1
0
mirror of https://github.com/irssi/irssi.git synced 2024-11-03 04:27:19 -05:00
Commit Graph

5124 Commits

Author SHA1 Message Date
Nei
124bcd4804 Merge branch '4-use-after-free-when-receiving-numeric-432-invalid-nick' into 'security'
avoid server_disconnect

See merge request !4
2017-01-02 17:01:29 +00:00
Nei
c3cca5ecf3 Merge branch '1-null-pointer-dereference-in-irc_nickcmp_rfc1459' into 'security'
bail out if nick is NULL

See merge request !3
2017-01-02 17:01:05 +00:00
Nei
24d2d039b5 Merge branch '3-out-of-bounds-read-with-invalid-utf8-in-term_addstr' into 'security'
Fix oob read on invalid utf8 in term_addstr

See merge request !2
2017-01-02 17:00:44 +00:00
Nei
7daa7a6aa9 Merge branch '2-out-of-bounds-read-of-one-byte-with-x1b-48-in-truecolor-builds' into 'security'
check for end of string in ansi 48

See merge request !1
2017-01-02 17:00:15 +00:00
Joseph Bisch
8007e9e61d
Fix oob read on invalid utf8 in term_addstr 2016-12-19 15:52:05 -05:00
ailin-nemui
508d2e0860 bail out if nick is NULL in irc_query_find
Closes #1
2016-12-19 21:41:47 +01:00
ailin-nemui
77aab79057 avoid server_disconnect
Closes #4
2016-12-19 21:16:37 +01:00
LemonBoy
1c6695107c Merge pull request #588 from ailin-nemui/mirc_99
reset background for mirc colour 99
2016-12-15 19:57:57 +01:00
ailin-nemui
7b856d628b check for end of string in ansi 48 2016-12-15 18:01:26 +01:00
ailin-nemui
17e42649bb reset background for mirc colour 99
fix #571
2016-12-15 17:06:40 +01:00
ailin-nemui
618c8bd10e Merge pull request #581 from LemonBoy/set-contract
Enforce the is_node_list contract in lib-config setters.
2016-12-08 12:29:52 +01:00
ailin-nemui
964f423fed Merge pull request #570 from josephbisch/fix-issue-563
enforce check that chatnets are nodelists to handle invalid config
2016-12-08 12:11:59 +01:00
LemonBoy
7fb84b5b7d Enforce the is_node_list contract in lib-config setters.
An assertion failure is better than a segfault.
2016-11-29 23:08:45 +01:00
LemonBoy
955cf622a5 Merge pull request #579 from mmuman/haiku-libnetwork
Check for socket() in libnetwork for Haiku
2016-11-29 22:26:45 +01:00
LemonBoy
5efb3077d5 Merge pull request #565 from ahf/bug/524
Kill bell_beeps.
2016-11-29 22:13:53 +01:00
François Revol
0d7b3877e4 Check for socket() in libnetwork for Haiku 2016-11-27 18:05:48 +01:00
LemonBoy
22ce6637c7 Merge pull request #577 from LemonBoy/flagz
Minor corrections to the netsplit code.
2016-11-25 21:52:42 +01:00
LemonBoy
1c0f048d2c Merge pull request #578 from ailin-nemui/dcc_buffer
add a static buffer for dcc received data
2016-11-25 21:52:30 +01:00
LemonBoy
5f0e755a00 Don't shadow the 'channel' variable when printing the netjoins.
This is the root cause of #567
2016-11-23 22:22:37 +01:00
ailin-nemui
dcffa98d46 add a static buffer for dcc received data
increased buffersize might make irssi freeze less / #159
2016-11-23 17:02:29 +01:00
LemonBoy
7574bed26c Minor corrections to the netsplit code. 2016-11-23 16:11:38 +01:00
ailin-nemui
1aff5c2c97 Merge pull request #574 from lotheac/master
add completion_empty_line setting
2016-11-11 12:18:35 +01:00
Lauri Tirkkonen
4cbf279d88 add completion_empty_line setting 2016-11-08 16:27:38 +02:00
ailin-nemui
c1a28770fb Merge pull request #573 from ailin-nemui/master
add missing inheritance to Exec item from 3532fc46
2016-11-02 13:24:21 +01:00
ailin-nemui
43934ae9ad add missing inheritance to Exec item from 3532fc46 2016-11-01 17:08:28 +01:00
ailin-nemui
1652c8a561 Merge pull request #557 from irssi/ahf/tls-pr
TLS enhancements
2016-10-31 15:15:45 +01:00
Joseph Bisch
c98f5f23ea
enforce check that chatnets are nodelists to handle invalid config 2016-10-27 11:18:37 -04:00
Alexander Færøy
6a6196eebe
Kill bell_beeps.
Fixes #524
2016-10-23 21:24:12 +02:00
Alexander Færøy
bc4e2c9ade
Shorten the certificate chain output. 2016-10-23 02:51:08 +02:00
Alexander Færøy
322625b548
Only do checks for SSL_get_server_tmp_key in network-openssl.c. 2016-10-22 22:04:33 +02:00
Alexander Færøy
0a6e66f8b7
Kill do { ... } while (0); and replace it with goto's. 2016-10-22 22:04:33 +02:00
Alexander Færøy
d501a54f4f
Emit the TLS handshake finished signal before we do verification.
This patch moves the emitted "tls handshake finished" signal to before
we do validation of the given TLS certificate. This ensures that we
display certificate information before we possibly error out and
disconnects from the server.
2016-10-22 22:04:33 +02:00
Alexander Færøy
5a04430998
Kill support for DANE.
This patch removes support for DANE validation of TLS certificates.

There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
2016-10-22 22:04:33 +02:00
Alexander Færøy
f533baa191
Lift EC_KEY declaration onto the entry of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
25824e2d3f
Lift ASN1_STRING declaration onto the entry of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
4e170c5233
Declare variables in the beginning of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
53d772e48b
Make sure we clean-up after ourself upon failure. 2016-10-22 22:04:31 +02:00
Alexander Færøy
5146ce9631
Add x509 certificate and public key pinning support.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.

It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:

    $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
      openssl x509 > freenode.cert

This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.

-tls_pinned_cert
----------------

This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.

The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:

    $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout

-tls_pinned_pubkey
------------------

This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.

When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.

The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:

    $ openssl x509 -in freenode.cert -pubkey -noout | \
      openssl pkey -pubin -outform der | \
      openssl dgst -sha256 -c | \
      tr a-z A-Z

It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
2016-10-22 22:01:50 +02:00
Alexander Færøy
c6c2e79537
Display TLS connection information when connected to a TLS enabled server. 2016-10-22 21:58:50 +02:00
Alexander Færøy
1d101afe0d
s/SSL/TLS/ for warning strings. 2016-10-22 21:58:49 +02:00
Alexander Færøy
13f75d49e0
Simplify TLS verification error handling. 2016-10-22 21:58:49 +02:00
Alexander Færøy
b630fd1703
Populate and emit TLS_REC after TLS handshake have completed. 2016-10-22 21:58:49 +02:00
Alexander Færøy
99d017720d
Add TLS_REC.
This patch adds the TLS_REC structure. This structure is used to emit
information about the TLS handshake from the core of irssi to the
front-end layers such that we can display connection information to the
user.
2016-10-22 20:37:33 +02:00
Alexander Færøy
6a286a4eb2
Use TLS by default for Freenode, IRC6, OFTC, EsperNet, EFnet, and Rizon. 2016-10-22 20:37:12 +02:00
Alexander Færøy
2be7289085
Rename SSL to TLS.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
2016-10-22 20:36:50 +02:00
Alexander Færøy
da67d3e8e6
Add function to convert a buffer to a colon-delimited hex string.
This patch adds binary_to_hex(), which can take an input buffer and
convert it to colon-delimited hex strings suitable for printing for
fingerprints.
2016-10-22 20:36:50 +02:00
Alexander Færøy
6300dfec71
Always build irssi with TLS support.
This patch removes the optional checks for whether to build irssi with
TLS support or not. This will allow us to ship a default configuration
file where we connect to TLS enabled IRC servers out of the box.
2016-10-16 14:55:48 +02:00
ailin-nemui
fb78787d4e Merge pull request #556 from koollman/master
update INSTALL requirement: terminfo or ncurses for text frontend
2016-10-12 09:48:09 +02:00
ailin-nemui
61590f31df Merge pull request #465 from LemonBoy/netsplit-print
Some small adjustments to the netsplit code.
2016-10-11 16:12:35 +02:00
ailin-nemui
0fce47a5ad Merge pull request #555 from LemonBoy/attr-signedness
Make the cap_complete field unsigned.
2016-10-07 12:56:12 +02:00