v4.37-9758-betav4.37-9758-beta

19 files changed, 140 insertions, 20 deletions

diff --git a/src/BuildUtil/UnixBuildSoftwares.cs b/src/BuildUtil/UnixBuildSoftwares.cs
index fb663fe0..8416dc9e 100644
--- a/src/BuildUtil/UnixBuildSoftwares.cs
+++ b/src/BuildUtil/UnixBuildSoftwares.cs
@@ -632,7 +632,7 @@ namespace BuildUtil
 			sr.WriteLine("# You have to read and agree the license agreement at the same directory");

 			sr.WriteLine("#  before using this software.");

 			sr.WriteLine();

-			sr.WriteLine("i_read_and_agree_the_license_agreement:");

+			sr.WriteLine("main:");

 

 			sr.WriteLine("\t@echo \"Preparing {0}...\"", BuildHelper.GetSoftwareTitle(this.Software));

 

diff --git a/src/Cedar/Cedar.h b/src/Cedar/Cedar.h
index 5dfeabe2..e2add369 100644
--- a/src/Cedar/Cedar.h
+++ b/src/Cedar/Cedar.h
@@ -126,10 +126,10 @@
 

 

 // Version number

-#define	CEDAR_VER					436

+#define	CEDAR_VER					437

 

 // Build Number

-#define	CEDAR_BUILD					9754

+#define	CEDAR_BUILD					9758

 

 // Beta number

 //#define	BETA_NUMBER					3

@@ -149,11 +149,11 @@
 

 // Specifies the build date

 #define	BUILD_DATE_Y		2021

-#define	BUILD_DATE_M		6

-#define	BUILD_DATE_D		7

-#define	BUILD_DATE_HO		21

-#define	BUILD_DATE_MI		29

-#define	BUILD_DATE_SE		54

+#define	BUILD_DATE_M		8

+#define	BUILD_DATE_D		16

+#define	BUILD_DATE_HO		0

+#define	BUILD_DATE_MI		27

+#define	BUILD_DATE_SE		11

 

 // Tolerable time difference

 #define	ALLOW_TIMESTAMP_DIFF		(UINT64)(3 * 24 * 60 * 60 * 1000)

diff --git a/src/Cedar/CedarType.h b/src/Cedar/CedarType.h
index 040790f0..5ae3ac26 100644
--- a/src/Cedar/CedarType.h
+++ b/src/Cedar/CedarType.h
@@ -616,6 +616,7 @@ typedef struct IKE_SA_TRANSFORM_SETTING IKE_SA_TRANSFORM_SETTING;
 typedef struct IKE_CLIENT IKE_CLIENT;

 typedef struct IPSECSA IPSECSA;

 typedef struct IKE_CAPS IKE_CAPS;

+typedef struct IKE_INFOMSG_QUOTA_ENTRY IKE_INFOMSG_QUOTA_ENTRY;

 

 // ==============================================================

 //  IPSec Packet

diff --git a/src/Cedar/Connection.c b/src/Cedar/Connection.c
index e7298ddd..c5c5ca3a 100644
--- a/src/Cedar/Connection.c
+++ b/src/Cedar/Connection.c
@@ -3571,6 +3571,7 @@ CONNECTION *NewServerConnection(CEDAR *cedar, SOCK *s, THREAD *t)
 	{

 		AddRef(c->FirstSock->ref);

 		Copy(&c->ClientIp, &s->RemoteIP, sizeof(IP));

+		c->ClientPort = s->RemotePort;

 		StrCpy(c->ClientHostname, sizeof(c->ClientHostname), s->RemoteHostname);

 	}

 	c->Tcp = ZeroMalloc(sizeof(TCP));

diff --git a/src/Cedar/Connection.h b/src/Cedar/Connection.h
index 2b1f8091..f1fde638 100644
--- a/src/Cedar/Connection.h
+++ b/src/Cedar/Connection.h
@@ -300,6 +300,7 @@ struct CONNECTION
 	char *CipherName;				// Encryption algorithm name

 	UINT64 ConnectedTick;			// Time it is connected

 	IP ClientIp;					// Client IP address

+	UINT ClientPort;				// Client Port number

 	char ClientHostname[MAX_HOST_NAME_LEN + 1];	// Client host name

 	UINT Type;						// Type

 	bool DontUseTls1;				// Do not use TLS 1.0

diff --git a/src/Cedar/IPsec.c b/src/Cedar/IPsec.c
index c9f708a0..92a8ccbf 100644
--- a/src/Cedar/IPsec.c
+++ b/src/Cedar/IPsec.c
@@ -381,6 +381,13 @@ void IPsecServerUdpPacketRecvProc(UDPLISTENER *u, LIST *packet_list)
 

 	ike->Now = now;

 

+	if (now >= ike->NextInfoMsgQuotaClearTick)

+	{

+		ike->NextInfoMsgQuotaClearTick = now + 1000ULL;

+

+		IkeInfoMsgQuotaDeleteAll(ike);

+	}

+

 	if (ipsec_disable == false)

 	{

 		{

diff --git a/src/Cedar/IPsec_IKE.c b/src/Cedar/IPsec_IKE.c
index 902678a6..b458aa48 100644
--- a/src/Cedar/IPsec_IKE.c
+++ b/src/Cedar/IPsec_IKE.c
@@ -159,6 +159,55 @@ void ProcIKEPacketRecv(IKE_SERVER *ike, UDPPACKET *p)
 	}

 }

 

+IKE_INFOMSG_QUOTA_ENTRY *IkeInfoMsgQuotaGetEntry(IKE_SERVER *ike, IP *client_ip)

+{

+	UINT i;

+	IKE_INFOMSG_QUOTA_ENTRY *new_entry = NULL;

+	if (ike == NULL || client_ip == NULL)

+	{

+		return NULL;

+	}

+

+	for (i = 0;i < LIST_NUM(ike->InfoMsgQuotaList);i++)

+	{

+		IKE_INFOMSG_QUOTA_ENTRY *q = LIST_DATA(ike->InfoMsgQuotaList, i);

+

+		if (CmpIpAddr(&q->ClientIp, client_ip) == 0)

+		{

+			return q;

+		}

+	}

+

+	if (LIST_NUM(ike->InfoMsgQuotaList) >= IKE_QUOTA_MAX_INFOMSG_ENTRY_COUNT)

+	{

+		return NULL;

+	}

+

+	new_entry = ZeroMalloc(sizeof(IKE_INFOMSG_QUOTA_ENTRY));

+	CopyIP(&new_entry->ClientIp, client_ip);

+	Add(ike->InfoMsgQuotaList, new_entry);

+

+	return new_entry;

+}

+

+void IkeInfoMsgQuotaDeleteAll(IKE_SERVER *ike)

+{

+	UINT i;

+	if (ike == NULL)

+	{

+		return;

+	}

+

+	for (i = 0;i < LIST_NUM(ike->InfoMsgQuotaList);i++)

+	{

+		IKE_INFOMSG_QUOTA_ENTRY *q = LIST_DATA(ike->InfoMsgQuotaList, i);

+

+		Free(q);

+	}

+

+	DeleteAll(ike->InfoMsgQuotaList);

+}

+

 // Send a packet via IPsec

 void IPsecSendPacketByIPsecSa(IKE_SERVER *ike, IPSECSA *sa, UCHAR *data, UINT data_size, UCHAR protocol_id)

 {

@@ -1337,6 +1386,7 @@ void SendInformationalExchangePacketEx(IKE_SERVER *ike, IKE_CLIENT *c, IKE_PACKE
 	BUF *tmp_buf;

 	UCHAR hash[IKE_MAX_HASH_SIZE];

 	IKE_CRYPTO_PARAM cp;

+	IKE_INFOMSG_QUOTA_ENTRY *quota_entry;

 	bool plain = false;

 	// Validate arguments

 	if (ike == NULL || c == NULL || payload == NULL)

@@ -1345,6 +1395,20 @@ void SendInformationalExchangePacketEx(IKE_SERVER *ike, IKE_CLIENT *c, IKE_PACKE
 		return;

 	}

 

+	quota_entry = IkeInfoMsgQuotaGetEntry(ike, &c->ClientIP);

+	if (quota_entry == NULL)

+	{

+		IkeFreePayload(payload);

+		return;

+	}

+

+	quota_entry->Count++;

+	if (quota_entry->Count >= IKE_QUOTA_MAX_INFOMSG_SEND_PER_IP_PER_SEC)

+	{

+		IkeFreePayload(payload);

+		return;

+	}

+

 	sa = c->CurrentIkeSa;

 	if (sa == NULL)

 	{

@@ -5940,6 +6004,15 @@ void FreeIKEServer(IKE_SERVER *ike)
 

 	FreeIkeEngine(ike->Engine);

 

+	for (i = 0;i < LIST_NUM(ike->InfoMsgQuotaList);i++)

+	{

+		IKE_INFOMSG_QUOTA_ENTRY *q = LIST_DATA(ike->InfoMsgQuotaList, i);

+

+		Free(q);

+	}

+

+	ReleaseList(ike->InfoMsgQuotaList);

+

 	Debug("FreeThreadList()...\n");

 	FreeThreadList(ike->ThreadList);

 	Debug("FreeThreadList() Done.\n");

@@ -5974,6 +6047,8 @@ IKE_SERVER *NewIKEServer(CEDAR *cedar, IPSEC_SERVER *ipsec)
 

 	ike->ClientList = NewList(CmpIkeClient);

 

+	ike->InfoMsgQuotaList = NewList(NULL);

+

 	ike->Engine = NewIkeEngine();

 

 	ike->ThreadList = NewThreadList();

diff --git a/src/Cedar/IPsec_IKE.h b/src/Cedar/IPsec_IKE.h
index 91408c79..82904676 100644
--- a/src/Cedar/IPsec_IKE.h
+++ b/src/Cedar/IPsec_IKE.h
@@ -148,6 +148,9 @@
 #define	IKE_QUOTA_MAX_NUM_CLIENTS			30000			// Limit number of IKE_CLIENT

 #define	IKE_QUOTA_MAX_SA_PER_CLIENT			100				// The limit number of SA for each IKE_CLIENT

 

+#define IKE_QUOTA_MAX_INFOMSG_SEND_PER_IP_PER_SEC	20

+#define IKE_QUOTA_MAX_INFOMSG_ENTRY_COUNT	100

+

 // Time-out

 #define	IKE_TIMEOUT_FOR_IKE_CLIENT			150000			// IKE_CLIENT non-communication disconnect time

 #define	IKE_TIMEOUT_FOR_IKE_CLIENT_FOR_NOT_ESTABLISHED		10000 // IKE_CLIENT non-communication disconnect time (connection incomplete)

@@ -346,6 +349,12 @@ struct IPSECSA
 	IKE_HASH *SKEYID_Hash;

 };

 

+struct IKE_INFOMSG_QUOTA_ENTRY

+{

+	IP ClientIp;

+	UINT Count;

+};

+

 // IKE server

 struct IKE_SERVER

 {

@@ -360,6 +369,8 @@ struct IKE_SERVER
 	LIST *IkeSaList;							// SA list

 	LIST *IPsecSaList;							// IPsec SA list

 	LIST *ThreadList;							// L2TP thread list

+	LIST *InfoMsgQuotaList;						// Information Message Quota List

+	UINT64 NextInfoMsgQuotaClearTick;

 	bool StateHasChanged;						// Flag whether the state has changed

 	UINT CurrentIkeSaId, CurrentIPsecSaId, CurrentIkeClientId, CurrentEtherId;	// Serial number ID

 

@@ -463,5 +474,8 @@ void ProcL2TPv3PacketRecv(IKE_SERVER *ike, IKE_CLIENT *c, UCHAR *data, UINT data
 

 IKE_SA *SearchIkeSaByCookie(IKE_SERVER *ike, UINT64 init_cookie, UINT64 resp_cookie);

 

+IKE_INFOMSG_QUOTA_ENTRY *IkeInfoMsgQuotaGetEntry(IKE_SERVER *ike, IP *client_ip);

+void IkeInfoMsgQuotaDeleteAll(IKE_SERVER *ike);

+

 #endif	// IPSEC_IKE_H

 

diff --git a/src/Cedar/Logging.c b/src/Cedar/Logging.c
index 9ec6a5a0..34060308 100644
--- a/src/Cedar/Logging.c
+++ b/src/Cedar/Logging.c
@@ -1147,11 +1147,23 @@ bool PacketLog(HUB *hub, SESSION *src_session, SESSION *dest_session, PKT *packe
 		if (src_session != NULL && src_session->NormalClient)

 		{

 			StrCpy(pl->SrcPhysicalIP, sizeof(pl->SrcPhysicalIP), src_session->ClientIP);

+			if (src_session->ClientPort != 0)

+			{

+				char tmp[32] = {0};

+				Format(tmp, sizeof(tmp), "(port=%u)", src_session->ClientPort);

+				StrCat(pl->SrcPhysicalIP, sizeof(pl->SrcPhysicalIP), tmp);

+			}

 		}

 

 		if (dest_session != NULL && dest_session->NormalClient)

 		{

 			StrCpy(pl->DestPhysicalIP, sizeof(pl->DestPhysicalIP), dest_session->ClientIP);

+			if (dest_session->ClientPort != 0)

+			{

+				char tmp[32] = {0};

+				Format(tmp, sizeof(tmp), "(port=%u)", dest_session->ClientPort);

+				StrCat(pl->DestPhysicalIP, sizeof(pl->DestPhysicalIP), tmp);

+			}

 		}

 

 		pl->WritePhysicalIP = true;

diff --git a/src/Cedar/Protocol.c b/src/Cedar/Protocol.c
index 2fc3c22b..def224bb 100644
--- a/src/Cedar/Protocol.c
+++ b/src/Cedar/Protocol.c
@@ -3736,6 +3736,7 @@ bool ServerAccept(CONNECTION *c)
 			s->NormalClient = true;

 

 			IPToStr(s->ClientIP, sizeof(s->ClientIP), &c->ClientIp);

+			s->ClientPort = c->ClientPort;

 

 			if (c->FirstSock->IsRUDPSocket)

 			{

@@ -7783,7 +7784,10 @@ SOCK *SocksConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 	if (c == NULL || proxy_host_name == NULL || proxy_port == 0 || server_host_name == NULL

 		|| server_port == 0)

 	{

-		c->Err = ERR_PROXY_CONNECT_FAILED;

+		if (c != NULL)

+		{

+			c->Err = ERR_PROXY_CONNECT_FAILED;

+		}

 		return NULL;

 	}

 

@@ -7977,7 +7981,10 @@ SOCK *ProxyConnectEx2(CONNECTION *c, char *proxy_host_name, UINT proxy_port,
 	if (c == NULL || proxy_host_name == NULL || proxy_port == 0 || server_host_name == NULL ||

 		server_port == 0)

 	{

-		c->Err = ERR_PROXY_CONNECT_FAILED;

+		if (c != NULL)

+		{

+			c->Err = ERR_PROXY_CONNECT_FAILED;

+		}

 		return NULL;

 	}

 	if (username != NULL && password != NULL &&

@@ -8977,7 +8984,7 @@ UINT WsRecvSync(WS *w, void *data, UINT size)
 			return sz;

 		}

 		r = Recv(w->Sock, w->TmpBuf, sizeof(w->TmpBuf), w->Sock->SecureMode);

-		if (r == 0)

+		if (r == 0 || r == SOCK_LATER)

 		{

 			break;

 		}

@@ -9589,9 +9596,9 @@ UINT MvpnDoAccept(CONNECTION *c, WS *w)
 		StrCpy(ipc_param.HubName, sizeof(ipc_param.HubName), client_hub_name);

 		StrCpy(ipc_param.UserName, sizeof(ipc_param.UserName), auth_username);

 		CopyIP(&ipc_param.ClientIp, &w->Sock->RemoteIP);

-		ipc_param.ClientPort, w->Sock->RemotePort;

+		ipc_param.ClientPort = w->Sock->RemotePort;

 		CopyIP(&ipc_param.ServerIp, &w->Sock->LocalIP);

-		ipc_param.ServerPort, w->Sock->LocalPort;

+		ipc_param.ServerPort = w->Sock->LocalPort;

 		StrCpy(ipc_param.ClientHostname, sizeof(ipc_param.ClientHostname), w->Sock->RemoteHostname);

 		StrCpy(ipc_param.CryptName, sizeof(ipc_param.CryptName), w->Sock->CipherName);

 		ipc_param.Layer = IPC_LAYER_3; // TODO

diff --git a/src/Cedar/Session.h b/src/Cedar/Session.h
index 5fca38ee..d12fede5 100644
--- a/src/Cedar/Session.h
+++ b/src/Cedar/Session.h
@@ -185,6 +185,7 @@ struct SESSION
 	THREAD *Thread;					// Management thread

 	CONNECTION *Connection;			// Connection

 	char ClientIP[64];				// Client IP

+	UINT ClientPort;				// Client Port

 	CLIENT_OPTION *ClientOption;	// Client connection options

 	CLIENT_AUTH *ClientAuth;		// Client authentication data

 	volatile bool Halt;				// Halting flag

diff --git a/src/CurrentBuild.txt b/src/CurrentBuild.txt
index 0fecf2a1..a783815e 100644
--- a/src/CurrentBuild.txt
+++ b/src/CurrentBuild.txt
@@ -1,4 +1,4 @@
-BUILD_NUMBER 9754

-VERSION 436

+BUILD_NUMBER 9758

+VERSION 437

 BUILD_NAME beta

-BUILD_DATE 20210607_212954

+BUILD_DATE 20210816_002711

diff --git a/src/Mayaqua/Encrypt.c b/src/Mayaqua/Encrypt.c
index d93ef7d5..0757b090 100644
--- a/src/Mayaqua/Encrypt.c
+++ b/src/Mayaqua/Encrypt.c
@@ -2642,6 +2642,7 @@ bool RsaPrivateDecrypt(void *dst, void *src, UINT size, K *k)
 	Unlock(openssl_lock);

 	if (ret <= 0)

 	{

+		Free(tmp);

 		return false;

 	}

 

diff --git a/src/Mayaqua/Kernel.c b/src/Mayaqua/Kernel.c
index 28dd4b6e..2edc142e 100644
--- a/src/Mayaqua/Kernel.c
+++ b/src/Mayaqua/Kernel.c
@@ -566,7 +566,7 @@ void GetHomeDir(char *path, UINT size)
 		if (GetEnv("HOMEDRIVE", drive, sizeof(drive)) &&

 			GetEnv("HOMEPATH", hpath, sizeof(hpath)))

 		{

-			Format(path, sizeof(path), "%s%s", drive, hpath);

+			Format(path, size, "%s%s", drive, hpath);

 		}

 		else

 		{

diff --git a/src/bin/vpnweb.cab b/src/bin/vpnweb.cab
index 04347ec9..8e8f66ba 100644
--- a/src/bin/vpnweb.cab
+++ b/src/bin/vpnweb.cab
diff --git a/src/bin/vpnweb.ocx b/src/bin/vpnweb.ocx
index fb9d6390..9a097ab0 100644
--- a/src/bin/vpnweb.ocx
+++ b/src/bin/vpnweb.ocx
diff --git a/src/vpnweb/vpnweb.h b/src/vpnweb/vpnweb.h
index 126fb191..9ca211b4 100644
--- a/src/vpnweb/vpnweb.h
+++ b/src/vpnweb/vpnweb.h
@@ -4,7 +4,7 @@
 

 

  /* File created by MIDL compiler version 7.00.0500 */

-/* at Mon Jun 07 21:30:12 2021

+/* at Mon Aug 16 00:27:28 2021

  */

 /* Compiler settings for .\vpnweb.idl:

     Oicf, W1, Zp8, env=Win32 (32b run)

diff --git a/src/vpnweb/vpnweb_i.c b/src/vpnweb/vpnweb_i.c
index c3d46155..a0b1f9ff 100644
--- a/src/vpnweb/vpnweb_i.c
+++ b/src/vpnweb/vpnweb_i.c
@@ -6,7 +6,7 @@
 

 

  /* File created by MIDL compiler version 7.00.0500 */

-/* at Mon Jun 07 21:30:12 2021

+/* at Mon Aug 16 00:27:28 2021

  */

 /* Compiler settings for .\vpnweb.idl:

     Oicf, W1, Zp8, env=Win32 (32b run)

diff --git a/src/vpnweb/vpnweb_p.c b/src/vpnweb/vpnweb_p.c
index f21d0dbe..6bd00159 100644
--- a/src/vpnweb/vpnweb_p.c
+++ b/src/vpnweb/vpnweb_p.c
@@ -4,7 +4,7 @@
 

 

  /* File created by MIDL compiler version 7.00.0500 */

-/* at Mon Jun 07 21:30:12 2021

+/* at Mon Aug 16 00:27:28 2021

  */

 /* Compiler settings for .\vpnweb.idl:

     Oicf, W1, Zp8, env=Win32 (32b run)