backup/barrier
1
0
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2026-02-08 12:53:53 +08:00
Code Issues Projects Releases Wiki Activity
3,859 Commits 20 Branches 42 Tags
aaa0e4d2e04e7f5e9894e20b79faeb9e2abb8188
Commit Graph

1140 Commits

Author SHA1 Message Date
Povilas Kanapickas
20f66fe133 lib/common: Clean up declarations of {S,U}Int{8,16,32} types 2021-11-01 05:56:53 +02:00
Povilas Kanapickas
676fa39f9a lib/platform: Switch remaining ObjC source files to ObjC++ 2021-11-01 05:56:53 +02:00
Povilas Kanapickas
00e182d22e Merge pull request #1347 from p12tic/enforce-max-message-length 
Enforce max message length [SECURITY VULNERABILITY CVE-2021-42076]
 2021-11-01 05:56:38 +02:00
Povilas Kanapickas
e8ac56b045 lib/net: Include openssl applink shim into Windows builds 2021-11-01 05:48:26 +02:00
Povilas Kanapickas
fd5295eb31 lib/barrier: Disconnect client on too long input packets 
This commit is the 3/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:18:53 +02:00
Povilas Kanapickas
af90f39b4a lib/net: Limit the maximum size of TCP or SSL input buffers 
This commit is the 2/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:18:52 +02:00
Povilas Kanapickas
e33c81b835 lib: Enforce a maximum length of input messages 
This commit is the 1/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:18:51 +02:00
Povilas Kanapickas
cc369820d4 lib/server: Remove unused code 2021-11-01 05:18:50 +02:00
Povilas Kanapickas
7ab8e0101d lib/server: Add a note about taking pointer to virtual member function 2021-11-01 05:18:49 +02:00
Povilas Kanapickas
165100a0d2 gui: Extract barrier type to separate enum 2021-11-01 04:50:16 +02:00
Povilas Kanapickas
229abab99f Implement client identity verification 
This commit fixes two security vulnerabilities: CVE-2021-42072 and
CVE-2021-42073.

The issues have been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 04:50:15 +02:00
Povilas Kanapickas
57769cffda lib/net: Pass connection security level to within socket classes 2021-11-01 04:50:13 +02:00
Povilas Kanapickas
5c7d7194d5 lib/net: Use enum for connection security level instead of boolean 2021-11-01 04:50:12 +02:00
Povilas Kanapickas
82b8fa905e lib/net: Improve name of showCertificate() to reflect what it does 2021-11-01 04:50:11 +02:00
Povilas Kanapickas
133e447fb6 lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint() 2021-11-01 04:50:10 +02:00
Povilas Kanapickas
4d73ed9fdd lib/net: Present client certificate when connecting to server 2021-11-01 04:50:07 +02:00
Povilas Kanapickas
c0ce893711 lib/net: Load client SSL certificates when connecting 2021-11-01 04:50:05 +02:00
Povilas Kanapickas
b76b332f2f lib/common: Move SSL certificate path definition to common location 2021-11-01 04:29:53 +02:00
Povilas Kanapickas
d033ffa3d8 lib/net: Use fs::is_regular_file() to check for path existence 2021-11-01 04:29:52 +02:00
Povilas Kanapickas
220f9e8274 lib/common: Remove unused file 2021-11-01 04:29:51 +02:00
Povilas Kanapickas
a2ca7e29f5 lib/common: Switch data directories to fs::path 2021-11-01 04:29:50 +02:00
Povilas Kanapickas
298980fa86 lib/common: Move DataDirectories to barrier namespace 2021-11-01 04:29:49 +02:00
Povilas Kanapickas
677612d342 lib/common: Replace PathUtilities::basename with barrier::fs equivalent 2021-11-01 04:29:48 +02:00
Povilas Kanapickas
e7d936b5d7 lib/common: Replace PathUtilities::concat with barrier::fs equivalent 2021-11-01 04:29:47 +02:00
Povilas Kanapickas
bcafdc6783 src/lib: Switch to ghc::filesystem in path utilities 2021-11-01 04:29:46 +02:00
Povilas Kanapickas
a987605513 lib/io: Rename fstream.h to filesystem.h 2021-11-01 04:29:45 +02:00
Povilas Kanapickas
a428b61c7d gui: Add support for SHA256 fingerprints 
For the time being both SHA1 and SHA256 fingerprints will be shown in
the UI. This allows users to verify new connections between old and new
versions of Barrier. After the initial verification we use SHA256
fingerprints.

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
b7757fbd68 lib/net: Implement a way to generate fingerprint randomart 
The code has been copied from OpenSSH.
 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
7cced74119 lib/net: Use FingerprintData to represent fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
50534ecb43 lib/net: Use new FingerprintDatabase to handle fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
be8ba0d132 gui: Use new FingerprintDatabase to handle fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
9cac96b4af lib/net: Implement a reusable fingerprint database 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
3e71b468f6 lib: Remove useless empty constructors 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
8f88dc2585 lib/base: Support colons in from_hex() 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
aa3afa9062 Use openssl library instead of CLI to generate certificates 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
dbf56a9375 gui: Use openssl library instead of CLI tool to generate fingerprints 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
cf732aba37 lib/io: Add a replacement for fopen() which works on Windows 
fopen() does not correctly handle non-ASCII paths on Windows.
 2021-11-01 04:07:09 +02:00
Povilas Kanapickas
089b8e4749 lib/net: Extract SSL fingerprint generation to reusable function 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
85486927b3 lib/base: Implement pattern to execute something at function exit 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
cd7e731cb7 lib: Switch to std::vector<std::uint8_t> for fingerprint data 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
ef08470286 src/lib: Use standard std::vsnprintf() instead of hacking our own 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
b793675ef8 lib/net: Put secure utils into barrier namespace 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
a9b30951ce lib: Add utility function to convert from hex to binary 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
96e0021572 lib/base: Make to_hex() easier to use 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
7f71924a86 lib/net: Make format_ssl_fingerprint() easier to use 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
0e406d4918 lib/net: Extract fingerprint formatting out of SecureSocket 2021-11-01 03:19:47 +02:00
Povilas Kanapickas
bfa8964305 Enable encryption by default 2021-11-01 03:00:09 +02:00
Povilas Kanapickas
d24f368efe Correctly open files with non-ASCII paths on Windows 
This fixes #976, fixes #974, fixes #444.

On Windows the standard stream open() functions expect bytes encoded in
current system encoding, not UTF8. Since we're dealing with UTF8
throughout the application this results in wrong paths being passed and
failure to open files. As a solution, we convert the paths to UTF16 via
the WCHAR character type and use the special Windows-specific overloads
of open() functions.
 2021-10-30 01:03:09 +03:00
Povilas Kanapickas
8286c85dc0 lib/common/win32: Extract unicode_to_mb() to separate file 2021-10-30 01:03:09 +03:00
Povilas Kanapickas
15a955ff21 Revert "Use ansi codepage for internal multibyte strings on windows" 
This reverts commit 402801e0a6.

We should use UTF8 throughout the application and convert to platform
encodings only at the edge. Otherwise it's not clear which data uses
which encoding and we result in extremele brittle system.
 2021-10-30 01:03:09 +03:00