eurephia.git/plugin, branch beta Unnamed repository; edit this file to name it for gitweb. Restrict log length of mac address 2009-10-13T12:37:24+00:00 David Sommerseth dazo@users.sourceforge.net 2009-10-13T12:29:57+00:00 cb36a1434c9ebdfa926bc3980c33f4a94b106964 






Always process certificate depth as integer
2009-10-13T12:37:24+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-13T12:25:50+00:00

c6621d108bb8beb97ca6185c0c11d4fbffab5a1b












Fixed memory leak in the firewall implementation and added mlock() usage
2009-10-06T15:54:59+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-06T15:54:59+00:00

3a2290433a654a8b5f07a1db1f8142ec01ca57a7

The memory leak was caused by not freeing the shadow context the firewall
child process uses for logging.  In addition this child process had a
connection to the database open as well, which was not needed.  This
connection is now disconnected immediately after the child process has
started.

Added also usage of mlock() to protect sensitive information from being
swapped out to disk.





The memory leak was caused by not freeing the shadow context the firewall
child process uses for logging.  In addition this child process had a
connection to the database open as well, which was not needed.  This
connection is now disconnected immediately after the child process has
started.

Added also usage of mlock() to protect sensitive information from being
swapped out to disk.







Added missing doxygen comments to environment.h
2009-10-05T16:09:57+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-05T16:09:57+00:00

473070ef1a145e67ec37a58650134c0ff1e9d23c












Use macros to extract values via get_env()
2009-10-04T22:01:18+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-04T22:01:18+00:00

164032f3fcf86d4f08244764aab1b68a0fb6c71e

This has two purposes.  To make the code more readable and to use the
same maximum length of the data being retrieved from the environment table.





This has two purposes.  To make the code more readable and to use the
same maximum length of the data being retrieved from the environment table.







Only DEBUG log what get_env() will return
2009-10-04T22:00:23+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-04T22:00:23+00:00

8f8632ef5f8e63cc9495550c09605d4cc9c58de8












Moved the get_env() function into its own file
2009-10-04T21:23:07+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-04T21:23:07+00:00

af7c53924fffc20b63c7fca26ec8b103d724e58b












Restrict input data length for plug-in arguments from openvpn
2009-10-04T21:13:06+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-04T21:13:06+00:00

53611ee129ab91c60f61a591b32e46bfac39abf7

This only affects functions related to MAC address and certificate depth





This only affects functions related to MAC address and certificate depth







Tightening the building of the seeddata string even more
2009-10-02T21:27:09+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-02T21:27:09+00:00

e2f140c24d0e5c1ed246ee6abc437f26f2424b08

This is a follow up of commit 80b41e27b7361633bee17c64bbb95490dc94ab9f





This is a follow up of commit 80b41e27b7361633bee17c64bbb95490dc94ab9f







Fixed possible integer overflow issue
2009-10-02T21:12:45+00:00

David Sommerseth
dazo@users.sourceforge.net

2009-10-02T21:12:45+00:00

80b41e27b7361633bee17c64bbb95490dc94ab9f

The eDBopen_session_seed() function was prune to an integer overflow issue, if
the input data (some which comes from clients) exeeds the size_t max value which
calloc() uses (via malloc_nullsafe()).  The totlen variable was in addition defined
as int and the totlen value was multiplied by 2.

The fix was to use the maximum values used when calling get_env().  These values the
maximum can then be added together to retrieve the maximum length of the seeddata string.
This should also make the execution go slightly quicker as strlen_nullsafe() is no
longer called for each of the input variables.  In addition, there are no reasons to
multiply the totlen value by two as it did.

Credit goes to Larry Highsmith for noticing this potential problem.





The eDBopen_session_seed() function was prune to an integer overflow issue, if
the input data (some which comes from clients) exeeds the size_t max value which
calloc() uses (via malloc_nullsafe()).  The totlen variable was in addition defined
as int and the totlen value was multiplied by 2.

The fix was to use the maximum values used when calling get_env().  These values the
maximum can then be added together to retrieve the maximum length of the seeddata string.
This should also make the execution go slightly quicker as strlen_nullsafe() is no
longer called for each of the input variables.  In addition, there are no reasons to
multiply the totlen value by two as it did.

Credit goes to Larry Highsmith for noticing this potential problem.