1
0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00
Commit Graph

5425 Commits

Author SHA1 Message Date
Nei
5e26325317 Merge branch 'security' into 'master'
Security

Closes #10

See merge request !17
2017-07-05 14:47:30 +00:00
Nei
f67e766934 Merge branch 'fix-11' into 'security'
Correct GHashTable usage

See merge request !16
2017-07-05 14:46:42 +00:00
Nei
fc3615120d Merge branch 'fix-10' into 'security'
Check return value of localtime

See merge request !15
2017-07-05 14:46:24 +00:00
ailin-nemui
5d7e54cd99 More accurately describe clear 2017-07-05 14:30:11 +02:00
ailin-nemui
73b851c39c correct GHashTable usage 2017-07-04 16:11:45 +02:00
ailin-nemui
1656dc1e54 Merge pull request #653 from ailin-nemui/regexex
Enable UTF8 in GRegex
2017-07-03 09:53:09 +02:00
Nei
29ebac987d Check return value of localtime
Fixes #10
2017-06-29 13:48:44 +00:00
ailin-nemui
2b209348bd Merge pull request #722 from dequis/back-to-the-future
parse_time_interval: Allow negative time in settings
2017-06-23 18:00:51 +02:00
ailin-nemui
28d82c8f63 Merge pull request #709 from osm/master
Escape nicks during nick completion when expand_escapes is enabled
2017-06-23 18:00:04 +02:00
ailin-nemui
9d32636ebe Merge pull request #703 from vague666/server_modify_port
Allow -port <num> or irc.host.tld <num> in /server add
2017-06-23 17:59:02 +02:00
ailin-nemui
c56919768e Merge pull request #721 from dequis/unexpected-exits
term-terminfo: Avoid switching out of alt screen on unexpected exits
2017-06-23 17:58:40 +02:00
ailin-nemui
1ff2f61f09 Merge pull request #723 from ailin-nemui/odd_expand_escapes
fix weird n-fold unescaping in expand_escapes
2017-06-23 17:58:08 +02:00
ailin-nemui
b483ec5faa test trusty container 2017-06-23 12:15:25 +02:00
ailin-nemui
bbf8b86074 remove const 2017-06-22 09:33:33 +02:00
Oscar Linderholm
12d671a056 Escape nicks during nick completion when expand_escapes is enabled
Fixes #693
2017-06-21 10:40:47 +02:00
ailin-nemui
02a5d1a00b fix weird n-fold unescaping 2017-06-19 14:09:02 +02:00
ailin-nemui
1fc170ee11 Merge branch 'master' into regexex 2017-06-19 11:06:24 +02:00
dequis
7354a74c65 parse_time_interval: Allow negative time in settings
This splits sign parsing out of parse_time_interval_uint() so that the
negative sign is applied outside of the unsigned context where the
number parsing is done, and after all the checks that it's lower than
(1 << 31)

This fixes issues with settings like `server_reconnect_time`,
`server_connect_timeout` and `lag_max_before_disconnect`, which accepted
-1 as a valid value.
2017-06-17 15:34:36 -03:00
dequis
4b1c60b2ec term-terminfo: Avoid switching out of alt screen on unexpected exits
Perl sucks and kills the whole process when there's a version mismatch
in Perl_xs_handshake(). Our atexit handler catches the exit and
deinitializes the terminal, removing the error.

This commit uses the 'quitting' global variable which is set when irssi
is voluntarily quitting, and avoids sending TI_rmcup, which restores the
original screen and makes the error invisible.
2017-06-17 13:47:13 -03:00
ailin-nemui
9d3cfe1069 Merge pull request #712 from irssi/extend-list-help
Update list.in
2017-06-07 00:20:11 +02:00
ailin-nemui
3246001fb4 Merge pull request #715 from dequis/lastlog-glist-performance
Performance improvements for /lastlog
2017-06-07 00:15:45 +02:00
ailin-nemui
5e9a3ad80c Merge pull request #714 from dequis/dcc-fname-gcc-warnings
fe-dcc-(get|send): Fix some -Wpointer-compare with newer gcc
2017-06-07 00:15:05 +02:00
Ailin Nemui
fc67fd5111 Merge tag '1.0.3' 2017-06-06 21:11:44 +02:00
dequis
e498265328 Performance improvements for /lastlog -before
This avoids the use of g_list_find() to find if a match was already
added to the list of results, by checking the last two added matches
instead.

Checking just the last match isn't enough because a NULL match is added
as a separator (shown as -- in the UI)
2017-06-05 18:11:47 -03:00
dequis
0e44ea8916 Performance improvements for /lastlog with big result sets
This applies to "/lastlog" with no filters (or with filters that don't
filter a lot) and with large amounts of text in the scrollback.

Test case:

    /exec seq 1 500000
    /lastlog -file log.txt

Thanks to morning for reporting this.
2017-06-05 18:10:27 -03:00
dequis
52bb06ccd9 fe-dcc-(get|send): Fix some -Wpointer-compare with newer gcc
The warning itself:

>warning: comparison between pointer and zero character constant [-Wpointer-compare]

Harmless stuff as far as I can tell.

The fix adds a null check that probably isn't needed. The old code that
compared against '\0' worked a lot like a null check so it makes sense
to keep that, while also adding the intended check for empty string.

This was visible with "/dcc close send a" showing an empty filename.
The equivalent for get didn't show the filename in the format string.
2017-06-05 15:58:43 -03:00
Ailin Nemui
fb08fc7f1a Merge remote-tracking branch 'gitlab/security' 2017-06-05 15:12:16 +02:00
ailin-nemui
4edfccfce7 get rid of new_text 2017-06-05 13:46:43 +02:00
ailin-nemui
48899a123d Update iregex-gregex.c
add 2 comments about new_string
2017-06-05 10:23:16 +02:00
ailin-nemui
00354c3651 Update iregex-gregex.c
make helper functions static
2017-06-05 10:10:38 +02:00
Jari Matilainen
f28c64a3dc Make backward compatible with ssl flags 2017-06-04 19:47:30 +02:00
ailin-nemui
78a390f479 abi up 2017-06-04 19:03:40 +02:00
Jari Matilainen
e84adeca15 change ternary operator to if/else statements, add default ssl port support 2017-06-04 17:41:38 +02:00
ailin-nemui
79bbca4644 Refactor regex and implement UTF8 mode for GRegex
- with non-unicode byte to Private Use Area A mapping
- move all ifdefs to iregex.h file only
2017-06-04 00:52:53 +02:00
ailin-nemui
31b9d115b0 Merge pull request #706 from dequis/parse-uint
Add parse_uint function to improve integer overflow handling
2017-06-02 14:47:38 +02:00
dx
7843586323 Merge pull request #713 from josephbisch/fix-fe-fuzz-link
Use CXX for fe-fuzz linking
2017-06-02 01:53:09 -03:00
Joseph Bisch
1ce9e07be0
Use CXX for fe-fuzz linking 2017-06-01 23:59:19 -04:00
Nei
200eb5922e Merge branch 'fix-gl9' into 'security'
Fix dcc_request where addr is NULL

See merge request !13
2017-05-30 19:39:06 +00:00
Nei
84503427b0 Merge branch 'fix-gl8' into 'security'
Fix oob read of one byte in get_file_params_count

See merge request !12
2017-05-30 19:38:19 +00:00
ailin-nemui
2d0a9b4ca3 Merge pull request #711 from ailin-nemui/24bit-reset
do not reset true colour bit on colour reset
2017-05-30 13:14:10 +02:00
Joseph Bisch
528f51bfbe
Fix dcc_request where addr is NULL 2017-05-29 14:53:26 -04:00
Joseph Bisch
30a92754bb
Fix oob read of one byte in get_file_params_count{,_resume}
We can use continue to handle cases such as:
"ab<space><space>c"
2017-05-29 14:43:24 -04:00
ailin-nemui
601be18774 Update list.in
Add a more detailed paragraph about service bots

Fixes #699

I would like to add another paragraph about how freenode is 
broken and spits at you the whole list instead of empty list 
if you attempt to use network side filtering......
2017-05-29 11:07:06 +02:00
ailin-nemui
d61c54c32b do not reset true colour bit on colour reset
fixes #710
2017-05-27 00:12:54 +02:00
ailin-nemui
aac20b1513 Merge pull request #707 from mh-source/patch-1
dcc.in: fixed typo 'resolved' -> 'resolves'
2017-05-18 15:39:02 +02:00
dequis
632b0ce5e6 Add parse_uint function to improve integer overflow handling
Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan.
After a lot of analysis I'm 99% sure this isn't security relevant so
it's fine to handle this publicly.

The fix is mainly adding a function that does it right and use it
everywhere. This is harder than it seems because the strtol() family of
functions doesn't have the friendliest of interfaces.

Aside from get_ansi_color(), there were other pieces of code that used
the same (out*10+(*in-'0')) pattern, like the parse_size() and
parse_time_interval() functions, which are mostly used for settings.
Those are interesting cases, since they multiply the parsed number
(resulting in more overflows) and they write to a signed integer
parameter (which can accidentally make the uints negative without UB)

Thanks to Pascal Cuoq for enlightening me about the undefined behavior
of parse_size (and, in particular, the implementation-defined behavior
of one of the WIP versions of this commit, where something like signed
integer overflow happened, but it was legal). Also for writing
tis-interpreter, which is better than ubsan to verify these things.
2017-05-18 00:21:11 -03:00
mh
5045f4766a dcc.in: fixed typo 'resolved' -&gt; 'resolves'
n/t
2017-05-17 12:17:27 +02:00
Jari Matilainen
0c26aeb9fc Make sure port is only set on /server modify if specified 2017-05-15 23:07:01 +02:00
ailin-nemui
10cea61696 Merge pull request #702 from vague666/server_modify_notls
Added support for -notls and -notls_verify
2017-05-14 09:44:26 +02:00
ailin-nemui
81cf8d8813 Update fe-server.c 2017-05-14 09:43:38 +02:00