debauchee/barrier
1
1
Fork 0
mirror of https://github.com/debauchee/barrier.git synced 2024-11-22 07:20:15 +03:00
Code Issues Packages Projects Releases Wiki Activity
3,920 Commits 20 Branches 42 Tags 86 MiB
master
Commit Graph

3920 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
Povilas Kanapickas
9cf590ccd7 lib: Make ThreadFunc return nothing 2021-11-01 14:41:53 +02:00
Povilas Kanapickas
815e80ec4d lib: Remove unused threading functionality related to thread results 2021-11-01 14:41:53 +02:00
Povilas Kanapickas
666460aced lib/platform: Use std::function instead of IJob in MSWindowsDesks 2021-11-01 14:41:53 +02:00
Povilas Kanapickas
4486830fdb
Merge pull request #1351 from p12tic/fix-ssl-crash-closing-connections 
Fix ssl-related crashes when closing connections [SECURITY VULNERABILITY CVE-2021-42074]
 2021-11-01 14:40:11 +02:00
Povilas Kanapickas
f0efe043bb lib/net: Fix incorrect sharing of data between different SSL sessions 2021-11-01 14:05:49 +02:00
Povilas Kanapickas
8b937a4abd lib/net: Fix race conditions when closing SSL connections 
This fixes the following security vulnerability:
- CVE-2021-42074 SIGSEGV on quick open/close sequence while sending
Hello message

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 14:05:49 +02:00
Povilas Kanapickas
caeebf6c36
Merge pull request #1350 from p12tic/fix-file-handles-leak 
Fix file descriptor leak on incomplete connections [SECURITY VULNERABILITY CVE-2021-42075]
 2021-11-01 14:04:45 +02:00
Povilas Kanapickas
aaa0e4d2e0
Merge pull request #1349 from p12tic/types-cleanup 
Cleanup declarations of {S,U}Int{8,16,32} types
 2021-11-01 14:04:32 +02:00
Povilas Kanapickas
deefecc262 lib/server: Close connection when client app-level handshake fails 
This fixes the following security vulnerability:
 - CVE-2021-42075 DoS via file descriptor exhaustion

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:58:21 +02:00
Povilas Kanapickas
20f66fe133 lib/common: Clean up declarations of {S,U}Int{8,16,32} types 2021-11-01 05:56:53 +02:00
Povilas Kanapickas
676fa39f9a lib/platform: Switch remaining ObjC source files to ObjC++ 2021-11-01 05:56:53 +02:00
Povilas Kanapickas
00e182d22e
Merge pull request #1347 from p12tic/enforce-max-message-length 
Enforce max message length [SECURITY VULNERABILITY CVE-2021-42076]
 2021-11-01 05:56:38 +02:00
Povilas Kanapickas
dd31d0a539
Merge pull request #1348 from p12tic/fix-openssl-windows-applink 
Include openssl applink shim into Windows builds
 2021-11-01 05:56:22 +02:00
Povilas Kanapickas
e8ac56b045 lib/net: Include openssl applink shim into Windows builds 2021-11-01 05:48:26 +02:00
Povilas Kanapickas
fd5295eb31 lib/barrier: Disconnect client on too long input packets 
This commit is the 3/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:18:53 +02:00
Povilas Kanapickas
af90f39b4a lib/net: Limit the maximum size of TCP or SSL input buffers 
This commit is the 2/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:18:52 +02:00
Povilas Kanapickas
e33c81b835 lib: Enforce a maximum length of input messages 
This commit is the 1/3 part of the fix for the following security
vulnerability:
 - CVE-2021-42076 DoS via excess length messages

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 05:18:51 +02:00
Povilas Kanapickas
cc369820d4 lib/server: Remove unused code 2021-11-01 05:18:50 +02:00
Povilas Kanapickas
7ab8e0101d lib/server: Add a note about taking pointer to virtual member function 2021-11-01 05:18:49 +02:00
Povilas Kanapickas
b677a0b419
Merge pull request #1344 from p12tic/windows-build-cleanup 
Windows build cleanup
 2021-11-01 05:16:09 +02:00
Povilas Kanapickas
b5adc93e2b
Merge pull request #1346 from p12tic/client-identity-verification 
Implement client identity verification [SECURITY VULNERABILITIES CVE-2021-42072, CVE-2021-42073]
 2021-11-01 05:15:48 +02:00
Povilas Kanapickas
7cacbd1489 gui: Improve formatting of the fingerprint acceptance dialog 2021-11-01 04:50:17 +02:00
Povilas Kanapickas
165100a0d2 gui: Extract barrier type to separate enum 2021-11-01 04:50:16 +02:00
Povilas Kanapickas
229abab99f Implement client identity verification 
This commit fixes two security vulnerabilities: CVE-2021-42072 and
CVE-2021-42073.

The issues have been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 04:50:15 +02:00
Povilas Kanapickas
e79bdf333c gui: Fix fingerprint database being not populated due to missing dirs 2021-11-01 04:50:14 +02:00
Povilas Kanapickas
57769cffda lib/net: Pass connection security level to within socket classes 2021-11-01 04:50:13 +02:00
Povilas Kanapickas
5c7d7194d5 lib/net: Use enum for connection security level instead of boolean 2021-11-01 04:50:12 +02:00
Povilas Kanapickas
82b8fa905e lib/net: Improve name of showCertificate() to reflect what it does 2021-11-01 04:50:11 +02:00
Povilas Kanapickas
133e447fb6 lib/net: Don't hardcode fingerprint DB path in verify_cert_fingerprint() 2021-11-01 04:50:10 +02:00
Povilas Kanapickas
8bc280e0dd gui: Add configuration for requiring client certificates 2021-11-01 04:50:09 +02:00
Povilas Kanapickas
ed32e2e326 gui: Expand checkboxes in settings dialog through both grid columns 2021-11-01 04:50:08 +02:00
Povilas Kanapickas
4d73ed9fdd lib/net: Present client certificate when connecting to server 2021-11-01 04:50:07 +02:00
Povilas Kanapickas
92ba6f61e6 gui: Move SSL fingerprint labels out of server frame 
SSL fingerprints will be used to auth both server and client.
 2021-11-01 04:50:06 +02:00
Povilas Kanapickas
c0ce893711 lib/net: Load client SSL certificates when connecting 2021-11-01 04:50:05 +02:00
Povilas Kanapickas
cb0480fe84 cmake: Silence tr1 deprecation warning on MSVC 2021-11-01 04:48:56 +02:00
Povilas Kanapickas
f9c051fc82 Use cmake --build to build on Windows 2021-11-01 04:48:56 +02:00
Povilas Kanapickas
6d7eca42b7
Merge pull request #1345 from p12tic/filesystem-cleanup 
Filesystem operations cleanup
 2021-11-01 04:47:16 +02:00
Povilas Kanapickas
0f3afed664 gui: Switch SSL certificate handler to barrier::fs paths 2021-11-01 04:29:54 +02:00
Povilas Kanapickas
b76b332f2f lib/common: Move SSL certificate path definition to common location 2021-11-01 04:29:53 +02:00
Povilas Kanapickas
d033ffa3d8 lib/net: Use fs::is_regular_file() to check for path existence 2021-11-01 04:29:52 +02:00
Povilas Kanapickas
220f9e8274 lib/common: Remove unused file 2021-11-01 04:29:51 +02:00
Povilas Kanapickas
a2ca7e29f5 lib/common: Switch data directories to fs::path 2021-11-01 04:29:50 +02:00
Povilas Kanapickas
298980fa86 lib/common: Move DataDirectories to barrier namespace 2021-11-01 04:29:49 +02:00
Povilas Kanapickas
677612d342 lib/common: Replace PathUtilities::basename with barrier::fs equivalent 2021-11-01 04:29:48 +02:00
Povilas Kanapickas
e7d936b5d7 lib/common: Replace PathUtilities::concat with barrier::fs equivalent 2021-11-01 04:29:47 +02:00
Povilas Kanapickas
bcafdc6783 src/lib: Switch to ghc::filesystem in path utilities 2021-11-01 04:29:46 +02:00
Povilas Kanapickas
a987605513 lib/io: Rename fstream.h to filesystem.h 2021-11-01 04:29:45 +02:00
Povilas Kanapickas
801a5a7084 ext: Add https://github.com/gulrak/filesystem for filesystem operations 2021-11-01 04:29:44 +02:00
Povilas Kanapickas
22ac14be8c
Merge pull request #1343 from p12tic/sha256-fingerprints 
Add support for SHA256 fingerprints
 2021-11-01 04:21:17 +02:00
Povilas Kanapickas
a428b61c7d gui: Add support for SHA256 fingerprints 
For the time being both SHA1 and SHA256 fingerprints will be shown in
the UI. This allows users to verify new connections between old and new
versions of Barrier. After the initial verification we use SHA256
fingerprints.

The issue has been reported by Matthias Gerstner <mgerstner@suse.de>.
 2021-11-01 04:07:09 +02:00