diff --git a/SECURITY.md b/SECURITY.md new file mode 100644 index 000000000..9aba97de3 --- /dev/null +++ b/SECURITY.md @@ -0,0 +1,95 @@ +# Security + +ZeroTier takes the security of our software products and services seriously, which +includes all source code repositories managed through our GitHub organization. + +## Supported Versions + +The following versions of ZeroTier One receive security updates + +| Version | Supported | +| ------- | ------------------ | +| 1.10.x | :white_check_mark: | +| 1.8.x | :white_check_mark: | +| < 1.8.0 | :x: | + +## Reporting a Vulnerability + +**Please do not report security issues through public GitHub issues** + +Instead, please report vulnerabilities via email to security@zerotier.com. If possible, +please encrypt with our PGP key (see below). + +Please include the following information, or as much as you can provide to help us +understand the nature and scope of the issue: + + + * Type of issue (e.g. buffer overflow, SQL injection, cross-site scripting, etc.) + * Full paths of source file(s) related to the manifestation of the issue + * The location of the affected source code (tag/branch/commit or direct URL) + * Any special configuration required to reproduce the issue + * Step-by-step instructions to reproduce the issue + * Proof-of-concept or exploit code (if possible) + * Impact of the issue, including how an attacker might exploit the issue + + +## Preferred Languages + +We prefer all communications to be in English. + +## security@zerotier.com PGP key + +``` +-----BEGIN PGP PUBLIC KEY BLOCK----- + +mQINBGQGOVIBEACalXTnNqaiSOVLFEiqHpDMg8N/OI5D5850Xy1ZEvx3B3rz7cbn +k30ozHtJKbh+vqpyItE7DjyQAuF19gP5Q64Yh0Y+MmLHq60q/GwOwAYz7cI+UzA3 +5x8YqcmTp32LAM1xJn+iMlMLBuAmJl4kULKmOXPlpqPiyTFs5saizvm7fgRmfgJJ +HpsnIrTkaDFJhAR+jvMJohVYwmhuydeI0DsHu7KGpG1ddcHDrUjOPNqXnnAPSPwx +llw4yfKlQb8GYErsv/G5QVyzd5+SxEuiI4MARRnrk8LlMQ33CR6pzIQ/Bk5AAmye +mHqfEAknkiOf++urYhRs9BL3Kz3MdV0cg92zr9EFOg0u56jxf5OnAiTOhGUUA0hn +dS7peVGl46R9Oy2JYIazNDGi+4NIsYDFXsnsss9xOQVygPyeQd71zFHfix0jct9w +j3o/kj7Egsnm9nc13354bYT6bbalqXiRWwGH1eAFpjueNWiVFwZS6NZUP3WeNDiY +BlPo1LodvolbXiJcTILTCyEkERJPCK2zoE2nTdVfvTLWsuehw1M6Yd2/q74TVYy/ +RY+KjHkrChEBQ9PqXsXRHj6opKbT8JLfZkvU5k+3IiqqxOpB+QXFI/whj493CxWW +so7QAmzOCyJq8GDVPxzkwUac22YIkXdiOmb8i/HWq+kLY/HjQE259Gx6KwARAQAB +tClaZXJvVGllciBTZWN1cml0eSA8c2VjdXJpdHlAemVyb3RpZXIuY29tPokCTAQT +AQoANhYhBH1HQGb+4jzl6mnFqf09m6uqADkABQJkBjlSAhsDBAsJCAcEFQoJCAUW +AgMBAAIeAQIXgAAKCRD9PZurqgA5ACqPD/sFt6SG6Tu0HwTY2ofJtYsa2GBLL0pf +dYlX4cWSs1PVB5+m5Oj18y+GB2umA9GnsVtmvaSfp3XEngt2zNWX27uUsVfL35b2 +/5TVVe8RjzOedqMN+lQWMvO+f/C1zmWYXjjpC+iGjgMMaRRrofkkn+7uL4N9y6gY +rcXtpACT1rYFC+i1AKnZfUO8Vr5ji7odq0f7bDkN/N38rB0kRRwEmO8wqdpQK6gK +nxf9vgJl5ggimDk5Xtz1sfd3y28bf5N4hdOCkXUbd10nUFY3wDNTM4VxozxTGJeG +imdcc19Wuw/1fGUZ5SIjgPanCdPLGYwSTr+M6Fuern9uTtlC1GOby3BUtmVGP6EU +1pSAJSRpmoBPHKKOYtSMwV8PCboXru9P1ab8y8STKM3SKyghUJrl17gdc0LaksZa +E54pJudGPIQMFRqZjMdV6jgMuaLTozjZ4mW8EThf4mkX4xDkO8l7cOn0225ZYJZC +lZKpdnwzk9owkJA80u4KBNJxTtB4ZAPzjBsD5hFzCZQTLNQp/psU3EjZsau28eXT +E/C1QjEQHgy4ohkgQlCm1H1+clKssCWcdmsVGXuS1u8gh4K6X9b0Z6LeCGRaQvH2 ++DB8oTAdqp9nUZv9rP4pbo+sR4fF67CFLriVuxjedAiFkbM4uHMFcL4tc/X9+DRo +YN5X7oEkZvO507kCDQRkBjlSARAAz58UMF7K1qKyQjzKTcutaYZ5SaIGky9lCLZn +/2vjpFCoBogkxS/6IKQcwZk8b4S9QstaaQZDFEkxqNeKC0GiFTAMAb6SmYcK495h +EZnHl0NA5Nc2dBlZk5E/ENzTCz2bXaxCcVESc2z+xCzu07brbhGrqvliKiwOUzt9 +JzqEsar6I95OutBcZvkFCs44/Uf9bS1qf1w4klE8w3vdMtGH23umrET4tFZ+sh6o +ZFtQx0u2eKjsRdn/RMtsxLNaJlcE1DdIAqBpQrcmuwMC8v5wUGfCGZjhClzmyQlq +akUkayir7UtbHbFT/mgO+YI77YGXWk5QrwPscqqT2l8KB/YMujNDmaWa/0KV1lIY +zr5s4dzVeiwqFLR9ANFIhzFwzf3JLi6XSx123Qix0TxZoYPZCHl7yoi9qi6qybz5 +0Od2LSz3jbApeKYymZ+zjE+YV5y9DI6Wzy1j2M1FogNvTO9fMk+6dLt4HhTdSNvH +cKya462YCcy+tnZTkhmh+FTebbJlV6D4wG7skE5KCdBhjm53xLwp6XW9L6n2CrkL +W1IDBcCz0oPd1sMkXbO3wnxdXprV2XurCfsg/R2nszSNzvdJ8/xj3cr9hpoJ714R +qqyoEDRZ1Ss9kGL166o5MpN5qb/EewdkqGgWP7YFXbhsdHQiW7Z7dAqzjoaybD4O +nakkwyUAEQEAAYkCNgQYAQoAIBYhBH1HQGb+4jzl6mnFqf09m6uqADkABQJkBjlS +AhsMAAoJEP09m6uqADkAax0P/Rh8EZYRqW6dPYTl1YQusAK10rAcRNq3ekjofXGk +oXK1S7HWGoFgl5++5nfSfNgFJ5VLcgIM56wtIf49zFjWe5oC6fw8k+ghh4d2chMP +hdDILx6e0c30Iq1+EvovGR9hWa0wJ4cKTdzlwhY9ZC09q0ia+bl2mwpie1JQDR0c +zXCjt+PldLeeK9z1/XT0Q7KowYC+U18oR+KFm+EaRV4QT85JVequnIeGkmaHJrHB +lH4T5A5ib7y8edon1c0Zx3GsaxJUojkEJ0SX7ffVDu6ztUZfkHfCVpMW4VzUeGA/ +m+CtFO9ciLRGZEkRa+zhIGoBvwEXU0GiwiF4nZ0F2C8UioeW0YIEV9zl3nXJctYE +ZKc2whSENQRTGgaYHVoVZhznt71LKWgFLshwBo81UCXVkzwAjMW1ActDnmPw5M7q +xR5Qp5G49Z1GmfSozazha0HVFPKNV5i3RlTzs4yLUnZyH0yC9IvtOefMHcLjG96L +N5miEV97gvJJjrn8rhRvpUwAWgmT/9IuYjBNQTtNN40arto5HxezR76WCjdKYxdL +p3dM1iiBDShHNm7LdyZlLFhTOMU0tNBxJJ7B09ar5gakeZjD+2aB1ODX9VuFtozL +onBjI2gIkry0UIkuznHfFw05lZAZAiqHEVgVi/WTk4C/bklDZNgE0lx+IWzEz2iS +L455 +=lheL +-----END PGP PUBLIC KEY BLOCK----- +``` diff --git a/java/jni/ZT_jnicache.cpp b/java/jni/ZT_jnicache.cpp index c721a9ee1..68cacbd78 100644 --- a/java/jni/ZT_jnicache.cpp +++ b/java/jni/ZT_jnicache.cpp @@ -176,7 +176,15 @@ void setupJNICache(JavaVM *vm) { EXCEPTIONANDNULLCHECK(Peer_ctor = env->GetMethodID(Peer_class, "", "(JIIIILcom/zerotier/sdk/PeerRole;[Lcom/zerotier/sdk/PeerPhysicalPath;)V")); EXCEPTIONANDNULLCHECK(Version_ctor = env->GetMethodID(Version_class, "", "(III)V")); EXCEPTIONANDNULLCHECK(VirtualNetworkConfigListener_onNetworkConfigurationUpdated_method = env->GetMethodID(VirtualNetworkConfigListener_class, "onNetworkConfigurationUpdated", "(JLcom/zerotier/sdk/VirtualNetworkConfigOperation;Lcom/zerotier/sdk/VirtualNetworkConfig;)I")); - EXCEPTIONANDNULLCHECK(VirtualNetworkConfig_ctor = env->GetMethodID(VirtualNetworkConfig_class, "", "(JJLjava/lang/String;Lcom/zerotier/sdk/VirtualNetworkStatus;Lcom/zerotier/sdk/VirtualNetworkType;IZZZIJ[Ljava/net/InetSocketAddress;[Lcom/zerotier/sdk/VirtualNetworkRoute;Lcom/zerotier/sdk/VirtualNetworkDNS;)V")); + + + // + // ANDROID-56: temporarily remove parameters to prevent crashing + // +// EXCEPTIONANDNULLCHECK(VirtualNetworkConfig_ctor = env->GetMethodID(VirtualNetworkConfig_class, "", "(JJLjava/lang/String;Lcom/zerotier/sdk/VirtualNetworkStatus;Lcom/zerotier/sdk/VirtualNetworkType;IZZZIJ[Ljava/net/InetSocketAddress;[Lcom/zerotier/sdk/VirtualNetworkRoute;Lcom/zerotier/sdk/VirtualNetworkDNS;)V")); + EXCEPTIONANDNULLCHECK(VirtualNetworkConfig_ctor = env->GetMethodID(VirtualNetworkConfig_class, "", "(JJLjava/lang/String;Lcom/zerotier/sdk/VirtualNetworkStatus;Lcom/zerotier/sdk/VirtualNetworkType;IZZZ[Ljava/net/InetSocketAddress;[Lcom/zerotier/sdk/VirtualNetworkRoute;Lcom/zerotier/sdk/VirtualNetworkDNS;)V")); + + EXCEPTIONANDNULLCHECK(VirtualNetworkDNS_ctor = env->GetMethodID(VirtualNetworkDNS_class, "", "(Ljava/lang/String;Ljava/util/ArrayList;)V")); EXCEPTIONANDNULLCHECK(VirtualNetworkFrameListener_onVirtualNetworkFrame_method = env->GetMethodID(VirtualNetworkFrameListener_class, "onVirtualNetworkFrame", "(JJJJJ[B)V")); EXCEPTIONANDNULLCHECK(VirtualNetworkRoute_ctor = env->GetMethodID(VirtualNetworkRoute_class, "", "(Ljava/net/InetSocketAddress;Ljava/net/InetSocketAddress;II)V")); diff --git a/java/jni/ZT_jniutils.cpp b/java/jni/ZT_jniutils.cpp index 053c5adb0..17e6a9b3e 100644 --- a/java/jni/ZT_jniutils.cpp +++ b/java/jni/ZT_jniutils.cpp @@ -307,8 +307,11 @@ jobject newNetworkConfig(JNIEnv *env, const ZT_VirtualNetworkConfig &vnetConfig) vnetConfig.dhcp, vnetConfig.bridge, vnetConfig.broadcastEnabled, - vnetConfig.portError, - vnetConfig.netconfRevision, + // + // ANDROID-56: temporarily remove parameters to prevent crashing + // +// vnetConfig.portError, +// vnetConfig.netconfRevision, assignedAddrArrayObj, routesArrayObj, dnsObj); diff --git a/java/src/com/zerotier/sdk/VirtualNetworkConfig.java b/java/src/com/zerotier/sdk/VirtualNetworkConfig.java index bcf64854a..fea354d07 100644 --- a/java/src/com/zerotier/sdk/VirtualNetworkConfig.java +++ b/java/src/com/zerotier/sdk/VirtualNetworkConfig.java @@ -66,9 +66,12 @@ public class VirtualNetworkConfig implements Comparable { private final boolean broadcastEnabled; - private final int portError; - - private final long netconfRevision; + // + // ANDROID-56: temporarily remove parameters to prevent crashing + // +// private final int portError; +// +// private final long netconfRevision; private final InetSocketAddress[] assignedAddresses; @@ -76,7 +79,7 @@ public class VirtualNetworkConfig implements Comparable { private final VirtualNetworkDNS dns; - public VirtualNetworkConfig(long nwid, long mac, String name, VirtualNetworkStatus status, VirtualNetworkType type, int mtu, boolean dhcp, boolean bridge, boolean broadcastEnabled, int portError, long netconfRevision, InetSocketAddress[] assignedAddresses, VirtualNetworkRoute[] routes, VirtualNetworkDNS dns) { + public VirtualNetworkConfig(long nwid, long mac, String name, VirtualNetworkStatus status, VirtualNetworkType type, int mtu, boolean dhcp, boolean bridge, boolean broadcastEnabled, InetSocketAddress[] assignedAddresses, VirtualNetworkRoute[] routes, VirtualNetworkDNS dns) { this.nwid = nwid; this.mac = mac; this.name = name; @@ -89,11 +92,11 @@ public class VirtualNetworkConfig implements Comparable { this.dhcp = dhcp; this.bridge = bridge; this.broadcastEnabled = broadcastEnabled; - this.portError = portError; - if (netconfRevision < 0) { - throw new RuntimeException("netconfRevision < 0: " + netconfRevision); - } - this.netconfRevision = netconfRevision; +// this.portError = portError; +// if (netconfRevision < 0) { +// throw new RuntimeException("netconfRevision < 0: " + netconfRevision); +// } +// this.netconfRevision = netconfRevision; this.assignedAddresses = assignedAddresses; this.routes = routes; this.dns = dns; @@ -101,7 +104,7 @@ public class VirtualNetworkConfig implements Comparable { @Override public String toString() { - return "VirtualNetworkConfig(" + StringUtils.networkIdToString(nwid) + ", " + StringUtils.macAddressToString(mac) + ", " + name + ", " + status + ", " + type + ", " + mtu + ", " + dhcp + ", " + bridge + ", " + broadcastEnabled + ", " + portError + ", " + netconfRevision + ", " + Arrays.toString(assignedAddresses) + ", " + Arrays.toString(routes) + ", " + dns + ")"; + return "VirtualNetworkConfig(" + StringUtils.networkIdToString(nwid) + ", " + StringUtils.macAddressToString(mac) + ", " + name + ", " + status + ", " + type + ", " + mtu + ", " + dhcp + ", " + bridge + ", " + broadcastEnabled + ", " + Arrays.toString(assignedAddresses) + ", " + Arrays.toString(routes) + ", " + dns + ")"; } @Override @@ -168,17 +171,17 @@ public class VirtualNetworkConfig implements Comparable { return false; } - if (this.portError != cfg.portError) { - Log.i(TAG, "Port Error Changed. Old: " + this.portError + ", New: " + cfg.portError); - - return false; - } - - if (this.netconfRevision != cfg.netconfRevision) { - Log.i(TAG, "NetConfRevision Changed. Old: " + this.netconfRevision + ", New: " + cfg.netconfRevision); - - return false; - } +// if (this.portError != cfg.portError) { +// Log.i(TAG, "Port Error Changed. Old: " + this.portError + ", New: " + cfg.portError); +// +// return false; +// } +// +// if (this.netconfRevision != cfg.netconfRevision) { +// Log.i(TAG, "NetConfRevision Changed. Old: " + this.netconfRevision + ", New: " + cfg.netconfRevision); +// +// return false; +// } if (!Arrays.equals(assignedAddresses, cfg.assignedAddresses)) { @@ -277,8 +280,8 @@ public class VirtualNetworkConfig implements Comparable { result = 37 * result + (dhcp ? 1 : 0); result = 37 * result + (bridge ? 1 : 0); result = 37 * result + (broadcastEnabled ? 1 : 0); - result = 37 * result + portError; - result = 37 * result + (int) (netconfRevision ^ (netconfRevision >>> 32)); +// result = 37 * result + portError; +// result = 37 * result + (int) (netconfRevision ^ (netconfRevision >>> 32)); result = 37 * result + Arrays.hashCode(assignedAddresses); result = 37 * result + Arrays.hashCode(routes); result = 37 * result + (dns == null ? 0 : dns.hashCode()); @@ -359,18 +362,18 @@ public class VirtualNetworkConfig implements Comparable { /** * If the network is in PORT_ERROR state, this is the error most recently returned by the port config callback */ - public int getPortError() { - return portError; - } +// public int getPortError() { +// return portError; +// } /** * Network config revision as reported by netconf master * *

If this is zero, it means we're still waiting for our netconf.

*/ - public long getNetconfRevision() { - return netconfRevision; - } +// public long getNetconfRevision() { +// return netconfRevision; +// } /** * ZeroTier-assigned addresses (in {@link InetSocketAddress} objects) diff --git a/make-linux.mk b/make-linux.mk index e188d3e60..5d1155c9e 100644 --- a/make-linux.mk +++ b/make-linux.mk @@ -146,6 +146,9 @@ endif ifeq ($(CC_MACH),e2k) ZT_ARCHITECTURE=2 endif +ifeq ($(CC_MACH),e2k64) + ZT_ARCHITECTURE=2 +endif ifeq ($(CC_MACH),i386) ZT_ARCHITECTURE=1 ZT_SSO_SUPPORTED=1