Merge branch 'master' of https://github.com/xebd/accel-ppp

accel-pppd/ctrl/sstp/sstp.c

@@ -2328,6 +2328,16 @@ static int ssl_servername(SSL *ssl, int *al, void *arg)
 }
 #endif
 
+#if !defined(SSL_OP_NO_RENGOTIATION) && defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+static void ssl_info_cb(const SSL *ssl, int where, int ret)
+{
+	if ((where & SSL_CB_HANDSHAKE_DONE) != 0) {
+		/* disable renegotiation (CVE-2009-3555) */
+		ssl->s3->flags |= SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS;
+	}
+}
+#endif
+
 static void ssl_load_config(struct sstp_serv_t *serv, const char *servername)
 {
 	SSL_CTX *old_ctx, *ssl_ctx = NULL;
@@ -2358,7 +2368,11 @@ static void ssl_load_config(struct sstp_serv_t *serv, const char *servername)
 	opt = conf_get_opt("sstp", "accept");
 	if (opt && strhas(opt, "ssl", ',')) {
 	legacy_ssl:
+#if OPENSSL_VERSION_NUMBER >= 0x10100000L
+		ssl_ctx = SSL_CTX_new(TLS_server_method());
+#else
 		ssl_ctx = SSL_CTX_new(SSLv23_server_method());
+#endif
 		if (!ssl_ctx) {
 			log_error("sstp: SSL_CTX error: %s\n", ERR_error_string(ERR_get_error(), NULL));
 			goto error;
@@ -2368,11 +2382,14 @@ static void ssl_load_config(struct sstp_serv_t *serv, const char *servername)
 #ifdef SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS
 				SSL_OP_DONT_INSERT_EMPTY_FRAGMENTS |
 #endif
+#ifdef SSL_OP_NO_RENGOTIATION
+				SSL_OP_NO_RENGOTIATION |
+#endif
 #ifndef OPENSSL_NO_DH
 				SSL_OP_SINGLE_DH_USE |
 #endif
 #ifndef OPENSSL_NO_ECDH
-			        SSL_OP_SINGLE_ECDH_USE |
+				SSL_OP_SINGLE_ECDH_USE |
 #endif
 				SSL_OP_NO_SSLv2 |
 				SSL_OP_NO_SSLv3 |
@@ -2469,6 +2486,10 @@ static void ssl_load_config(struct sstp_serv_t *serv, const char *servername)
 		if (servername && SSL_CTX_set_tlsext_servername_callback(ssl_ctx, ssl_servername) != 1)
 			log_warn("sstp: SSL server name check error: %s\n", ERR_error_string(ERR_get_error(), NULL));
 #endif
+
+#if !defined(SSL_OP_NO_RENGOTIATION) && defined(SSL3_FLAGS_NO_RENEGOTIATE_CIPHERS)
+		SSL_CTX_set_info_callback(ssl_ctx, ssl_info_cb);
+#endif
 	} else {
 		/* legacy option, to be removed */
 		opt = conf_get_opt("sstp", "ssl");

accel-pppd/extra/chap-secrets.c

@@ -24,7 +24,7 @@ static char *def_chap_secrets = "/etc/ppp/chap-secrets";
 static char *conf_chap_secrets;
 static int conf_encrypted;
 static in_addr_t conf_gw_ip_address = 0;
-static int conf_netmask;
+static int conf_netmask = 0;
 
 static void *pd_key;
 static struct ipdb_t ipdb;
@@ -762,6 +762,7 @@ static void load_config(void)
 		parse_gw_ip_address(opt);
 	else {
 		conf_gw_ip_address = 0;
+		conf_netmask = 0;
 	}
 
 	opt = conf_get_opt("chap-secrets", "encrypted");

accel-pppd/extra/ippool.c

@@ -264,6 +264,7 @@ static void generate_pool_p2p(struct ippool_t *p)
 			break;
 		}
 
+		memset(it, 0, sizeof(*it));
 		it->pool = p;
 		it->it.owner = &ipdb;
 		if (conf_gw_ip_address)
@@ -304,6 +305,7 @@ static void generate_pool_net30(struct ippool_t *p)
 			break;
 		}
 
+		memset(it, 0, sizeof(*it));
 		it->pool = p;
 		it->it.owner = &ipdb;
 		it->it.addr = addr[1]->addr;
@@ -443,6 +445,7 @@ static int session_restore(struct ap_session *ses, struct backup_mod *m)
 		ses->ipv4 = &it0->it;
 	else {
 		ses->ipv4 = _malloc(sizeof(*ses->ipv4));
+		memset(ses->ipv4, 0, sizeof(*ses->ipv4));
 		ses->ipv4->addr = addr;
 		ses->ipv4->peer_addr = peer_addr;
 		ses->ipv4->owner = &ipdb_b;

accel-pppd/extra/ipv6pool.c

@@ -83,6 +83,7 @@ static void generate_ippool(struct in6_addr *addr, int mask, int prefix_len)
 
 	while (in6_addr_cmp(&ip, &end) <= 0) {
 		it = malloc(sizeof(*it));
+		memset(it, 0, sizeof(*it));
 		it->it.owner = &ipdb;
 		INIT_LIST_HEAD(&it->it.addr_list);
 		a = malloc(sizeof(*a));
@@ -119,6 +120,7 @@ static void generate_dppool(struct in6_addr *addr, int mask, int prefix_len)
 
 	while (in6_addr_cmp(&ip, &end) <= 0) {
 		it = malloc(sizeof(*it));
+		memset(it, 0, sizeof(*it));
 		it->it.owner = &ipdb;
 		INIT_LIST_HEAD(&it->it.prefix_list);
 		a = malloc(sizeof(*a));