file permissions and client buffer overflow fix
authorMichael Rash <mbr@cipherdyne.org>
Thu, 30 Aug 2012 02:21:43 +0000 (22:21 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Thu, 30 Aug 2012 02:21:43 +0000 (22:21 -0400)
commita60f05ad44e824f6230b22f8976399340cb535dc
tree06b51b1c900dd6b8edf80b831b278c79e97e6aaa
parent186a424353a2e795e69f399f079a901e7dc8f24b
file permissions and client buffer overflow fix

- [client+server] Fernando Arnaboldi from IOActive found that strict
filesystem permissions for various fwknop files are not verified.  Added
warnings whenever permissions are not strict enough, and ensured that
files created by the fwknop client and server are only set to user
read/write.
- [client] Fernando Arnaboldi from IOActive found a local buffer overflow
in --last processing with a maliciously constructed ~/.fwknop.run file.
This has been fixed with proper validation of .fwknop.run arguments.
13 files changed:
ChangeLog
client/config_init.c
client/fwknop.c
client/utils.c
client/utils.h
configure.ac
server/access.c
server/config_init.c
server/fwknopd.c
server/replay_cache.c
server/utils.c
server/utils.h
test/test-fwknop.pl