Age | Commit message (Collapse) | Author | |
---|---|---|---|
2008-05-12 | Error out with usage line if additional arguments are given after the | Pierre-Yves Ritschard | |
option parsing. Found out the hard way by jdixon on ifstated. ok sobrado@, jdixon@, millert@ | |||
2008-03-24 | msg_controllen has to be CMSG_SPACE so that the kernel can account for | Theo de Raadt | |
each cmsg_len (ie. msg_controllen = sum of CMSG_ALIGN(cmsg_len). This works now that kernel fd passing has been fixed to accept a bit of sloppiness because of this ABI repair. lots of discussion with kettenis | |||
2008-03-15 | Repair the simple cases for msg_controllen where it should just be | Theo de Raadt | |
CMSG_SIZE(sizeof(int)), not sizeof(buffer) which may be larger because of alignment; ok kettenis hshoexer | |||
2008-03-13 | Correct CMSG_SPACE and CMSG_LEN usage everywhere in the tree. Due to | Theo de Raadt | |
an extensive discussion with otto, kettenis, millert, and hshoexer | |||
2008-03-02 | Use a union to ensure alignment of the cmsg. | Hans-Joerg Hoexer | |
ok deraadt | |||
2008-02-17 | Define default configurations for AES-192 and AES-256. From Mitja Muzenic | Hans-Joerg Hoexer | |
<mitja at muzenic dot net>, diff provided already quite some time ago, many many thanks. This should have gone in months ago but I was slacking, sorry for that. | |||
2008-02-06 | Fix possible memory leaks when sending phase 1 IDs. | Moritz Jodeit | |
From Igor Zinovik <zinovik@cs.karelia.ru> ok hshoexer@ | |||
2008-01-29 | fix race in makefile | Marc Espie | |
2007-09-02 | more malloc(n * m) -> calloc(n, m); from Igor Zinovik | Theo de Raadt | |
2007-09-02 | use calloc() to avoid malloc(n * m) overflows; checked by djm canacar jsg | Theo de Raadt | |
2007-08-15 | Remove a superflous debug fprintf. | Hans-Joerg Hoexer | |
2007-08-11 | Do not complain about being not able to read non-existing files. Minor | Hans-Joerg Hoexer | |
glitch introduced by previous commit. ok markus@ | |||
2007-08-07 | m_priv_req_readdir(): check file type after fstat, since d_type | Markus Friedl | |
is not passed over NFS (unless readdir+ is used). fixes pr 5557 with and ok hshoexer@ | |||
2007-08-05 | Allow key exchange with RSA signature authentication to work with | Tom Cosgrove | |
Cisco IOS and other initiators that only send their certs in response to CERT_REQUEST. With input and help from cloder@, Stuart Henderson, mpf@, and several others who did lots of testing - thanks to all. ok hshoexer@ | |||
2007-07-31 | Use correct function name in log message. Noticed by Igor Zinovk | Hans-Joerg Hoexer | |
zinovik@cs.karelia.ru. Thanks! | |||
2007-06-02 | safer snprintf construct with more paranoid length calculation | Peter Valchev | |
ok millert | |||
2007-06-01 | Let conf_trans_node() set all parts of the node, so that we don't | Moritz Jodeit | |
have to expose the node to the outside. Without this, conf_trans_node() created a node, linked it into the conf_trans queue and returned it to the caller. If something failed in one of the callers, the half-initialized node would still be linked in the queue and could get accessed later on. ok hshoexer@ | |||
2007-05-31 | convert to new .Dd format; | Jason McIntyre | |
2007-05-27 | Don't include sys/mbuf.h it is not needed. OK mcbride@ msf@ | Claudio Jeker | |
2007-05-23 | Get rid of some obsolete exampels. | Hans-Joerg Hoexer | |
ok and prodding @jmc | |||
2007-05-07 | Bump crypto buffer logging (before crypto/after crypto) to level 70 from | Chad Loder | |
level 30. This was a huge cause of log spam at level 30 and below, and is really not that useful. | |||
2007-05-07 | It was possible for phase 1 negotiation to fail due to lifetime duration | Chad Loder | |
mismatch without any log message stating so. This diff makes sure that all phase 1 negotiation failures due to proposal attribute mismatch are logged. Also change these messages from LOG_NEGOTIATION debug level 70 to always be logged (not just with debug). General idea OK hshoexer, tested here in production. | |||
2007-05-07 | Document "M active|passive" ui command. | Joel Knight | |
ok jmc@ mpf@ | |||
2007-05-05 | Kill a log message which looks like an error message but is actually | Chad Loder | |
both meaningless and harmless. ("nat_t_check_vendor_payload: bad size") ok todd | |||
2007-04-22 | Free allocated node in conf_set_now() before failing, | Moritz Jodeit | |
so we do not leak memory. ok hshoexer@ | |||
2007-04-22 | Use conf_free_list() after calling conf_get_list(). | Moritz Jodeit | |
Otherwise we leak memory. ok ho@ | |||
2007-04-16 | There's no point in checking ptr for NULL before doing free(ptr) | Moritz Jodeit | |
since free(NULL) is just fine. ok hshoexer@ | |||
2007-04-15 | Fix interop-issue with vpn peers that start reyking on port 4500 when | Hans-Joerg Hoexer | |
NAT-T is used. Solves problems with cisco and openswan. Tested by todd@ (cisco interop), ok ho@ Original fix with Stefan Roth (stefan dot roth at siemens dot com), thanks! | |||
2007-04-08 | Fix lint comments. s/Fall through/FALLTHROUGH/. | Moritz Jodeit | |
ok hshoexer@ | |||
2007-04-08 | o Kill another strerror() from a call to log_error(), | Moritz Jodeit | |
which already adds the errno string. o Avoid closing fd, if it's -1. o Don't replace illegal pathes with /dev/null in m_priv_local_sanitize_path(). All callers skip it anyways, in the failure case. ok hshoexer@ | |||
2007-04-02 | Don't append the errno string in a log_error() call, | Moritz Jodeit | |
since it will be automatically be appended. ok hshoexer@ | |||
2007-04-02 | When setting all signals to their default handlers, start | Moritz Jodeit | |
with signal 1, since there's no signal 0. ok hshoexer@ | |||
2007-04-02 | Don't let -r fall through to the next case block, | Moritz Jodeit | |
if INSECURE_RAND is defined. ok hshoexer@ | |||
2007-03-26 | typo in initial RCS tag ($OpenBSD: -> $OpenBSD$) | Pedro Martelletto | |
2007-03-18 | Fix usage of predefined lifetimes. "Default-phase-[12]-lifetime" | Hans-Joerg Hoexer | |
just specifies the values to be used. However, the specifications are called "LIFE_MAIN_MODE" and "LIFE_QUICK_MODE". ok ho@ jmc@ | |||
2007-03-05 | Set pointer to NULL after freeing it, so callers of | Moritz Jodeit | |
key_from_printable() are not fooled into using it afterwards. OK hshoexer@ | |||
2007-03-03 | There may be more than one item in the subjectAltName (cropping up | Tom Cosgrove | |
with CACert certificates) so don't require the reported length to be exactly equal to the length of the data, but accept it if it's <= the length of the data (i.e. we just use the first alt name). The purpose of the check is to make sure we don't try to read beyond the data we actually have. ok cloder@ hshoexer@ | |||
2007-03-03 | keynote_cert_obtain should not leak in case of error. OK moritz@ | Chad Loder | |
2007-03-03 | Make sure we can't accidentally free() a pointer that's been accepted | Tom Cosgrove | |
by message_add_payload(), since we are no longer responsible for it. ok cloder@ hshoexer@ moritz@ | |||
2007-03-01 | improve the description of -a. specifically, make it clear that | Jason McIntyre | |
ipsec.conf users do not want to run isakmpd -a unless they are messing with manual flows; closes documentation/5399, from sthen original diff and feedback from sthen ok hshoexer | |||
2007-02-22 | Add a comment that explains, why the VID of draft 2 NAT-T includes | Hans-Joerg Hoexer | |
a traling '\n'. suggested by and ok deraadt@, jmc@ | |||
2007-02-19 | tweak; | Jason McIntyre | |
2007-02-19 | Document NULL encryption. | Hans-Joerg Hoexer | |
2007-02-19 | isakmpd bits for ESP+NULL encryption. This is useful, when AH can | Hans-Joerg Hoexer | |
not be used (when being behind NAT). With Martin Hedenfalk <martin.hedenfalk at gmail.com>, thanks! | |||
2006-12-05 | plug memleak, noticed by jesus@mxtelecom.com | Hans-Joerg Hoexer | |
ok moritz@, tested by jesus@mxtelecom.com (thanks!) | |||
2006-12-05 | some carp/sasyncd bits from msf and myself; | Jason McIntyre | |
ok mpf | |||
2006-12-05 | Don't leak message structures, when we see unsupported payloads | Moritz Jodeit | |
or if the payload node allocation fails. Also adjust a comment to make it more clear, who's responsible for freeing the message structs. Input from cloder@. OK hshoexer@ | |||
2006-11-30 | new ui command 'rmv': removes an entry from a list, thus reversing an | Markus Friedl | |
'add' operation; ok ho, hshoexer, jmc eVS: ---------------------------------------------------------------------- | |||
2006-11-29 | no need to document generation of local.key 3 times; | Jason McIntyre | |
spotted by mcbride, ok hshoexer; | |||
2006-11-29 | zap trailing spaces; | Jason McIntyre | |