(Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for...
authorMichael Rash <mbr@cipherdyne.org>
Sat, 25 Aug 2012 02:12:19 +0000 (22:12 -0400)
committerMichael Rash <mbr@cipherdyne.org>
Sat, 25 Aug 2012 02:12:19 +0000 (22:12 -0400)
commitd46ba1c027a11e45821ba897a4928819bccc8f22
treebdc5e8c3357dae4be00c47b5c415e1a07653a92b
parentb0bf7f369918989bae364730c8952258aac693c6
(Fernando Arnaboldi, IOActive) Found and fixed several DoS/code execution vulns for authenticated clients

- [server] Fernando Arnaboldi from IOActive found several DoS/code
execution vulnerabilities for malicious fwknop clients that manage to
get past the authentication stage (so a such a client must be in
possession of a valid access.conf encryption key).  These vulnerbilities
manifested themselves in the handling of malformed access requests, and
both the fwknopd server code along with libfko now perform stronger input
validation of access request data.  These vulnerabilities affect
pre-2.0.3 fwknop releases.
- [test suite] Added a new fuzzing capability to ensure proper server-side
input validation.  Fuzzing data is constructed with modified fwknop
client code that is designed to emulate malicious behavior.
CREDITS
ChangeLog
Makefile.am
lib/fko_message.c
lib/fko_message.h
server/access.c
server/access.h
server/fw_util_iptables.c
test/conf/disable_aging_fwknopd.conf [new file with mode: 0644]
test/test-fwknop.pl