aboutsummaryrefslogtreecommitdiffstats
path: root/src/libstrongswan/utils
Commit message (Collapse)AuthorAgeFilesLines
...
* leak-detective: remove hdr from the allocation list during realloc()Martin Willi2013-07-101-39/+60
| | | | | | | If realloc moves an allocation, the original allocation gets freed. We therefore must remove the hdr from the list, as it is invalid. We can add it afterwards once it has been updated, allowing us to unlock the list during reallocation.
* utils: Add helper function to check a string for a given prefixTobias Brunner2013-07-081-0/+8
|
* utils: Convert string helper macros to static inline functionsTobias Brunner2013-07-081-6/+15
|
* integrity-checker: Use chunk_hash_static() to calculate checksumsTobias Brunner2013-06-281-7/+2
|
* chunk: Add predictable hash functionTobias Brunner2013-06-282-1/+53
| | | | | Since chunk_hash() is randomized its output is not predictable, that is, it is only within the same process.
* integrity-checker: Fix checksum calculation after randomizing chunk_hash()Tobias Brunner2013-06-271-2/+7
|
* capabilities: Return effective UID/GID if user did not configure anythingTobias Brunner2013-06-251-2/+2
|
* capabilities: Report effective UID/GID after dropping capabilitiesTobias Brunner2013-06-251-1/+1
|
* capabilities: Handle CAP_CHOWN specially as it might not be requiredTobias Brunner2013-06-252-2/+63
|
* capabilities: Check effective UID as fallback if capabilities are not supportedTobias Brunner2013-06-251-1/+1
|
* dhcp: Require CAP_NET_BIND_SERVICE and CAP_NET_RAW to open/bind socketsTobias Brunner2013-06-251-0/+3
|
* socket-default: Require CAP_NET_BIND_SERVICE for ports < 1024Tobias Brunner2013-06-251-1/+4
| | | | | Since we don't know which ports are used with socket-dynamic we can't demand the capability there, but it might still be required.
* capabilities: Only plugins that require CAP_NET_ADMIN demand itTobias Brunner2013-06-251-0/+4
| | | | The daemon as such does not require this capability.
* capabilities: Move global capabilities_t instance to libstrongswanTobias Brunner2013-06-251-2/+2
|
* capabilities: Ensure required capabilities are actually held by the process/userTobias Brunner2013-06-252-4/+58
|
* printf-hook: Avoid double-free when freeing Vstr configTobias Brunner2013-06-211-1/+0
| | | | | | | Thread-specific objects get freed when the thread value object is destroyed (wasn't the case earlier, i.e. before 2b19dd35), which may cause the second call to vstr_free_conf() to fail in an assert in Vstr (depending on how it was built).
* leak-detective: (re-)whitelist some OpenSSL functionsMartin Willi2013-06-211-0/+5
| | | | | | | Some static allocations in plugins won't get freed, because in the test case process the plugins are not destroyed. If a plugin would clean up allocations done while just using the plugin, these show up as leak in the child process, letting tests fail.
* backtrace: use backtrace_symbols() only if we have backtrace() and dladdr() ↵Martin Willi2013-06-191-5/+16
| | | | fails
* utils: Remove volatile qualifier from refcount_t typedefTobias Brunner2013-06-191-2/+1
| | | | | It's not really required anymore (if it ever was) and may cause compiler warnings when using the non atomic versions of ref_get/ref_put.
* utils: ref_get() returns the new value of the reference counterMartin Willi2013-06-112-4/+9
| | | | This allows us to use ref_get() for getting unique values.
* leak-detective: Resolve hooked functions during initializationTobias Brunner2013-06-111-1/+4
| | | | | | | | | If uses of dlopen(), e.g. when loading plugins, produce errors an error string could get allocated dynamically. At this point realloc() might not yet be resolved and when dlsym() is later called by leak detective to do so the error string might get freed while leak detective is disabled and real_free() will be called with a pointer into one of leak detective's memory blocks instead of a pointer to the block itself, causing a SIGSEGV.
* Add getter for the number of leaks to leak_detective_tTobias Brunner2013-06-112-2/+23
|
* Gracefully handle NULL as argument for enum_from_name()Tobias Brunner2013-06-111-1/+1
|
* Fail DN parsing if OID is unterminatedTobias Brunner2013-06-111-2/+6
| | | | | This is the case if the last OID is not followed by a = or if the string starts with a =.
* Fix DN printing if last RDN has an empty valueTobias Brunner2013-06-111-11/+32
|
* Fix DN parsing if last RDN has an empty valueTobias Brunner2013-06-111-1/+1
|
* Fix output of ASN.1 GNTobias Brunner2013-06-111-1/+1
|
* Use chunk_from_str in identification_from_stringTobias Brunner2013-06-111-17/+5
| | | | | We always have a non-empty string in those cases as "" is now handled as ID_ANY.
* Use local variable in chunk_from_str()Tobias Brunner2013-06-111-2/+2
| | | | | This allows using strdup() or other string functions as argument without calling them twice.
* Parse empty string as ID_ANYTobias Brunner2013-06-111-2/+3
|
* Allow memstr() to be called with NULL argumentsTobias Brunner2013-06-111-1/+6
|
* Removed unused clalloc() functionTobias Brunner2013-06-112-18/+0
|
* timeval_add_ms() fixedTobias Brunner2013-06-111-1/+1
| | | | 1000000us are exactly 1s so.
* Randomly allocate chunk_hash() key during first useTobias Brunner2013-06-111-1/+46
| | | | This avoids hash flooding attacks.
* Replace chunk_hash() with output from chunk_mac()Tobias Brunner2013-06-112-75/+31
| | | | | | | The quality is way better, the calculation is a bit slower though. The key is statically initialized to zero, which will be changed later to prevent hash flooding.
* Adding chunk_mac() which calculates a 64-bit MAC using SipHash-2-4Tobias Brunner2013-06-112-3/+133
|
* Allow memwipe() to be called with NULL argumentTobias Brunner2013-05-271-0/+4
|
* capabilities: leak-detective using dlsym() does not need CAP_SYS_NICE anymoreMartin Willi2013-05-151-6/+0
|
* capabilities: initialize supplementary groups only when doing a setuid()Martin Willi2013-05-151-1/+1
|
* openssl: Properly cleanup OpenSSL libraryTobias Brunner2013-05-081-7/+0
|
* settings: Add a set_default_str() to set a different default for a keyMartin Willi2013-05-062-0/+31
| | | | | The value is set only if it is not configured in strongswan.conf or has not been set() otherwise.
* backtrace: use atos instead of addr2line on OS X to resolve source linesMartin Willi2013-05-061-3/+11
|
* backtrace: add an alternative stack unwinding implementation using libunwindMartin Willi2013-05-061-5/+34
|
* leak-detective: add support for OS X by hooking default malloc zoneMartin Willi2013-05-061-5/+160
|
* leak-detective: remove unused malloc call countersMartin Willi2013-05-061-7/+0
|
* leak-detective: align allocations on both 32 and 64-bit systems to 32 bytesMartin Willi2013-05-061-0/+5
|
* leak-detective: call tzset() explicitly before enabling leak detectiveMartin Willi2013-05-061-6/+11
| | | | | tzset() is hard to whitelist on some systems, as there is no symbol involved. Call tzset() explicitly before initialization to avoid false positives.
* leak-detective: override malloc functions instead of using deprecated hooksMartin Willi2013-05-061-128/+206
| | | | | | | malloc hooks have become deprecated, and their use has always been problematic, especially in multi-threaded applications. Replace the functionality by overriding all malloc functions and query the system allocator functions using dlsym() with RTLD_NEXT.
* esc() is only used if dladdr(3) is available5.0.3dr3Tobias Brunner2013-03-081-12/+13
|
* Don't invoke addr2line if dladdr() did not yield a filenameMartin Willi2013-03-041-1/+1
|
generated by cgit v1.2.3 (git 2.25.1) at 2025-08-05 05:03:54 +0000