ims-volte-vowifi
/
strongswan
9
0
Fork 0
Code Pull Requests Releases Activity
17,934 Commits 6 Branches 233 Tags 88 MiB
Commit Graph

34 Commits

Author SHA1 Message Date
Tobias Brunner 1b67166921 Unify format of HSR copyright statements 2018-05-23 16:32:53 +02:00
Andreas Steffen b12c53ce77 Use standard unsigned integer types 2016-03-24 18:52:48 +01:00
Tobias Brunner 1507647434 unknown-payload: Use a new private payload type and make original type available 
This fixes a DoS and potential remote code execution vulnerability that was
caused because the original payload type that was returned previously was
used to cast such payload objects to payloads of the indicated type (e.g.
when logging notify payloads with a payload type for the wrong IKE version).

Fixes CVE-2015-3991.
 2015-06-01 09:42:11 +02:00
Tobias Brunner 75dd984e9e ike: Allow creation of internally used payloads 
Since 42e0a317c6 ("ike: Only parse payloads valid for the current IKE
version") payload types are checked before creating objects.  This check
failed for internally used payload types (e.g. proposal substructures),
which have a type >= 256, i.e. outside the IKE payload type range.
 2014-12-12 13:10:26 +01:00
Tobias Brunner fac310a467 ike: Make check for known payloads depend on IKE version 2014-12-05 15:41:46 +01:00
Tobias Brunner 4c345b15c7 ikev2: Add encrypted fragment payload 2014-10-10 09:32:37 +02:00
Tobias Brunner 147fe503af ike: Rename encryption_payload to encrypted_payload 2014-10-10 09:30:25 +02:00
Martin Willi 3ecfc83c6b payload: Use common prefixes for all payload type identifiers 
The old identifiers did not use a proper namespace and often clashed with
other defines.
 2014-06-04 15:53:03 +02:00
Tobias Brunner 8f0ab6dd36 Payload added to handle IKE fragments 2012-12-24 10:24:48 +01:00
Volker Rümelin 0ff8d20a89 Add support for draft-ietf-ipsec-nat-t-ike-03 and earlier 
This adds support for early versions of the draft that eventually
resulted in RFC 3947.
 2012-12-19 11:03:42 +01:00
Martin Willi b24be29646 Merge branch 'ikev1' 
Conflicts:
	configure.in
	man/ipsec.conf.5.in
	src/libcharon/encoding/generator.c
	src/libcharon/encoding/payloads/notify_payload.c
	src/libcharon/encoding/payloads/notify_payload.h
	src/libcharon/encoding/payloads/payload.c
	src/libcharon/network/receiver.c
	src/libcharon/sa/authenticator.c
	src/libcharon/sa/authenticator.h
	src/libcharon/sa/ikev2/tasks/ike_init.c
	src/libcharon/sa/task_manager.c
	src/libstrongswan/credentials/auth_cfg.c
 2012-05-02 11:12:31 +02:00
Andreas Steffen f54c4ed8d6 added GSPM IKEv2 payload 2012-04-03 12:21:39 +02:00
Martin Willi 3ba15819ed Remove executable flag from source code files 2012-03-20 17:31:22 +01:00
Clavister OpenSource 7d9269bfce certificate handling for XAuth responder. 2012-03-20 17:31:11 +01:00
Tobias Brunner 1e97783c99 Added payloads for IKEv1 NAT-Traversal negotiation. 2012-03-20 17:31:09 +01:00
Martin Willi 017d98bf39 Merged IKEv1 attribute payload/data into configuration payload/attribute 2012-03-20 17:30:49 +01:00
Clavister OpenSource 54a8a94fa9 IKEv1 ConfigMode: Added TRANSACTION exchange type. Added attribute_payload (IKEv2 equiv cp_payload) and data_attribute (IKEv2 equiv configuration_attribute) payload types. Did not combine with IKEv2 because it wasn't trivial to do so. This might be a task worth investigating in the future, because there is a decent amount of shared code here. 2012-03-20 17:30:49 +01:00
Martin Willi e1f9d6476e Register HASH_V1 in payload factory 2012-03-20 17:30:46 +01:00
Tobias Brunner 780ce7724d Strings for ENCRYPTED_V1 payload added. 2012-03-20 17:30:46 +01:00
Tobias Brunner 6f5f8ee4b5 Use modified encryption payload to encrypt/decrypt complete IKEv1 messages. 2012-03-20 17:30:46 +01:00
Martin Willi cf6cd5aa4b Added IKEv1 support to delete payload 2012-03-20 17:30:43 +01:00
Martin Willi 04ee2b7fed Added IKEv1 support to notify payload 2012-03-20 17:30:43 +01:00
Martin Willi 2a36037ec7 Extended ID payload for (non-TS) IKEv1 use 2012-03-20 17:30:42 +01:00
Martin Willi e9b55b8325 Simplify signature of get_encoding_rules(), make all rules static 2012-03-20 17:30:42 +01:00
Martin Willi 683d83ed3e Extended KE payload for IKEv1 support 2012-03-20 17:30:42 +01:00
Martin Willi bcfb0f4096 Extended nonce payload for IKEv1 support 2012-03-20 17:30:42 +01:00
Martin Willi 3f6d1b13a7 Added additional IKEv1 payload and encoding identifiers 2012-03-20 17:30:40 +01:00
Martin Willi b0b9d18593 Extend sa_payload for IKEv1 support 2012-03-20 17:30:40 +01:00
Martin Willi 837298c590 Use vendor id payload for IKEv1 payloads, too 2012-03-20 17:30:39 +01:00
Martin Willi ecf854a00b Added IKEv1 payload identifiers to "known" payload list 2012-03-20 17:30:39 +01:00
Martin Willi e33b41e7b0 Added IKEv1 payload identifiers 2012-03-20 17:30:39 +01:00
Martin Willi e662d62a76 Implemented a generic payload field lookup function 2011-01-05 16:45:51 +01:00
Martin Willi b6c796464d Use the payloads actual type in unknown_payload_t 2011-01-05 16:45:43 +01:00
Tobias Brunner 08c5572602 Moving charon to libcharon. 2010-03-19 13:34:52 +01:00