filesystem in path utilities
2021-11-01 04:29:46 +02:00