From d1c216b79080ac6092c362504bcc44f5d4b929c4 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Sun, 23 Dec 2018 13:56:39 +0100 Subject: improved error logging Signed-off-by: Toni Uhlig --- src/ptunnel.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) (limited to 'src/ptunnel.c') diff --git a/src/ptunnel.c b/src/ptunnel.c index a4c5ae5..af164c5 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -184,7 +184,7 @@ int main(int argc, char *argv[]) { if (opts.chroot) { pt_log(kLog_info, "Restricting file access to %s\n", opts.root_dir); if (-1 == chdir(opts.root_dir) || -1 == chroot(opts.root_dir)) { - pt_log(kLog_error, "%s: %s\n", opts.root_dir, strerror(errno)); + pt_log(kLog_error, "chdir/chroot `%s': %s\n", opts.root_dir, strerror(errno)); exit(1); } } @@ -210,7 +210,7 @@ int main(int argc, char *argv[]) { if (! freopen("/dev/null", "r", stdin) || ! freopen("/dev/null", "w", stdout) || ! freopen("/dev/null", "w", stderr)) - pt_log(kLog_error, "freopen: %s\n", strerror(errno)); + pt_log(kLog_error, "freopen `%s': %s\n", "/dev/null", strerror(errno)); } } } -- cgit v1.2.3 From 021b6847054cec55303efeec22a179397ce88165 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Mon, 24 Dec 2018 11:59:52 +0100 Subject: introduced icmp_filter for forward socket to filter out unwanted icmp messages via setsockopt Signed-off-by: Toni Uhlig --- src/ptunnel.c | 6 +++++- src/ptunnel.h | 1 + 2 files changed, 6 insertions(+), 1 deletion(-) (limited to 'src/ptunnel.c') diff --git a/src/ptunnel.c b/src/ptunnel.c index af164c5..f640d1b 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -62,7 +62,7 @@ #define errno GetLastError() /** Local error string storage */ static char errorstr[255]; -static char * print_last_windows_error() { +static char * print_last_windows_error() { char last_errorstr[255]; DWORD last_error = GetLastError(); @@ -388,6 +388,7 @@ void* pt_proxy(void *args) { in_addr_t *adr; #endif struct in_addr in_addr; + struct icmp_filter filt; /* Start the thread, initialize protocol and ring states. */ pt_log(kLog_debug, "Starting ping proxy..\n"); @@ -410,6 +411,9 @@ void* pt_proxy(void *args) { else { pt_log(kLog_debug, "Attempting to create privileged ICMP raw socket..\n"); fwd_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + filt.data = ~((1< #ifdef HAVE_SYS_UNISTD_H #include #endif -- cgit v1.2.3 From 2c7c3b62df2661b3276253fb3d8d624d81c398a2 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Mon, 24 Dec 2018 12:25:15 +0100 Subject: added additional autoconf ICMP_FILTER compile check Signed-off-by: Toni Uhlig --- configure.ac | 20 ++++++++++++++++++++ src/Makefile.am | 4 ++++ src/ptunnel.c | 4 ++++ src/ptunnel.h | 2 ++ 4 files changed, 30 insertions(+) (limited to 'src/ptunnel.c') diff --git a/configure.ac b/configure.ac index f45d875..0517201 100644 --- a/configure.ac +++ b/configure.ac @@ -152,6 +152,25 @@ if test x"${selinux_enabled}" != x; then AC_SEARCH_LIBS([setcon], [selinux],,[selinux_enabled=],) fi +dnl Check for ICMP_FILTER +AC_MSG_CHECKING([for working ICMP_FILTER]) +AC_COMPILE_IFELSE( +[AC_LANG_PROGRAM([[ +#include +#include +#include +void foo() { + struct icmp_filter filt; + int sockfd = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); + filt.data = ~((1< +#endif #ifdef HAVE_SYS_UNISTD_H #include #endif -- cgit v1.2.3 From 4b33cf8cee7b048ebccfe83b27ce00e8bdd70a50 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 26 Dec 2018 11:46:11 +0100 Subject: replaced rand() with more "secure" random() // CID 301767 Signed-off-by: Toni Uhlig --- src/challenge.c | 5 +++-- src/ptunnel.c | 2 +- src/utils.c | 12 ++++++++++++ src/utils.h | 2 ++ 4 files changed, 18 insertions(+), 3 deletions(-) (limited to 'src/ptunnel.c') diff --git a/src/challenge.c b/src/challenge.c index 24a13f7..4f69298 100644 --- a/src/challenge.c +++ b/src/challenge.c @@ -50,6 +50,7 @@ #include "challenge.h" #include "options.h" #include "md5.h" +#include "utils.h" /* generate_challenge: Generates a random challenge, incorporating the current * local timestamp to avoid replay attacks. @@ -62,9 +63,9 @@ challenge_t* generate_challenge(void) { c = (challenge_t *) calloc(1, sizeof(challenge_t)); gettimeofday(&tt, 0); c->sec = tt.tv_sec; - c->usec_rnd = tt.tv_usec + rand(); + c->usec_rnd = tt.tv_usec + pt_random(); for (i=0;i<6;i++) - c->random[i] = rand(); + c->random[i] = pt_random(); return c; } diff --git a/src/ptunnel.c b/src/ptunnel.c index 9f435f9..1944041 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -323,7 +323,7 @@ void pt_forwarder(void) { } } addr = dest_addr; - rand_id = (uint16_t)rand(); + rand_id = (uint16_t) pt_random(); create_and_insert_proxy_desc(rand_id, rand_id, new_sock, &addr, opts.given_dst_ip, opts.given_dst_port, kProxy_start, kUser_flag); pthread_mutex_unlock(&num_threads_lock); } diff --git a/src/utils.c b/src/utils.c index 66ed4c0..12e7992 100644 --- a/src/utils.c +++ b/src/utils.c @@ -43,8 +43,12 @@ * Note that the source code is best viewed with tabs set to 4 spaces. */ +#include +#include #include #include +#include +#include #ifndef WIN32 #include @@ -142,3 +146,11 @@ void print_hexstr(unsigned char *buf, size_t siz) { free(out); } #endif + +int pt_random(void) { + struct timespec ts; + + assert(timespec_get(&ts, TIME_UTC)); + srandom(ts.tv_nsec ^ ts.tv_sec); + return random(); +} diff --git a/src/utils.h b/src/utils.h index 8afa45c..1ad2416 100644 --- a/src/utils.h +++ b/src/utils.h @@ -60,4 +60,6 @@ int host_to_addr(const char *hostname, uint32_t *result); void print_hexstr(unsigned char *buf, size_t siz); #endif +int pt_random(void); + #endif -- cgit v1.2.3 From 5236e631bb3c6f3a31c920709e3fe6c5cd579c14 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Wed, 26 Dec 2018 20:32:56 +0100 Subject: autoconf check for srandom()/random() or fallback to less secure srand()/rand() Signed-off-by: Toni Uhlig --- configure.ac | 6 ++++++ src/Makefile.am | 4 ++++ src/ptunnel.c | 4 ---- src/utils.c | 8 ++++++++ 4 files changed, 18 insertions(+), 4 deletions(-) (limited to 'src/ptunnel.c') diff --git a/configure.ac b/configure.ac index 0517201..b0534e0 100644 --- a/configure.ac +++ b/configure.ac @@ -145,6 +145,11 @@ if test x"${pcap_enabled}" != x -a \ [pcap_enabled=]) fi +dnl Check for more secure randomization functions +AC_CHECK_FUNCS([timespec_get srandom random], + [random_enabled=yes], + [random_enabled=]) + dnl Check for SELINUX if test x"${selinux_enabled}" != x; then AC_CHECK_HEADERS([selinux/selinux.h],, @@ -179,6 +184,7 @@ AM_CONDITIONAL([HAVE_PCAP], [test x"${pcap_enabled}" = xyes]) AM_CONDITIONAL([HAVE_SELINUX], [test x"${selinux_enabled}" = xyes]) AM_CONDITIONAL([IS_WINDOWS], [test x"${use_msw}" = xyes]) AM_CONDITIONAL([HAVE_ICMPFILTER], [test x"${with_icmp_filter}" = xyes]) +AM_CONDITIONAL([HAVE_RANDOM], [test x"${random_enabled}" = xyes]) dnl output config headers AC_CONFIG_HEADERS([src/config.h:src/config.h.in]) diff --git a/src/Makefile.am b/src/Makefile.am index 3abddda..da23fd8 100644 --- a/src/Makefile.am +++ b/src/Makefile.am @@ -18,6 +18,10 @@ if HAVE_ICMPFILTER ptunnel_ng_CFLAGS += -DHAVE_ICMPFILTER=1 endif +if HAVE_RANDOM +ptunnel_ng_CFLAGS += -DHAVE_RANDOM=1 +endif + ptunnel_ng_SOURCES = \ md5.c \ challenge.c \ diff --git a/src/ptunnel.c b/src/ptunnel.c index 1944041..52661ae 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -126,10 +126,6 @@ int main(int argc, char *argv[]) { } #endif /* WIN32 */ - /* Seed random generator; it'll be used in combination with a timestamp - * when generating authentication challenges. - */ - srand(time(0)); memset(opts.password_digest, 0, kMD5_digest_size); /* The seq_expiry_tbl is used to prevent the remote ends from prematurely diff --git a/src/utils.c b/src/utils.c index 12e7992..6233753 100644 --- a/src/utils.c +++ b/src/utils.c @@ -148,9 +148,17 @@ void print_hexstr(unsigned char *buf, size_t siz) { #endif int pt_random(void) { +#ifdef HAVE_RANDOM +#ifndef TIME_UTC +#define TIME_UTC 1 +#endif struct timespec ts; assert(timespec_get(&ts, TIME_UTC)); srandom(ts.tv_nsec ^ ts.tv_sec); return random(); +#else + srand(time(0)); + return rand(); +#endif } -- cgit v1.2.3 From b6afe103c2e1ff213e3510fd690c362644e2c7a1 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Thu, 27 Dec 2018 00:17:40 +0100 Subject: set icmp_filter according forwarder/proxy Signed-off-by: Toni Uhlig --- src/ptunnel.c | 16 +++++++++++----- 1 file changed, 11 insertions(+), 5 deletions(-) (limited to 'src/ptunnel.c') diff --git a/src/ptunnel.c b/src/ptunnel.c index 52661ae..aa50883 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -402,17 +402,23 @@ void* pt_proxy(void *args) { } } else { - if (opts.unprivileged) { + if (opts.unprivileged) + { pt_log(kLog_debug, "Attempting to create unprivileged ICMP datagram socket..\n"); fwd_sock = socket(AF_INET, SOCK_DGRAM, IPPROTO_ICMP); - } - else { + } else { pt_log(kLog_debug, "Attempting to create privileged ICMP raw socket..\n"); fwd_sock = socket(AF_INET, SOCK_RAW, IPPROTO_ICMP); #ifdef HAVE_ICMPFILTER - filt.data = ~((1<= 0 && + setsockopt(fwd_sock, SOL_RAW, ICMP_FILTER, &filt, sizeof filt) == -1) + { pt_log(kLog_error, "setockopt for ICMP_FILTER: %s\n", strerror(errno)); + } #endif } if (fwd_sock < 0) { -- cgit v1.2.3 From d9d7a33d2e2f1627845001b98152cd05b5781ab3 Mon Sep 17 00:00:00 2001 From: Toni Uhlig Date: Tue, 8 Jan 2019 09:43:33 +0100 Subject: copyright update Signed-off-by: Toni Uhlig --- COPYING | 2 +- README | 2 +- README.md | 2 +- debian/copyright | 2 +- src/challenge.c | 2 +- src/challenge.h | 2 +- src/options.c | 2 +- src/options.h | 2 +- src/pconfig.h | 2 +- src/pdesc.c | 2 +- src/pdesc.h | 2 +- src/pkt.c | 2 +- src/pkt.h | 2 +- src/ptunnel.c | 4 ++-- src/utils.c | 2 +- src/utils.h | 2 +- 16 files changed, 17 insertions(+), 17 deletions(-) (limited to 'src/ptunnel.c') diff --git a/COPYING b/COPYING index 8b4cb53..6918db2 100644 --- a/COPYING +++ b/COPYING @@ -1,4 +1,4 @@ -Copyright (c) 2017, Toni Uhlig +Copyright (c) 2017-2019, Toni Uhlig All rights reserved. Redistribution and use in source and binary forms, with or without diff --git a/README b/README index 97cd0d0..1a0712e 100644 --- a/README +++ b/README @@ -128,6 +128,6 @@ Daniel Stoedle et al. License ------- -Ping Tunnel NG is Copyright (c) 2017, Toni Uhlig , +Ping Tunnel NG is Copyright (c) 2017-2019, Toni Uhlig , All rights reserved. Ping Tunnel NG is licensed under the BSD License. Please see the COPYING file for details. diff --git a/README.md b/README.md index 34c00c1..5d48190 100644 --- a/README.md +++ b/README.md @@ -144,7 +144,7 @@ Daniel Stoedle et al. ## License ``` -Ping Tunnel NG is Copyright (c) 2017, Toni Uhlig , +Ping Tunnel NG is Copyright (c) 2017-2019, Toni Uhlig , All rights reserved. Ping Tunnel NG is licensed under the BSD License. Please see the COPYING file for details. ``` diff --git a/debian/copyright b/debian/copyright index b0e21c4..855cf53 100644 --- a/debian/copyright +++ b/debian/copyright @@ -3,7 +3,7 @@ Upstream-Name: ptunnel Source: http://www.cs.uit.no/~daniels/PingTunnel/index.html Files: * -Copyright: Copyright 2017 Toni Uhlig +Copyright: Copyright 2017-2019 Toni Uhlig License: BSD-3-Clause Files: md5.* diff --git a/src/challenge.c b/src/challenge.c index 4f69298..f269313 100644 --- a/src/challenge.c +++ b/src/challenge.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/challenge.h b/src/challenge.h index 035a97e..18495cf 100644 --- a/src/challenge.h +++ b/src/challenge.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/options.c b/src/options.c index beecd39..4ae434f 100644 --- a/src/options.c +++ b/src/options.c @@ -2,7 +2,7 @@ * options.c * ptunnel is licensed under the BSD license: * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/options.h b/src/options.h index 3c42a19..176620a 100644 --- a/src/options.h +++ b/src/options.h @@ -2,7 +2,7 @@ * options.h * ptunnel is licensed under the BSD license: * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pconfig.h b/src/pconfig.h index c85df14..6be141e 100644 --- a/src/pconfig.h +++ b/src/pconfig.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pdesc.c b/src/pdesc.c index 906f35c..5ba2003 100644 --- a/src/pdesc.c +++ b/src/pdesc.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pdesc.h b/src/pdesc.h index 35147db..d0767aa 100644 --- a/src/pdesc.h +++ b/src/pdesc.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pkt.c b/src/pkt.c index bc85bc7..06dfd91 100644 --- a/src/pkt.c +++ b/src/pkt.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/pkt.h b/src/pkt.h index 9668d97..338bc65 100644 --- a/src/pkt.h +++ b/src/pkt.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/ptunnel.c b/src/ptunnel.c index aa50883..8fdf7a8 100644 --- a/src/ptunnel.c +++ b/src/ptunnel.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: @@ -150,7 +150,7 @@ int main(int argc, char *argv[]) { #endif pt_log(kLog_info, "Starting %s.\n", PACKAGE_STRING); pt_log(kLog_info, "(c) 2004-2011 Daniel Stoedle, \n"); - pt_log(kLog_info, "(c) 2017 Toni Uhlig, \n"); + pt_log(kLog_info, "(c) 2017-2019 Toni Uhlig, \n"); #ifdef WIN32 pt_log(kLog_info, "Windows version by Mike Miller, \n"); #else diff --git a/src/utils.c b/src/utils.c index 10e8182..462d688 100644 --- a/src/utils.c +++ b/src/utils.c @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: diff --git a/src/utils.h b/src/utils.h index 1ad2416..0796848 100644 --- a/src/utils.h +++ b/src/utils.h @@ -5,7 +5,7 @@ * Copyright (c) 2004-2011, Daniel Stoedle , * Yellow Lemon Software. All rights reserved. * - * Copyright (c) 2017 Toni Uhlig + * Copyright (c) 2017-2019, Toni Uhlig * * Redistribution and use in source and binary forms, with or without * modification, are permitted provided that the following conditions are met: -- cgit v1.2.3