Mark Janssen
8b2661ecd7
Merge pull request #83 from tofurky/unterminated_string_calloc
...
Avoid printing unterminated string in readline()
2024-09-16 12:53:42 +02:00
Matt Merhar
9df98a6e31
Avoid printing unterminated string in readline()
...
When running with -v, readline() in io.c uses strncpy() to copy a string
(*without* the terminating NULL) into an uninitialized buffer created by
malloc().
When message() then prints this, it can lead to garbage data being
emitted since it's potentially reading past the intended end of the
string. In practice, this appears to only be an additional byte or 2
before a NULL is encountered.
The issue was hit when readline() encountered "\r\n\r\n", not longer
strings, but I imagine it's dependent on things like compiler / libc /
the weather as to whether the end of the buffer returned by malloc()
will be zeroed or not; I've seen similar issues pop up with "working"
code running on newer distros.
2024-09-13 19:20:50 -04:00
Mark Janssen
84d44b608b
Merge pull request #80 from hoilc/patch-1
...
Fix typo in package name
2024-03-25 14:50:38 +01:00
hoilc
0d62ae5af3
Fix typo in package name
2024-03-25 21:25:00 +08:00
Mark Janssen
d55d9286a0
Merge pull request #79 from hoilc/enable-github-action
...
Enable GitHub Action for Windows Binary
2024-03-21 13:40:08 +01:00
hoilc
af80b39f2d
enable github action
2024-03-20 13:18:20 +08:00
Sven Geuer
d2c636bef4
Prepare CHANGES and config.h for release.
2024-02-06 17:41:38 +01:00
Sven Geuer
08b84fe054
Update the --help output to the recent version.
2024-02-01 16:33:38 +01:00
Sven Geuer
e999ab0acd
Replace deprecated functions bzero/bcopy by memset/memcpy.
2024-02-01 16:14:56 +01:00
Sven Geuer
abb82a7807
Make sure no deprecated libssl functions are called.
2024-02-01 16:08:09 +01:00
Sven Geuer
351d2dffc3
Use OPENSSL_VERSION_NUMBER to compile code matching the applied libssl version.
...
This renders Makefile.ssl11 redundant.
2024-01-30 19:47:34 +01:00
Sven Geuer
945f205796
Deprecate -L/--tlsenforce and -T/--no-ssl3.
2024-01-30 19:46:15 +01:00
Sven Geuer
33399b3312
Remove deprecated options.
...
Remove options -u and -s deprecated since 2008.
Remove also commented remnants of options -U and -S.
2024-01-26 01:44:37 +01:00
Sven Geuer
cef27b8576
As worker, close the unneeded listening socket.
2024-01-21 23:04:33 +01:00
Sven Geuer
4690473fba
In standalone mode, fix logging of IPv6 clients.
2024-01-21 22:52:36 +01:00
Sven Geuer
65562596b7
Use an AF_INET socket when binding to a specified IPv4 address.
2024-01-21 21:06:38 +01:00
Sven Geuer
6adc78ec08
Prepare CHANGES and config.h for release
2023-12-17 19:50:52 +01:00
Sven Geuer
a0b916a177
client SSL * -> SSL client *
2023-12-17 19:49:28 +01:00
Sven Geuer
11f50d20c3
Update manual page regarding -a/--standalone
2023-12-17 01:25:40 +01:00
Sven Geuer
c9503273a7
Allow for binding to a link-local IPv6 address
...
Requires to also give the interface like ipv6%interface
2023-12-16 23:37:36 +01:00
Sven Geuer
3c3b5b0858
Remove Debian-specific reference
2023-12-16 19:31:06 +01:00
Sven Geuer
6f66537295
Remove sentence about not working authentication on remote proxies
2023-12-16 17:34:55 +01:00
Sven Geuer
4100c006f7
Replace reference to the already removed option -S
2023-12-16 17:32:59 +01:00
Sven Geuer
4cc6aa11db
Corrections and updates to the manual page
2023-12-15 23:10:47 +01:00
Sven Geuer
002410f449
Remove Debian-specific reference from --help output
2023-12-15 22:51:48 +01:00
Sven Geuer
513c8a2fc9
In standalone mode, allow for binding to a specified IP address
2023-12-15 22:29:01 +01:00
Sven Geuer
ae7fcc8a1f
Make sure stdlib.c is only included once
2023-12-15 15:42:49 +01:00
Sven Geuer
5f1674159b
In standalone mode, allow also for IPv6 connections
2023-12-15 15:32:12 +01:00
Sven Geuer
a5b69f666c
Minor corrections to the manpage.
2023-12-14 01:07:08 +01:00
Sven Geuer
65795065e6
Add a missing #include
...
noticed when trying to build without USE_SSL
2023-12-14 00:09:11 +01:00
Sven Geuer
8148cca521
Small fixes to the --help output
2023-12-14 00:08:09 +01:00
Sven Geuer
bd28fefd02
Bump VERSION and VERSION_DATE
2023-12-11 20:59:32 +01:00
Sven Geuer
b7aab076d2
Fix loading REMPROXYUSER/REMPROXYPASS from the environment
2023-12-11 19:10:32 +01:00
Sven Geuer
a425fa20d8
On SSL connections, introduce authentication by client certificate
2023-12-11 18:31:42 +01:00
Sven Geuer
a65239015d
Correct derivation of peer_host
...
Combine the derivations from proxy_arg and args_info.host_arg.
2023-12-10 22:45:17 +01:00
Sven Geuer
51c3a0be03
Flag it as a version under development
2023-12-02 23:20:48 +01:00
Sven Geuer
5b0e803f25
Some more alloca() instead of malloc()
2023-12-02 21:15:23 +01:00
Sven Geuer
097a0a2453
Honor -o/--host on determining the SNI host name
2023-12-02 19:54:02 +01:00
Sven Geuer
470ac87f73
Use alloca() instead of malloc()
...
This make code more readable and spares us some explicit calls to
free().
2023-12-02 19:37:56 +01:00
Sven Geuer
8d69435854
Ignore generated documentation files
2023-12-02 19:02:24 +01:00
Sven Geuer
f2fdb5ee89
Fix a typo
2023-12-02 18:44:53 +01:00
Sven Geuer
b314a1c725
Fix configuration of option --tlsenforce
2023-12-02 18:33:33 +01:00
Sven Geuer
be12e0219a
Add long options missing from --help and manual page
2023-12-02 18:28:13 +01:00
Sven Geuer
352c89cd5a
Bump version and changelogs
2023-10-16 21:01:01 +02:00
Sven Geuer
c76499093b
Drop obsolete Makefile flavor.
2023-10-16 18:40:29 +02:00
Sven Geuer
0349635635
Harmonize output of --help and manual page
...
Also fix some typos and missing newlines.
2023-10-01 21:09:49 +02:00
Sven Geuer
62f57fd865
Quote colons (:) in _host_:_port_ and similar strings
...
This makes sure the substring after the colon is displayed with the
intended text styles.
2023-09-27 17:36:36 +02:00
Sven Geuer
5888c89a3c
Submit VERSION and VERSION_DATE when generating the manual page
2023-09-27 17:04:22 +02:00
Sven Geuer
2f733348cc
Use VERSION_YEAR to build an up-to-date copyright string
2023-09-27 17:01:00 +02:00
Sven Geuer
afbab76cf1
Add macros VERSION_YEAR and VERSION_DATE
2023-09-27 16:55:56 +02:00
