This splits sign parsing out of parse_time_interval_uint() so that the
negative sign is applied outside of the unsigned context where the
number parsing is done, and after all the checks that it's lower than
(1 << 31)
This fixes issues with settings like `server_reconnect_time`,
`server_connect_timeout` and `lag_max_before_disconnect`, which accepted
-1 as a valid value.
Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan.
After a lot of analysis I'm 99% sure this isn't security relevant so
it's fine to handle this publicly.
The fix is mainly adding a function that does it right and use it
everywhere. This is harder than it seems because the strtol() family of
functions doesn't have the friendliest of interfaces.
Aside from get_ansi_color(), there were other pieces of code that used
the same (out*10+(*in-'0')) pattern, like the parse_size() and
parse_time_interval() functions, which are mostly used for settings.
Those are interesting cases, since they multiply the parsed number
(resulting in more overflows) and they write to a signed integer
parameter (which can accidentally make the uints negative without UB)
Thanks to Pascal Cuoq for enlightening me about the undefined behavior
of parse_size (and, in particular, the implementation-defined behavior
of one of the WIP versions of this commit, where something like signed
integer overflow happened, but it was legal). Also for writing
tis-interpreter, which is better than ubsan to verify these things.
Original patch by 'Slarky'
According to that ticket, the next major version of solaris won't need
this. Consider reverting this when solaris 11.3 stops being relevant.
It was made redundant by the introduction of the pointer to the GRegex
structure.
Silence the compiler warning in textbuffer.c about preg being
initialized by setting it to NULL.
This patch moves the emitted "tls handshake finished" signal to before
we do validation of the given TLS certificate. This ensures that we
display certificate information before we possibly error out and
disconnects from the server.
This patch removes support for DANE validation of TLS certificates.
There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.
It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:
$ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
openssl x509 > freenode.cert
This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.
-tls_pinned_cert
----------------
This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.
The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -fingerprint -sha256 -noout
-tls_pinned_pubkey
------------------
This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.
When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.
The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:
$ openssl x509 -in freenode.cert -pubkey -noout | \
openssl pkey -pubin -outform der | \
openssl dgst -sha256 -c | \
tr a-z A-Z
It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
This patch adds the TLS_REC structure. This structure is used to emit
information about the TLS handshake from the core of irssi to the
front-end layers such that we can display connection information to the
user.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
This patch removes the optional checks for whether to build irssi with
TLS support or not. This will allow us to ship a default configuration
file where we connect to TLS enabled IRC servers out of the box.
That error code means "check errno". A few users got it and we never
figured out what happened - it usually fixed itself after restarting
something - so hopefully with this we'll have more information the next
time.
This way net_gethostbyaddr will fail when the system is unable to
resolve the address to a valid host name.
Without this flag in case of failure the function would return the ip
address instead of failing.
Have a ignore_find_full method that is the one that all the new code
should be using and provide some working stubs for ignore_find and
ignore_find_noact.
This way we prevent the creation of duplicate ignores since the old code
skipped the ignore_find call when a pattern was specified.
It should also cover all the cases where the ignores would be wrongly
overwritten, such as the case outlined in #78.
Issue #340 brought to our attention the fact that under certain
circumstances irssi would go on a wild rampage and carelessly overwrite
some saved channel records in the configuration file.
This happened because the code didn't take into account the case where
the channel index in setupchannels wouldn't match the one in the
configuration; this actually happens when the user removes a chatnet
without removing the associated channels.
The symptom for this one is randomly getting lines split before the last
word, even if there's no need for splitting. Also, this function is only
reached if recode is on, and iconv failed (for example, due to an
incorrect source charset). Thanks to vague for finding this and
providing valgrind logs.
The loop that looks for spaces tried to read backwards from the end of
the current line, with the end being determined by len. Assuming
strsplit_len() with len=400, this meant accessing str[399] in the first
iteration. For strings that don't need splitting, this means an invalid
read always.
If that invalid read happens to hit garbage that has a space character,
(len - offset) points after the end of string, which isn't a problem for
g_strndup() since it stops at the first null, and no splitting happens.
If the garbage doesn't have any spaces, it splits by the last word.
This commit avoids that loop entirely if (remaining_len > len). It also
changes the way it iterates over the string to be much less confusing.
Turns out it was fixing the wrong string, and trying to do
atoi("RECON-1") instead of atoi("1").
"/reconnect 1" worked, but "/reconnect RECON-1" gave that confusing
error message.
Given a big enough write_buffer_size and a long enough
write_buffer_timeout it might be possible to show the user an incomplete
or empty awaylog.
Patch by: Petteri Aimonen
The only supported methods are PLAIN and EXTERNAL, the latter is untested as of
now.
The code gets the values from the keys named sasl_{mechanism,username,password}
specified for each chatnet.
this adds the CONFIG_REC * to the config_node_section and
config_node_section_index APIs as they will require access to the config
cache later on to make the config parser more robust.
Try to split long lines on spaces to avoid words being splitted. This
can be turned off with the option `split_line_on_space'. The code
assumes that the terminal encoding has ASCII spaces.
With many ignores (a few thousand) /reload could take so long that connections
were dropped. The problem is that nickmatch_rebuild() was being called for
every ignore. The easy solution is to only call it once at the end.
This commit adds handling of long IRC messages to the core. In contrast
to the `splitlong.pl' plugin, multi-byte encoded and recoded messages
are properly split.
To allow for this, a new function has been added to the server struct:
`split_message'. `split_message' returns a string array with the message
splitted to substrings of a length that the server can handle. If a
protocol module doesn't have any limit, it can simply return a singleton
array with a copy of the message.
The `MSG' chat command now calls `split_message' before `send_message',
and emits `message own_public' / `message own_private' with each
substring, so that the string splitting will be visible in the UI.
`split_message' in the IRC module uses `recode_split' which in turn uses
iconv to properly split multi-byte encoded (and recoded) messages.
This is technically wrong as it then gets used as an IPv4 sockaddr, but it only
needs to be some 0s so this is easier than changing the IPADDR data structure or
adding a new API.
This results in a more flexible system and is less surprising as it means levels
can be used in the way they normally can in an ignore.
As an example the current approach to NO_ACT provides no way to let HILIGHTS
be shown, with this change /set activity_hide_targets can be recreated with:
/ignore #channel NO_ACT
/ignore #channel -except -regexp -pattern . NO_ACT HILIGHTS
(but obviously this can be configured in many more ways if desired).
If the first g_module_symbol call failed, module_deinit was set
to value2, which is uninitialized. Move the assignment after
checking variable found to silence the warning.
This patch adds 3 new signals:
* tlsa avalable: emitted if TLSA is available for a given domain.
* tlsa verification success: emitted if the TLSA check was successful.
* tlsa verification failed: emitted if the TLSA check was unsuccessful.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5220 dbcabf3a-b0e7-0310-adc4-f8d773084564
This patch refactors how we are passing connection information for SSL
connections. This will allow us to emit signals with a SERVER_REC as
parameter during SSL handshake.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5219 dbcabf3a-b0e7-0310-adc4-f8d773084564
This patch adds experimental support for the DNSSEC DANE verification
protocol using the libval library from the DNSSEC-Tools package.
Thanks to Thomas Steen Ramussen for creating a test setup and suggesting
the idea of experimenting with DANE support in Irssi :-)
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5218 dbcabf3a-b0e7-0310-adc4-f8d773084564
connections to TLSv1.1 servers from working. Patch by pi-rho.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5216 dbcabf3a-b0e7-0310-adc4-f8d773084564
Passing this option will force Irssi to not execute the content of the
autosendcmd chatnet-setting upon connect.
Fixes: #738
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5209 dbcabf3a-b0e7-0310-adc4-f8d773084564
This code is used, for example, when /set expand_escapes on.
I can't reproduce crashes but I can reproduce garbage if I type a\1.
bug #775
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5195 dbcabf3a-b0e7-0310-adc4-f8d773084564
This allows useful use of -ssl_verify without
-ssl_cafile/-ssl_capath, using OpenSSL's default trusted CAs.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5107 dbcabf3a-b0e7-0310-adc4-f8d773084564
This fixes disconnects when sending large amounts of data
to the server.
Note that it assumes that write retries will retry the same
data; a reasonable assumption, but it is not necessary for
any normal write().
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5095 dbcabf3a-b0e7-0310-adc4-f8d773084564
This makes /set server_reconnect_time = 10min fail
instead of setting the time to 0.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5057 dbcabf3a-b0e7-0310-adc4-f8d773084564
These seem to change once a second at most, typically.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5025 dbcabf3a-b0e7-0310-adc4-f8d773084564
patch by exg
bug #644, thanks for the useful bug report
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5023 dbcabf3a-b0e7-0310-adc4-f8d773084564
Use g_string_printf() instead of g_string_sprintf() (which is considered deprecated.)
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5004 dbcabf3a-b0e7-0310-adc4-f8d773084564
Use g_string_append_printf() instead of g_string_sprintfa() (which is considered deprecated.)
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5003 dbcabf3a-b0e7-0310-adc4-f8d773084564
Display more detailed error messages about SSL and
fix assertion failure warnings on some SSL errors.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@4933 dbcabf3a-b0e7-0310-adc4-f8d773084564
Original patch by JasonX, somewhat changed by exg and me.
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@4922 dbcabf3a-b0e7-0310-adc4-f8d773084564