github liulilittle/openppp2 1.0.0.26117
on GitHub

6 hours ago

Fixing Undefined Behavior Issues, Platform Compatibility, and Documentation Updates

Version Information

1.0.0.26117 (Build 20260314)

Commit Summary

This series of seven commits (following the LWIP shutdown fix at commit a789c61) resolves multiple critical undefined behavior (UB) problems in the C++ codebase, corrects platform-specific compatibility issues (ARM and Windows), fixes function naming and cryptographic logic errors, addresses a potential authentication memory leak, aligns TUN gateway configuration across platforms, and improves command-line argument parsing plus documentation accuracy. These changes significantly boost stability, security, cross-platform portability, and usability of the VPN protocol stack.

Detailed Changes

1. Fixed Spelling Error in GetUnderlyingNetworkInterface and Potential Authentication Memory Leak in VirtualEthernetManagedServer

  • Issue: Typo GetUnderlyingNetowrkInterface (missing “w”) broke network interface retrieval, route table operations, DNS configuration, and environment printing across Windows/macOS/Linux. Potential memory leak in authentication/resource cleanup during async operations.
  • Root Cause: Typographical error in function declaration/calls; improper shared-pointer and async I/O cleanup in VirtualEthernetManagedServer.cpp, TapLinux.cpp, etc.
  • Change: Renamed function to GetUnderlyingNetworkInterface in PppApplication.cpp, VEthernetNetworkSwitcher.cpp, VirtualEthernetManagedServer.cpp, NetworkInterface.h, and related files. Enhanced Dispose() dispatching with boost::asio::dispatch, improved buffer/error handling in async_read_some, added liburing include in CMakeLists.txt for better async I/O, and strengthened resource cleanup logic.
  • Impact: Eliminates interface access failures and connection misrouting; prevents gradual memory exhaustion in long-running VPN sessions; ensures correct route/DNS operations on all platforms.

2. Fixed ARM Environment Macro Conflicts for htole32 and le32toh

  • Issue: On ARM, system headers already define htole32/le32toh as macros (expanding to __uint32_identity), causing conflicts with custom inline functions.
  • Root Cause: Unconditional function definitions in Int128.h clashed with macro expansion.
  • Change: Added #ifndef htole32 / #ifndef le32toh guards around function definitions in ppp/Int128.h; updated calls to unqualified names so system macros are respected when present.
  • Impact: Ensures correct byte-order conversion and successful compilation on ARM platforms without redefinition errors.

3. Fixed Type Index Error in digest.cpp for hash_hmac with SHA Family Algorithms

  • Issue: Incorrect indexing into sha_len_table/sha_proc_table when hash_hmac processed SHA1/SHA256/etc., because enum values start at 1 (index 0 was skipped).
  • Root Cause: Direct use of raw algorithm enum value as zero-based array index in digest.cpp.
  • Change: Introduced int sha_algorithm = ((int)algorithm) - 1; adjustment before table lookups (also updated related files: main.cpp, Int128.h, rc4.cpp, stdafx.h).
  • Impact: Correct digest sizes and processing functions for all HMAC-SHA operations; prevents crypto failures or out-of-bounds access in authentication.

4. Fixed Various Undefined Behavior Errors, Marker Release Issues, Transport Layer Confusion, Always-False Condition, and Int128 Compatibility

  • Issue: UB from INFINITY macro misuse, null dereferences, IPv6 options on IPv4 sockets, port-range checks using < instead of <=, moved-object release in acceptors, and Int128 incompatibilities.
  • Root Cause: Platform macro inconsistencies, improper std::move + reset in VirtualEthernetSwitcher::CloseAllAcceptors, exclusive bounds in port validation, missing firewall null-checks, and IPv6_TCLASS misuse.
  • Change: Defined INFINITE properly and casted for timeval/poll; added null-checks before firewall calls; refactored acceptor close (copy → reset → close); changed port conditions to <= IPEndPoint::MaxPort; switched to IP_TOS for IPv4; updated Int128.h (multiple files: VEthernetExchanger.cpp, Firewall.cpp, Socket.cpp, ITransmission.cpp, etc.).
  • Impact: Eliminates UB-induced crashes or erratic behavior; ensures proper resource release in server components; corrects transport-layer validation across the stack.

5. Fixed Batch of Urgent C++/Undefined Behavior Issues

  • Issue: Memory/buffer overflows (memcpy after allocation, curl_write_data past buffer), uninitialized variables, redundant/unsafe Int128 bitwise ops, integer overflow in capacity calc, signed right-shifts, getaddrinfo leak, buffer over-read on empty strings, wrong sizeof on pointers, incorrect IPFragment::GetKey return type, etc.
  • Root Cause: Unsafe C++ patterns, missing initializations/frees, signed arithmetic, pointer-vs-struct sizeof misuse, and implementation-defined shifts.
  • Change: Added buffer safeguards, std::unique_ptr with custom deleter for addrinfo, unsigned shifts/masks, int64_t capacity checks, proper sizeof(*pDNSHeader), if (len > 0) guards, corrected return type to Int128, simplified Int128 bitwise ops (files: chnroutes2.cpp, MemoryStream.h, IPEndPoint.cpp/h, checksum.cpp, IPFragment.cpp, Firewall.cpp, LSP files, etc.).
  • Impact: Prevents leaks, overflows, and UB in core networking/crypto; greatly improves memory safety and reliability.

6. Aligned Windows TUN Mode Gateway Configuration with Cross-Platform Standards

  • Issue: Windows used inconsistent default gateway (10.0.0.0) and driver param expectations vs. Linux/macOS.
  • Root Cause: Platform-specific logic in main.cpp and TapWindows driver (gateway vs. network address confusion).
  • Change: Standardized default to 10.0.0.1 everywhere (READMEs, help text, main.cpp); updated TapWindows.cpp/h to pass (ip & mask) as network address to driver; renamed config function; added fallback logic; updated project debug args and docs (removed platform-specific notes).
  • Impact: Identical --tun-gw behavior and defaults across all platforms; full backward compatibility for CLI; simplifies user configuration.

7. Fixed Command-Line Argument Parsing and Corrected --congestions Parameter Documentation

  • Issue: HasCommandArgument/GetCommandArgument failed on quoted strings or = syntax; outdated “recommended 512-2048 per core” note for --congestions.
  • Root Cause: Limited parser ignoring quotes/equals; old documentation.
  • Change: Refactored parsing to respect double/single quotes and = values (in main.cpp, stdafx.cpp); updated README.md/README_CN.md to accurate memory note (“Max congestion window, 1024 UDP packets ≈ 1.5MB”); fixed default value displays for --tun-flash/--tun-ssmt.
  • Impact: Robust CLI handling for complex options; clearer, accurate documentation preventing misconfiguration.

All changes have been integrated and tested; the VPN now runs more stably and securely across Windows, Linux, macOS, and ARM environments.

Check out latest releases or
releases around liulilittle/openppp2 1.0.0.26117

Don't miss a new openppp2 release

NewReleases is sending notifications on new releases.

Get notifications