third-party-mirrors/sslh
1
0
Fork 0
mirror of https://github.com/yrutschle/sslh.git synced 2025-04-16 09:00:36 +03:00
Code Issues Packages Projects Releases Wiki Activity
671 Commits 3 Branches 42 Tags
Commit Graph

671 Commits

This Branch
This Branch
All Branches
Author SHA1 Message Date
yrutschle
a5d00568b5
Merge pull request #199 from rom1dep/sni_alpn_errmatching 
tls: proposed fix for incorrect SNI/ALPN matching
 2018-08-30 23:16:28 +02:00
yrutschle
ffe9971624 test suite for SNI/ALPN with multiple targets and all combinations covered 2018-08-30 19:50:53 +02:00
Yves Rutschle
1693436cc3 automatic test for SNI/ALPN (single target) 2018-08-29 19:18:23 +02:00
Romain DEP.
e42f670112 tls: proposed fix for incorrect SNI/ALPN matching 2018-08-21 22:36:01 +02:00
Yves Rutschle
60df92c2b2 prevent repeated reads on broken sockets 2018-08-14 23:05:49 +02:00
Yves Rutschle
8ad32816a6 last_p might be used uninitialised if last probe has no probe set (which I don't think might happen, but anyhow...) 2018-08-14 22:52:52 +02:00
Yves Rutschle
677e385fec new probing algorithm 2018-08-13 22:29:09 +02:00
Yves Rutschle
b6db83a701 also test probes when no fragmentation occurs 2018-08-12 21:45:42 +02:00
Yves Rutschle
3a17bd6832 removed obsolete tests 2018-08-12 21:35:42 +02:00
Yves Rutschle
94911c1c2a cleaner framework to test all probes methodically (not all tests work as the probe code needs to be reworked) 2018-08-11 23:13:24 +02:00
Yves Rutschle
d7889588da Merge branch 'master' of https://www.github.com/yrutschle/sslh 2018-08-04 22:34:20 +02:00
Yves Rutschle
ad2b595280 Test suite: some cleanup and use config file instead of command-line parameters 2018-08-04 22:33:02 +02:00
Yves Rutschle
9df1ab8404 fix man page on timeout default protocol 2018-07-31 19:54:46 +00:00
yrutschle
10fb0bce6f
Merge pull request #192 from candrews/patch-5 
Include common.h in systemd-sslh-generator.c
 2018-07-11 13:18:50 +02:00
Craig Andrews
eb53c45351
Include common.h in systemd-sslh-generator.c 
Fixes https://github.com/yrutschle/sslh/issues/188
 2018-07-06 12:30:28 -04:00
Yves Rutschle
a1cc399ae5 fix syslog facility name check 2018-07-03 12:22:03 +02:00
yrutschle
108a9780d8
Merge pull request #187 from msantos/segfault 
Fix potential segfaults (unverified malloc() returns) and other robustness issues
 2018-06-18 16:45:51 +02:00
Michael Santos
9228171eb0 config: exit if list element is invalid 2018-06-18 10:35:28 -04:00
Michael Santos
8ce2b2ea05 Check memory allocations succeed 2018-06-18 10:35:28 -04:00
Michael Santos
4c132e3c8d config: segfault parsing invalid sni/alpn 
Check return value of config_setting_get_string_elem() for error
before passing the result to strlen():

~~~ segfault.conf
protocols:
(
 { name: "tls"; host: "localhost"; port: "8443";  sni_hostnames:  [ 0 ];
}
);
~~~
 2018-06-18 10:35:28 -04:00
Michael Santos
cfd0163a5b main_loop: initialize in_socket 
in_socket may be used uninitialized if no addresses are available.

~~~
sslh-select.c:415:8: warning: Function call argument is an uninitialized value
                            check_access_rights(in_socket, cnx[i].proto->service)) {
                            ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
~~~
 2018-06-18 10:35:28 -04:00
Michael Santos
5cf591a254 Avoid segfault with malformed IPv6 address 
A literal IPv6 address without a trailing bracket will result in a write
past the end of the address buffer:

~~~ segfault.conf
protocols:
(
 { name: "tls"; host: "["; port: "8443"; }
);
~~~

~~~
$ sslh-select -p 127.0.0.1:443 --foreground -F./segfault.conf
[: no closing bracket in IPv6 address?
Segmentation fault (core dumped)
~~~
 2018-06-18 10:35:28 -04:00
Michael Santos
c179d9a57b start_listen_sockets: exit if no addresses 
Do not allocate a 0 byte buffer if no addresses are available:

    common.c:122:14: warning: Call to 'malloc' has an allocation size of 0 bytes
       *sockfd = malloc(num_addr * sizeof(*sockfd[0]));
		 ^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
 2018-06-18 10:35:28 -04:00
yrutschle
336e8bb9d1
Merge pull request #186 from Revertron/patch-1 
Fixed a typo
 2018-06-14 16:36:13 +02:00
Roman
0ada00474b
Fixed a typo 
Just a typo in usage text.
 2018-06-14 14:31:50 +02:00
Yves Rutschle
95e8f5731c document magic constant in socks5 probe 2018-06-13 12:40:02 +00:00
Yves Rutschle
dfd9e14866 fix socks5 probe 2018-06-13 09:52:49 +02:00
yrutschle
552723cc5f
Merge pull request #180 from sanmai/patch-1 
Update README.md
 2018-06-01 10:31:34 +02:00
Alexey Kopytko
09aaf39e25
Update README.md 
Removed redundant dollar signs since they're not used anywhere else in the README.
 2018-06-01 15:13:50 +09:00
Yves Rutschle
7acf9627ee fix memory leak when using transparent proxying 2018-05-29 12:38:57 +02:00
Yves Rutschle
b8e63a4d9d fixed systemd config to correct path 2018-05-26 17:02:15 +00:00
yrutschle
f451cc8bed
Merge pull request #172 from WeirdCarrotMonster/master 
Added support for socks5 protocol
 2018-04-16 22:38:06 +02:00
Eugene Protozanov
a43dd11fc9 Added support for socks5 protocol 2018-04-16 15:27:31 +04:00
yrutschle
3a61c8b0b1
Merge pull request #167 from HighwindsHipsApp/master 
Fixed parent/child usage after initial fork in sslh-fork.c
v1.19c 		2018-02-11 18:42:21 +01:00
Josh Tway
0c928fedbb Fixed issue in sslh-fork.c where the parent was being used instead of the child after forking. This was breaking multiple unit tests (on CentOS 7 at least) 2018-02-08 17:22:22 -05:00
Yves Rutschle
1a6ba5edc0 fix IPv6 parse error introduced in 7bf3e12c30d0585743792982ed8bcfc44aecae34 v1.19b 2018-01-27 22:59:52 +01:00
Yves Rutschlé
83be63d282 v1.19 v1.19 2018-01-20 18:40:15 +00:00
Yves Rutschlé
3ab2acdafa fix fork failure handling 2018-01-11 14:45:32 +00:00
Yves Rutschlé
c8c6688d16 add file and line number upon error messages 2018-01-10 22:10:19 +00:00
Yves Rutschlé
9a85efded5 log error message in case fork fails 2018-01-08 18:54:01 +00:00
Yves Rutschlé
7bf3e12c30 Don't clobber data in libconfig space, copy it before 
changing it. So far it worked, but really that's not
respecting the contract.
 2018-01-07 16:43:50 +00:00
Yves Rutschlé
bc72c4ac42 clarify regex examples are just examples 2018-01-07 15:42:52 +00:00
Yves Rutschlé
fc9cb27746 fix ALPN configuration logic 2018-01-06 22:43:16 +00:00
Yves Rutschlé
2c3518beb4 configuration examples for fork option 2018-01-06 22:42:39 +00:00
yrutschle
141e4b4f83
Merge pull request #105 from vapier/master 
add chroot support
 2018-01-03 20:34:05 +01:00
Mike Frysinger
0fb4c6b2ad add chroot support 
This allows people to chroot sslh into a path to further harden it.

We have to rework the user logic a bit because we need to look up
the user details *before* we chroot (as we need to read /etc/passwd
files), but do the actual priv dropping *after* we chroot (so we
have permission to make the actual chroot call).

Similarly, we need to open the syslog before we drop privs because
/dev/log won't be available inside the chroot.
 2018-01-03 10:19:59 -05:00
yrutschle
d9541392f8
Merge pull request #139 from tmolitor-stud-tu/master 
Better documentation of transparent proxy support with more features
 2018-01-02 23:24:46 +01:00
yrutschle
24cd3d0974
Merge pull request #161 from pali/master 
Ensure that IPv6 socket would listen only for IPv6 connections
 2018-01-02 23:19:00 +01:00
yrutschle
d26eab728c
Merge pull request #143 from astiob/select-fork 
sslh-select: support forking for particular protocols
 2018-01-02 22:26:58 +01:00
yrutschle
53e00c27ff
Merge pull request #159 from rdebath/patch-5 
Translate systemd C99 and C++ code to old C
 2018-01-02 22:23:19 +01:00