fwknop.git
5 days agoMerge branch 'master' of ssh://github.com/mrash/fwknop master
Michael Rash [Wed, 27 Aug 2014 03:23:31 +0000]
Merge branch 'master' of ssh://github.com/mrash/fwknop

5 days agoMerge pull request #127 from g-reno/android-keypreserve
Michael Rash [Wed, 27 Aug 2014 03:22:15 +0000]
Merge pull request #127 from g-reno/android-keypreserve

restore keys from prefs when app is launched

5 days agofwknopd man page updates for access.conf vars
Michael Rash [Wed, 27 Aug 2014 03:21:14 +0000]
fwknopd man page updates for access.conf vars

10 days agoChangeLog update for FCS bug fix
Michael Rash [Fri, 22 Aug 2014 01:15:09 +0000]
ChangeLog update for FCS bug fix

10 days agominor code restructure for Ethernet FCS header processing
Michael Rash [Fri, 22 Aug 2014 01:08:27 +0000]
minor code restructure for Ethernet FCS header processing

10 days agoadded Ethernet FCS header test with pcap contributed by Bill Stubs
Michael Rash [Fri, 22 Aug 2014 01:07:52 +0000]
added Ethernet FCS header test with pcap contributed by Bill Stubs

10 days agoMerge branch 'beaglebone_libpcap_workaround' of https://github.com/stubbsw/fwknop...
Michael Rash [Fri, 22 Aug 2014 00:44:48 +0000]
Merge branch 'beaglebone_libpcap_workaround' of https://github.com/stubbsw/fwknop into stubbsw-beaglebone_libpcap_workaround

10 days agorestore keys from prefs when app is launched
Gerry Reno [Thu, 21 Aug 2014 22:16:00 +0000]
restore keys from prefs when app is launched

10 days agopcap of spa with Ethernet FCS
stubbsw [Thu, 21 Aug 2014 11:04:55 +0000]
pcap of  spa with Ethernet FCS

Captured with:
tcpdump -i eth0 -l -nn -s 0 -w fcs_spa.pcap udp port 62201

Generated remotely with:
LD_LIBRARY_PATH=./lib/.libs ./client/.libs/fwknop -A tcp/22 -a 127.0.0.2
-D 192.168.18.11 --no-save-args --verbose --verbose --rc-file
./test/conf/fwknoprc_default_hmac_base64_key

11 days agoMerge pull request #125 from stubbsw/beaglebone_libpcap_workaround
Michael Rash [Thu, 21 Aug 2014 03:20:40 +0000]
Merge pull request #125 from stubbsw/beaglebone_libpcap_workaround

workaround libpcap 4 extra bytes

12 days agoupdate to indicate Ethernet FCS support vs. bug
stubbsw [Tue, 19 Aug 2014 10:54:18 +0000]
update to indicate Ethernet FCS support vs. bug

2 weeks agoworkaround libpcap 4 extra bytes
stubbsw [Sun, 17 Aug 2014 15:50:56 +0000]
workaround libpcap 4 extra bytes

Workaround for libpcap returning a length that is 4 bytes longer than
the
packet on the wire. Observed on:

Linux beaglebone 3.8.13-bone50 #1 SMP Tue May 13 13:24:52 UTC 2014
armv7l GNU/Linux
ldd fwknopd
libfko.so.2 => /usr/local/lib/libfko.so.2 (0xb6f62000)
libpcap.so.0.8 => /usr/lib/arm-linux-gnueabihf/libpcap.so.0.8
(0xb6f20000)
libc.so.6 => /lib/arm-linux-gnueabihf/libc.so.6 (0xb6e3b000)
/lib/ld-linux-armhf.so.3 (0xb6f94000)
libgcc_s.so.1 => /lib/arm-linux-gnueabihf/libgcc_s.so.1 (0xb6e17000)

Calculate the new pkt_end from the length in the ip header.

4 weeks agoappend gdbm change to all changes since 2.6.2 2.6.3
Michael Rash [Tue, 29 Jul 2014 02:41:56 +0000]
append gdbm change to all changes since 2.6.2

4 weeks agoremoved gdbm/gdbm-devel dependencies for the RPM, bumped libfko to 2.0.3 for the RPM
Michael Rash [Tue, 29 Jul 2014 02:40:13 +0000]
removed gdbm/gdbm-devel dependencies for the RPM, bumped libfko to 2.0.3 for the RPM

4 weeks agoextended ChangeLog.git to include libfko version bump
Michael Rash [Tue, 29 Jul 2014 02:28:46 +0000]
extended ChangeLog.git to include libfko version bump

4 weeks agobumped libfko version to 2.0.3
Michael Rash [Tue, 29 Jul 2014 01:46:32 +0000]
bumped libfko version to 2.0.3

4 weeks agochanges since 2.6.2 to ChangeLog.git
Michael Rash [Mon, 28 Jul 2014 03:20:55 +0000]
changes since 2.6.2 to ChangeLog.git

4 weeks agobumped version to 2.6.3 in preparation for release
Michael Rash [Mon, 28 Jul 2014 03:03:11 +0000]
bumped version to 2.6.3 in preparation for release

4 weeks ago[test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests
Michael Rash [Mon, 28 Jul 2014 02:56:15 +0000]
[test suite] added FreeBSD-10.0 and OpenBSD-5.5 compatibility tests

4 weeks agoadded configure_max_coverage.sh helper script
Michael Rash [Mon, 28 Jul 2014 02:40:04 +0000]
added configure_max_coverage.sh helper script

4 weeks ago[test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage
Michael Rash [Mon, 28 Jul 2014 02:31:49 +0000]
[test suite] WGET_CMD and RESOLVE_HTTP_ONLY fwknoprc test coverage

4 weeks agorevert gpg trustdb.gpg update from test suite
Michael Rash [Mon, 28 Jul 2014 02:10:01 +0000]
revert gpg trustdb.gpg update from test suite

5 weeks ago[client] have autoconf resolve the absolute path to wget for SSL IP resolution
Michael Rash [Mon, 28 Jul 2014 02:03:58 +0000]
[client] have autoconf resolve the absolute path to wget for SSL IP resolution

5 weeks ago[server] fix shift operation bug in SOURCE subnet processing spotted by Coverity
Michael Rash [Sun, 27 Jul 2014 03:43:48 +0000]
[server] fix shift operation bug in SOURCE subnet processing spotted by Coverity

5 weeks agoMerge branch 'libfiu_fault_injection'
Michael Rash [Fri, 25 Jul 2014 21:44:27 +0000]
Merge branch 'libfiu_fault_injection'

Conflicts:
test/tests/rijndael_hmac_fuzzing.pl

5 weeks ago[client] Updated IP resolution mode -R to use SSL libfiu_fault_injection
Michael Rash [Fri, 25 Jul 2014 21:42:06 +0000]
[client] Updated IP resolution mode -R to use SSL

External IP resolution via '-R' (or '--resolve-ip-http') is now done via SSL by
default. The IP resolution URL is now 'https://www.cipherdyne.org/cgi-gin/myip',
and a warning is generated in '-R' mode whenever a non-HTTPS URL is specified
(it is safer just to use the default). The fwknop client leverages 'wget' for
this operation since that is cleaner than having fwknop link against an SSL
library.

5 weeks ago[client] call freeaddrinfo() early after iterating through getaddrinfo() results
Michael Rash [Wed, 23 Jul 2014 02:35:43 +0000]
[client] call freeaddrinfo() early after iterating through getaddrinfo() results

5 weeks agoadded extras/coverity/ directory for Coverity script
Michael Rash [Wed, 23 Jul 2014 02:05:29 +0000]
added extras/coverity/ directory for Coverity script

5 weeks ago[client] make close() on socket handle more intuitive (resolves 'double close' bugs...
Michael Rash [Wed, 23 Jul 2014 02:04:44 +0000]
[client] make close() on socket handle more intuitive (resolves 'double close' bugs flagged by Coverity)

5 weeks ago[test suite] add access.conf file path to a few basic tests
Michael Rash [Tue, 22 Jul 2014 22:56:12 +0000]
[test suite] add access.conf file path to a few basic tests

5 weeks ago[test suite] handle PF on FreeBSD
Michael Rash [Tue, 22 Jul 2014 22:48:54 +0000]
[test suite] handle PF on FreeBSD

5 weeks ago[test suite] update wrapper Makefile gcc -> cc
Michael Rash [Tue, 22 Jul 2014 22:40:29 +0000]
[test suite] update wrapper Makefile gcc -> cc

5 weeks ago[test suite] README update to include --enable-complete mode
Michael Rash [Tue, 22 Jul 2014 03:59:44 +0000]
[test suite] README update to include --enable-complete mode

5 weeks agofixed several socket handle leaks under error conditions spotted by Coverity
Michael Rash [Tue, 22 Jul 2014 03:55:08 +0000]
fixed several socket handle leaks under error conditions spotted by Coverity

6 weeks agoadded lcov coverage link
Michael Rash [Sat, 19 Jul 2014 21:26:15 +0000]
added lcov coverage link

6 weeks agoChangeLog updates
Michael Rash [Sat, 19 Jul 2014 21:18:59 +0000]
ChangeLog updates

6 weeks ago[server] minor update print -> fprintf for PF firewall interface
Michael Rash [Sat, 19 Jul 2014 20:40:59 +0000]
[server] minor update print -> fprintf for PF firewall interface

6 weeks agofix gcc -Wstrlcpy-strlcat-size warnings
Michael Rash [Sat, 19 Jul 2014 20:30:53 +0000]
fix gcc -Wstrlcpy-strlcat-size warnings

6 weeks agofixed README paths
Michael Rash [Sat, 19 Jul 2014 20:30:00 +0000]
fixed README paths

6 weeks agofixed README paths
Michael Rash [Sat, 19 Jul 2014 20:22:42 +0000]
fixed README paths

6 weeks ago[server] Bug fix for PF firewalls without ALTQ support on FreeBSD.
Michael Rash [Sat, 19 Jul 2014 00:54:11 +0000]
[server] Bug fix for PF firewalls without ALTQ support on FreeBSD.

With this commit PF rules are added correctly regardless of whether ALTQ support
is available or not. Thanks to Barry Allard for discovering and reporting this
issue. Closes issue #121 on github.

7 weeks agominor README.md summary update
Michael Rash [Sat, 12 Jul 2014 03:41:32 +0000]
minor README.md summary update

7 weeks agominor README.md formating updates
Michael Rash [Sat, 12 Jul 2014 03:29:13 +0000]
minor README.md formating updates

7 weeks agoMerge pull request #122 from steakknife/convert_readme
Michael Rash [Fri, 11 Jul 2014 14:43:50 +0000]
Merge pull request #122 from steakknife/convert_readme

readme -> md

7 weeks agoreadme -> md
Barry Allard [Wed, 9 Jul 2014 02:09:29 +0000]
readme -> md

Signed-off-by: Barry Allard <barry.allard@gmail.com>

7 weeks ago[test suite] add --gpg-home-dir arg to GPG test
Michael Rash [Tue, 8 Jul 2014 03:55:34 +0000]
[test suite] add --gpg-home-dir arg to GPG test

7 weeks ago[test suite] add variable expansion and fwknopd override tests
Michael Rash [Tue, 8 Jul 2014 03:50:24 +0000]
[test suite] add variable expansion and fwknopd override tests

7 weeks ago[test suite] run interrupt signal test against foreground fwknopd process
Michael Rash [Tue, 8 Jul 2014 03:41:17 +0000]
[test suite] run interrupt signal test against foreground fwknopd process

7 weeks ago[server] handle signal vars in dedicated function
Michael Rash [Tue, 8 Jul 2014 03:37:08 +0000]
[server] handle signal vars in dedicated function

7 weeks ago[server] alert the user when config file variable expansion references invalid var
Michael Rash [Tue, 8 Jul 2014 03:30:49 +0000]
[server] alert the user when config file variable expansion references invalid var

7 weeks ago[test suite] add GPG test for a manually altered SPA packet
Michael Rash [Tue, 8 Jul 2014 03:16:47 +0000]
[test suite] add GPG test for a manually altered SPA packet

7 weeks ago[test suite] add SYSLOG_FACILITY tests
Michael Rash [Tue, 8 Jul 2014 02:35:27 +0000]
[test suite] add SYSLOG_FACILITY tests

7 weeks ago[server] refactor main() into a more natural breakdown of functions
Michael Rash [Tue, 8 Jul 2014 02:34:45 +0000]
[server] refactor main() into a more natural breakdown of functions

7 weeks ago[server] Fix uninitialized value usage after proper SPA authentication/decryption
Michael Rash [Tue, 8 Jul 2014 02:27:53 +0000]
[server] Fix uninitialized value usage after proper SPA authentication/decryption

Bug fix discovered with the libfiu fault injection tag
"fko_get_username_init" combined with valgrind analysis. This bug
is only triggered after a valid authenticated and decrypted SPA
packet is sniffed by fwknopd:

==11181== Conditional jump or move depends on uninitialised value(s)
==11181==    at 0x113B6D: incoming_spa (incoming_spa.c:707)
==11181==    by 0x11559F: process_packet (process_packet.c:211)
==11181==    by 0x5270857: ??? (in /usr/lib/x86_64-linux-gnu/libpcap.so.1.4.0)
==11181==    by 0x114BCC: pcap_capture (pcap_capture.c:270)
==11181==    by 0x10F32C: main (fwknopd.c:195)
==11181==  Uninitialised value was created by a stack allocation
==11181==    at 0x113476: incoming_spa (incoming_spa.c:294)

8 weeks ago[test suite] extend invalid sniff interface test to include promisc mode
Michael Rash [Sun, 6 Jul 2014 04:10:26 +0000]
[test suite] extend invalid sniff interface test to include promisc mode

8 weeks ago[test suite] add invalid sniff interface test
Michael Rash [Sun, 6 Jul 2014 03:44:40 +0000]
[test suite] add invalid sniff interface test

8 weeks ago[test suite] add invalid gpg sig ID list
Michael Rash [Sat, 5 Jul 2014 00:05:54 +0000]
[test suite] add invalid gpg sig ID list

8 weeks ago[test suite] add GPG_DISABLE_SIG test
Michael Rash [Fri, 4 Jul 2014 23:54:56 +0000]
[test suite] add GPG_DISABLE_SIG test

8 weeks ago[server] call clean_exit() upon check_dir_path() error
Michael Rash [Thu, 3 Jul 2014 14:31:30 +0000]
[server] call clean_exit() upon check_dir_path() error

8 weeks ago[test suite] minor test coverage addition for invalid locale setting
Michael Rash [Thu, 3 Jul 2014 14:17:52 +0000]
[test suite] minor test coverage addition for invalid locale setting

8 weeks ago[test suite] additional valgrind suppression for pcap-file processing
Michael Rash [Thu, 3 Jul 2014 12:52:48 +0000]
[test suite] additional valgrind suppression for pcap-file processing

2 months ago[server] Require sig ID's or fingerprints when sigs are validated
Michael Rash [Sun, 29 Jun 2014 22:46:19 +0000]
[server] Require sig ID's or fingerprints when sigs are validated

When validating access.conf stanzas make sure that one of
GPG_REMOTE_ID or GPG_FINGERPRINT_ID is specified whenever GnuPG
signatures are to be verified for incoming SPA packets. Signature
verification is the default, and can only be disabled with
GPG_DISABLE_SIG but this is NOT recommended.

2 months ago[server] add access.conf variable GPG_FINGERPRINT_ID
Michael Rash [Sun, 29 Jun 2014 21:07:55 +0000]
[server] add access.conf variable GPG_FINGERPRINT_ID

Add a new GPG_FINGERPRINT_ID variable to the access.conf file
so that full GnuPG fingerprints can be required for incoming SPA packets
in addition to the appreviated GnuPG signatures listed in GPG_REMOTE_ID.
From the test suite, an example fingerprint is

GPG_FINGERPRINT_ID            00CC95F05BC146B6AC4038C9E36F443C6A3FAD56

2 months ago[server] Call clean_exit() from daemon parent process
Michael Rash [Sun, 29 Jun 2014 21:23:20 +0000]
[server] Call clean_exit() from daemon parent process

When becoming a daemon, make sure the fwknopd parent process calls
clean_exit() to release memory before calling exit().

2 months ago[test suite] added iptables OUTPUT chain test
Michael Rash [Wed, 25 Jun 2014 02:54:27 +0000]
[test suite] added iptables OUTPUT chain test

2 months ago[test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53
Michael Rash [Mon, 23 Jun 2014 22:27:22 +0000]
[test suite] add Rjindael HMAC --no-ipt-check-support test for udp/53

2 months ago[test suite] updated --gdb mode to run the first found fwknop command from an output...
Michael Rash [Mon, 23 Jun 2014 22:21:29 +0000]
[test suite] updated --gdb mode to run the first found fwknop command from an output/*.test file

2 months ago[server] call clean_exit() on expand_acc_string_list() error
Michael Rash [Mon, 23 Jun 2014 22:10:01 +0000]
[server] call clean_exit() on expand_acc_string_list() error

2 months ago[server] call clean_exit() on add_acc_string() error
Michael Rash [Mon, 23 Jun 2014 22:02:57 +0000]
[server] call clean_exit() on add_acc_string() error

2 months ago[server] make sure clean_exit() is called on any add_acc_b64_string() errs
Michael Rash [Fri, 20 Jun 2014 23:35:02 +0000]
[server] make sure clean_exit() is called on any add_acc_b64_string() errs

2 months ago[server] minor memory leak fix for invalid FORCE_NAT var in access.conf
Michael Rash [Fri, 20 Jun 2014 23:22:35 +0000]
[server] minor memory leak fix for invalid FORCE_NAT var in access.conf

This commit fixes the following leak found by valgrind:

==6241== 568 bytes in 1 blocks are still reachable in loss record 1 of 1
==6241==    at 0x4C2A2DB: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==6241==    by 0x551537A: __fopen_internal (iofopen.c:73)
==6241==    by 0x118C8E: parse_access_file (access.c:1143)
==6241==    by 0x10F134: main (fwknopd.c:250)

2 months ago[server] minor pointer typo fix
Michael Rash [Tue, 17 Jun 2014 03:08:50 +0000]
[server] minor pointer typo fix

2 months ago[test suite] add valgrind suppressions for libfiu
Michael Rash [Mon, 16 Jun 2014 03:10:02 +0000]
[test suite] add valgrind suppressions for libfiu

2 months ago[test suite] consolidate valgrind success/failure criteria into a single function
Michael Rash [Sun, 15 Jun 2014 14:55:19 +0000]
[test suite] consolidate valgrind success/failure criteria into a single function

2 months ago[test suite] added suppressions to fko-wrapper/run_valgrind.sh
Michael Rash [Sun, 15 Jun 2014 14:34:52 +0000]
[test suite] added suppressions to fko-wrapper/run_valgrind.sh

2 months ago[libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called
Michael Rash [Sun, 15 Jun 2014 14:21:21 +0000]
[libfko] removed fko_new_strdup() fault injection tag since fko_destroy() isn't called

2 months ago[server] check fiu_enable() return value in --fault-injection mode
Michael Rash [Sun, 15 Jun 2014 13:48:37 +0000]
[server] check fiu_enable() return value in --fault-injection mode

2 months ago[test suite] added strtol_wrapper() fault injection tags
Michael Rash [Sun, 15 Jun 2014 13:41:43 +0000]
[test suite] added strtol_wrapper() fault injection tags

2 months ago[libfko] additional fault injection additions with test suite support
Michael Rash [Sun, 15 Jun 2014 01:27:18 +0000]
[libfko] additional fault injection additions with test suite support

2 months ago[test suite] additional fault injection tests
Michael Rash [Fri, 13 Jun 2014 00:29:54 +0000]
[test suite] additional fault injection tests

2 months ago[test suite] minor update to not parse crash messages out of crash test output file
Michael Rash [Fri, 13 Jun 2014 00:29:24 +0000]
[test suite] minor update to not parse crash messages out of crash test output file

2 months ago[test suite] add several fault injection tests
Michael Rash [Thu, 12 Jun 2014 04:02:18 +0000]
[test suite] add several fault injection tests

2 months ago[test suite] always run crash check at the end of test run
Michael Rash [Thu, 12 Jun 2014 04:01:58 +0000]
[test suite] always run crash check at the end of test run

2 months ago[server] skip firewall rules check in --test mode
Michael Rash [Thu, 12 Jun 2014 04:01:12 +0000]
[server] skip firewall rules check in --test mode

2 months ago[libfko] free() temp buffer right after strdup() call, add libfiu fault injection...
Michael Rash [Thu, 12 Jun 2014 04:00:40 +0000]
[libfko] free() temp buffer right after strdup() call, add libfiu fault injection tags

2 months ago[server] clean up fko_destroy() calls in main access stanza loop
Michael Rash [Thu, 12 Jun 2014 03:59:08 +0000]
[server] clean up fko_destroy() calls in main access stanza loop

2 months ago[test suite] added fiu-run fault injection tests against the fwknopd server
Michael Rash [Tue, 10 Jun 2014 01:50:55 +0000]
[test suite] added fiu-run fault injection tests against the fwknopd server

2 months ago[server] skip replay storage in --test mode (since we're not granting access anyway)
Michael Rash [Tue, 10 Jun 2014 00:48:23 +0000]
[server] skip replay storage in --test mode (since we're not granting access anyway)

2 months ago[server] skip fw initialization and cleanup in --test mode
Michael Rash [Tue, 10 Jun 2014 00:45:01 +0000]
[server] skip fw initialization and cleanup in --test mode

2 months ago[server] minor fwknopd --help output update
Michael Rash [Tue, 10 Jun 2014 00:40:44 +0000]
[server] minor fwknopd --help output update

2 months ago[libfko] bug fix to check strdup() return value
Michael Rash [Mon, 9 Jun 2014 03:09:55 +0000]
[libfko] bug fix to check strdup() return value

Using the 'fiu-run' fault injection binary, a couple of cases were
turned up with libfko does not properly check the strdup() return value.
This commit fixes these issues, and here is an illustration of the stack
trace for one such issue:

  Core was generated by `../client/.libs/fwknop -A tcp/22 -a 127.0.0.2 -D
  127.0.0.1 --get-key local_spa.'.
  Program terminated with signal 11, Segmentation fault.
  #0  __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34
  34      ../sysdeps/x86_64/multiarch/../strnlen.S: No such file or directory.
  (gdb) where
  #0  __strnlen_sse2 () at ../sysdeps/x86_64/multiarch/../strnlen.S:34
  #1  0x00007effa38189bc in _rijndael_encrypt (enc_key_len=<optimized out>, enc_key=<optimized out>, ctx=0x7effa5945750) at fko_encryption.c:141
  #2  fko_encrypt_spa_data (ctx=0x7effa5945750, enc_key=<optimized out>, enc_key_len=<optimized out>) at fko_encryption.c:605
  #3  0x00007effa381a2d6 in fko_spa_data_final (ctx=0x7effa5945750, enc_key=enc_key@entry=0x7fff3ff4aa10 "fwknoptest", enc_key_len=<optimized out>, hmac_key=hmac_key@entry=0x7fff3ff4aaa0 "", hmac_key_len=0) at fko_funcs.c:489
  #4  0x00007effa405f2fb in main (argc=<optimized out>, argv=<optimized out>) at fwknop.c:449

2 months ago[test suite] make valgrind suppressions slightly more perscriptive
Michael Rash [Mon, 9 Jun 2014 00:22:19 +0000]
[test suite] make valgrind suppressions slightly more perscriptive

2 months ago[test suite] in valgrind mode, make tests fail whenever there are 'definitely' or...
Michael Rash [Mon, 9 Jun 2014 00:20:19 +0000]
[test suite] in valgrind mode, make tests fail whenever there are 'definitely' or 'indirectly' lost bytes in memory

2 months ago[client] minor bug fix for condition under which fiu_* functions are called for fault...
Michael Rash [Mon, 9 Jun 2014 00:19:03 +0000]
[client] minor bug fix for condition under which fiu_* functions are called for fault injection

2 months ago[libfko] fko_new() bug fix to not leak memory under fko_set_... error conditions
Michael Rash [Sat, 7 Jun 2014 01:28:28 +0000]
[libfko] fko_new() bug fix to not leak memory under fko_set_... error conditions

This commit changes how fko_new() deals with FKO context initialization
to not set ctx->initval back to zero (uninitialized) imediately after
calling each fko_set_... function and before checking the fko_set_... return
value.  The reason for this change is that fko_destroy() checks for
context initialization via ctx->initval before calling free() against
any heap allocated context member. So, if fko_set_... returns an error,
fko_destroy() (previous to this commit) would have no opportunity to
free such members.

This bug was found with fault injection testing provided by libfiu
together with valgrind. Specifically the following test suite command
exposes the problem (from the test/ directory):

./test-fwknop.pl --enable-complete --include "fault injection.*libfko"

In the resulting output/2.test file valgrind reports the following:

==27941== LEAK SUMMARY:
==27941==    definitely lost: 264 bytes in 1 blocks
==27941==    indirectly lost: 28 bytes in 3 blocks
==27941==      possibly lost: 0 bytes in 0 blocks
==27941==    still reachable: 1,099 bytes in 12 blocks
==27941==         suppressed: 0 bytes in 0 blocks

After this commit is applied, this changes to:

==7137== LEAK SUMMARY:
==7137==    definitely lost: 0 bytes in 0 blocks
==7137==    indirectly lost: 0 bytes in 0 blocks
==7137==      possibly lost: 0 bytes in 0 blocks
==7137==    still reachable: 1,099 bytes in 12 blocks
==7137==         suppressed: 0 bytes in 0 blocks

Note that 'definitely lost' in valgrind output means there is a real
memory leak that needs to be fixed whereas 'still reachable' is most
likely not a real problem according to:

http://valgrind.org/docs/manual/faq.html#faq.deflost

2 months ago[test suite] additional fix for duplicate fault injection tags
Michael Rash [Fri, 6 Jun 2014 03:13:01 +0000]
[test suite] additional fix for duplicate fault injection tags

2 months ago[test suite] minor fix for duplicate fault injection tags
Michael Rash [Fri, 6 Jun 2014 03:10:41 +0000]
[test suite] minor fix for duplicate fault injection tags

2 months agoadd --fault-injection-tag support to the client/server/libfko
Michael Rash [Fri, 6 Jun 2014 03:05:49 +0000]
add --fault-injection-tag support to the client/server/libfko

This is a significant commit to add the ability to leverage libfko fault
injections from both the fwknop client and server command lines via a
new option '--fault-injection-tag <tag name>'.  This option is used by
the test suite with the tests/fault_injection.pl tests.

2 months ago[test suite] added coverage_diff.py
Michael Rash [Mon, 2 Jun 2014 02:30:54 +0000]
[test suite] added coverage_diff.py

This commit adds support for diff'ing before and after gcov/lcov results
to see when new function/line coverage is added by the test suite.  Here
is an example of its output:

Sun Jun  1 22:28:00 2014 CMD: ./coverage_diff.py
[+] Coverage: /home/mbr/git/fwknop.git/server/config_init.c
[+] new 'fcns' coverage: usage()
[+] new 'lines' coverage: 1015
[+] new 'lines' coverage: 1017
[+] new 'lines' coverage: 1019
[+] new 'lines' coverage: 1059
[+] new 'lines' coverage: 979
[+] Coverage: /home/mbr/git/fwknop.git/server/fw_util_iptables.c
[+] new 'lines' coverage: 560
[+] new 'lines' coverage: 561

3 months ago[test suite] add shell escape for /usr/include/* wildcard on lcov command line
Michael Rash [Tue, 27 May 2014 03:15:09 +0000]
[test suite] add shell escape for /usr/include/* wildcard on lcov command line