From 2c7c3b62df2661b3276253fb3d8d624d81c398a2 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Mon, 24 Dec 2018 12:25:15 +0100
Subject: added additional autoconf ICMP_FILTER compile check

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 configure.ac | 20 ++++++++++++++++++++
 1 file changed, 20 insertions(+)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index f45d875..0517201 100644
--- a/configure.ac
+++ b/configure.ac
@@ -152,6 +152,25 @@ if test x"${selinux_enabled}" != x; then
 	AC_SEARCH_LIBS([setcon], [selinux],,[selinux_enabled=],)
 fi
 
+dnl Check for ICMP_FILTER
+AC_MSG_CHECKING([for working ICMP_FILTER])
+AC_COMPILE_IFELSE(
+[AC_LANG_PROGRAM([[
+#include <netinet/in.h>
+#include <sys/socket.h>
+#include <linux/icmp.h>
+void foo() {
+    struct icmp_filter filt;
+    int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP);
+    filt.data  = ~((1<<ICMP_ECHO) | (1<<ICMP_ECHOREPLY));
+    setsockopt(sockfd, SOL_RAW, ICMP_FILTER, &filt, sizeof filt);
+}
+]], [])]
+,[AC_MSG_RESULT([yes])
+  with_icmp_filter="yes"]
+,[AC_MSG_RESULT([no])
+  with_icmp_filter="no"])
+
 dnl Check for Android liblog.so
 AC_SEARCH_LIBS([__android_log_vprint], [log],,,)
 
@@ -159,6 +178,7 @@ dnl Set automake conf vars
 AM_CONDITIONAL([HAVE_PCAP], [test x"${pcap_enabled}" = xyes])
 AM_CONDITIONAL([HAVE_SELINUX], [test x"${selinux_enabled}" = xyes])
 AM_CONDITIONAL([IS_WINDOWS], [test x"${use_msw}" = xyes])
+AM_CONDITIONAL([HAVE_ICMPFILTER], [test x"${with_icmp_filter}" = xyes])
 
 dnl output config headers
 AC_CONFIG_HEADERS([src/config.h:src/config.h.in])
-- 
cgit v1.2.3


From 5236e631bb3c6f3a31c920709e3fe6c5cd579c14 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Wed, 26 Dec 2018 20:32:56 +0100
Subject: autoconf check for srandom()/random() or fallback to less secure
 srand()/rand()

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 configure.ac    | 6 ++++++
 src/Makefile.am | 4 ++++
 src/ptunnel.c   | 4 ----
 src/utils.c     | 8 ++++++++
 4 files changed, 18 insertions(+), 4 deletions(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index 0517201..b0534e0 100644
--- a/configure.ac
+++ b/configure.ac
@@ -145,6 +145,11 @@ if test x"${pcap_enabled}" != x -a \
 	    [pcap_enabled=])
 fi
 
+dnl Check for more secure randomization functions
+AC_CHECK_FUNCS([timespec_get srandom random],
+               [random_enabled=yes],
+               [random_enabled=])
+
 dnl Check for SELINUX
 if test x"${selinux_enabled}" != x; then
 	AC_CHECK_HEADERS([selinux/selinux.h],,
@@ -179,6 +184,7 @@ AM_CONDITIONAL([HAVE_PCAP], [test x"${pcap_enabled}" = xyes])
 AM_CONDITIONAL([HAVE_SELINUX], [test x"${selinux_enabled}" = xyes])
 AM_CONDITIONAL([IS_WINDOWS], [test x"${use_msw}" = xyes])
 AM_CONDITIONAL([HAVE_ICMPFILTER], [test x"${with_icmp_filter}" = xyes])
+AM_CONDITIONAL([HAVE_RANDOM], [test x"${random_enabled}" = xyes])
 
 dnl output config headers
 AC_CONFIG_HEADERS([src/config.h:src/config.h.in])
diff --git a/src/Makefile.am b/src/Makefile.am
index 3abddda..da23fd8 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -18,6 +18,10 @@ if HAVE_ICMPFILTER
 ptunnel_ng_CFLAGS += -DHAVE_ICMPFILTER=1
 endif
 
+if HAVE_RANDOM
+ptunnel_ng_CFLAGS += -DHAVE_RANDOM=1
+endif
+
 ptunnel_ng_SOURCES = \
 	md5.c \
 	challenge.c \
diff --git a/src/ptunnel.c b/src/ptunnel.c
index 1944041..52661ae 100644
--- a/src/ptunnel.c
+++ b/src/ptunnel.c
@@ -126,10 +126,6 @@ int main(int argc, char *argv[]) {
 	}
 #endif /* WIN32 */
 
-	/* Seed random generator; it'll be used in combination with a timestamp
-	 * when generating authentication challenges.
-	 */
-	srand(time(0));
 	memset(opts.password_digest, 0, kMD5_digest_size);
 
 	/* The seq_expiry_tbl is used to prevent the remote ends from prematurely
diff --git a/src/utils.c b/src/utils.c
index 12e7992..6233753 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -148,9 +148,17 @@ void print_hexstr(unsigned char *buf, size_t siz) {
 #endif
 
 int pt_random(void) {
+#ifdef HAVE_RANDOM
+#ifndef TIME_UTC
+#define TIME_UTC 1
+#endif
 	struct timespec ts;
 
 	assert(timespec_get(&ts, TIME_UTC));
 	srandom(ts.tv_nsec ^ ts.tv_sec);
 	return random();
+#else
+	srand(time(0));
+	return rand();
+#endif
 }
-- 
cgit v1.2.3


From 85f77e5953ce6a60235ea3d5af5799668183b497 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Wed, 26 Dec 2018 21:12:37 +0100
Subject: support BSD arc4random() if available

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 configure.ac    | 14 +++++++++++---
 src/Makefile.am |  4 ++++
 src/utils.c     |  7 +++++++
 3 files changed, 22 insertions(+), 3 deletions(-)

(limited to 'configure.ac')

diff --git a/configure.ac b/configure.ac
index b0534e0..c9ee465 100644
--- a/configure.ac
+++ b/configure.ac
@@ -146,9 +146,16 @@ if test x"${pcap_enabled}" != x -a \
 fi
 
 dnl Check for more secure randomization functions
-AC_CHECK_FUNCS([timespec_get srandom random],
-               [random_enabled=yes],
-               [random_enabled=])
+AC_CHECK_HEADERS([bsd/stdlib.h],, [random_enabled=yes])
+AC_SEARCH_LIBS([arc4random], [bsd],,,)
+AC_CHECK_FUNCS([arc4random], [random_enabled=],)
+if test x"${random_enabled}" != x; then
+	AC_CHECK_FUNCS([timespec_get srandom random],
+	               [random_enabled=yes],
+	               [random_enabled=])
+else
+	arc4random_enabled=yes
+fi
 
 dnl Check for SELINUX
 if test x"${selinux_enabled}" != x; then
@@ -185,6 +192,7 @@ AM_CONDITIONAL([HAVE_SELINUX], [test x"${selinux_enabled}" = xyes])
 AM_CONDITIONAL([IS_WINDOWS], [test x"${use_msw}" = xyes])
 AM_CONDITIONAL([HAVE_ICMPFILTER], [test x"${with_icmp_filter}" = xyes])
 AM_CONDITIONAL([HAVE_RANDOM], [test x"${random_enabled}" = xyes])
+AM_CONDITIONAL([HAVE_ARC4RANDOM], [test x"${arc4random_enabled}" = xyes])
 
 dnl output config headers
 AC_CONFIG_HEADERS([src/config.h:src/config.h.in])
diff --git a/src/Makefile.am b/src/Makefile.am
index da23fd8..1d161a2 100644
--- a/src/Makefile.am
+++ b/src/Makefile.am
@@ -18,9 +18,13 @@ if HAVE_ICMPFILTER
 ptunnel_ng_CFLAGS += -DHAVE_ICMPFILTER=1
 endif
 
+if HAVE_ARC4RANDOM
+ptunnel_ng_CFLAGS += -DHAVE_ARC4RANDOM=1
+else
 if HAVE_RANDOM
 ptunnel_ng_CFLAGS += -DHAVE_RANDOM=1
 endif
+endif
 
 ptunnel_ng_SOURCES = \
 	md5.c \
diff --git a/src/utils.c b/src/utils.c
index 6233753..10e8182 100644
--- a/src/utils.c
+++ b/src/utils.c
@@ -49,6 +49,9 @@
 #include <string.h>
 #include <time.h>
 #include <assert.h>
+#ifdef HAVE_ARC4RANDOM
+#include <bsd/stdlib.h>
+#endif
 
 #ifndef WIN32
 #include <syslog.h>
@@ -148,6 +151,9 @@ void print_hexstr(unsigned char *buf, size_t siz) {
 #endif
 
 int pt_random(void) {
+#ifdef HAVE_ARC4RANDOM
+	return arc4random();
+#else
 #ifdef HAVE_RANDOM
 #ifndef TIME_UTC
 #define TIME_UTC 1
@@ -161,4 +167,5 @@ int pt_random(void) {
 	srand(time(0));
 	return rand();
 #endif
+#endif
 }
-- 
cgit v1.2.3


From cea2b50c81db45d3f0eb19c327d2cc04bc01e1d2 Mon Sep 17 00:00:00 2001
From: Toni Uhlig <matzeton@googlemail.com>
Date: Thu, 24 Jan 2019 14:17:04 +0100
Subject: 1.32-release

Signed-off-by: Toni Uhlig <matzeton@googlemail.com>
---
 ChangeLog    | 7 +++++++
 configure.ac | 2 +-
 2 files changed, 8 insertions(+), 1 deletion(-)

(limited to 'configure.ac')

diff --git a/ChangeLog b/ChangeLog
index fc40604..4c82b5c 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -1,6 +1,13 @@
 PingTunnel-NG Changelog
 =======================
 
+1.32 - 24. January 2019
+- improved error logging
+- introduced icmp_filter via setsockopt to filter unwanted icmp messages
+- more "secure" random number generator
+- fixed NULL deref and invalid memory access by elnerd
+(https://github.com/elnerd) PoC: https://www.securityfocus.com/bid/54627/info
+
 1.31 - 03. December 2018
 - added Android build support (requires a root'ed device!)
 - fixed ArchLinux PKGBUILD/AUR
diff --git a/configure.ac b/configure.ac
index c9ee465..eeb6634 100644
--- a/configure.ac
+++ b/configure.ac
@@ -1,5 +1,5 @@
 AC_PREREQ(2.69)
-AC_INIT([ptunnel-ng], [1.31], [], [], [])
+AC_INIT([ptunnel-ng], [1.32], [], [], [])
 AC_CONFIG_SRCDIR([src/config.h.in])
 AC_CONFIG_FILES([Makefile src/Makefile])
 
-- 
cgit v1.2.3