1
0
mirror of https://github.com/irssi/irssi.git synced 2024-12-04 14:46:39 -05:00
Commit Graph

3934 Commits

Author SHA1 Message Date
LemonBoy
98ead50b4e Prevent some potential null-pointer deferences.
Spotted by our friend scan-build.
2017-02-14 14:46:14 +01:00
dequis
15736ba5ab notify-ison: Don't send ison before the connection is done 2017-02-11 00:07:03 -03:00
ailin-nemui
653c7fb05a Merge pull request #622 from ailin-nemui/starttls
provide net_start_ssl api
2017-02-06 12:38:20 +01:00
ailin-nemui
28df637055 provide net_start_ssl api
fixes #615
2017-02-05 23:08:42 +01:00
ailin-nemui
ff5dd3673e Merge pull request #628 from LemonBoy/openssl-compat
Support OpenSSL 1.1.0.
2017-02-05 22:20:31 +01:00
LemonBoy
73e8a065bd Support OpenSSL 1.1.0.
- X509_get_notBefore becomes X509_get0_notBefore
- X509_get_notAfter becomes X509_get0_notAfter
- ASN1_STRING_data becomes ASN1_STRING_get0_data (and drops the const)
- The whole library is now initialized by OPENSSL_init_ssl

Closes #597
2017-02-03 13:29:19 +01:00
Nei
aab24cf4a4 Merge branch 'dub-the-wub' into 'master'
Prevent a memory leak during the processing of the SASL response.

See merge request !8
2017-02-03 11:49:16 +00:00
ailin-nemui
1ee25d2286 Merge pull request #590 from LemonBoy/hi-minor
Minor cleanup in the highlighting signal.
2017-01-31 14:18:48 +01:00
ailin-nemui
4031b92b9b Merge pull request #626 from ailin-nemui/textbuffer_monospace
support storing and replaying the monospace attribute in textbuffer
2017-01-31 14:17:44 +01:00
LemonBoy
19c5178996 Prevent a memory leak during the processing of the SASL response.
We also get rid of an allocation in the process of doing so.
2017-01-24 22:19:50 +01:00
LemonBoy
697dd19d88 Check whether the client certificate is expired.
Right now we only warn the user, the connection keeps going.
Fixes #211
2017-01-22 21:58:55 +01:00
ailin-nemui
876c1dd93e implement break_wide
for more pleasant east asian mixed display
2017-01-20 10:32:23 +01:00
Joseph Bisch
c8dafe2a76
Add SUPPRESS_PRINTF_FALLBACK
There are some cases (such as fuzzing with fe-fuzz) where suppressing
printf output may be desirable.
2017-01-16 12:56:33 -05:00
Hanno
677fb1f55c
perl_parse needs NULL terminated parameter list. 2017-01-15 22:20:23 +01:00
LemonBoy
305b02fc63 Merge pull request #613 from ailin-nemui/fix_completion
fix regression in completion
2017-01-13 22:36:44 +01:00
Alexander Færøy
7732bbed5e Merge pull request #610 from josephbisch/fe-fuzz
Add frontend for fuzzing
2017-01-13 00:16:30 +01:00
Joseph Bisch
fe1ea4b80a
Fix fe-fuzz nits 2017-01-12 18:11:09 -05:00
dx
b15c27cc63 Revert "Don't reset wait_cmd during connection registration (fixes early ISON)" 2017-01-10 03:09:36 -03:00
Joseph Bisch
abdae2d5fc
Don't duplicate module-formats.* in fe-fuzz 2017-01-09 08:19:01 -05:00
ailin-nemui
17fc77565e fix regression in completion
fixes #609
2017-01-09 13:19:37 +01:00
LemonBoy
38ea52d09f Merge pull request #608 from tijko/master
Follow g_strsplit with call to g_strfreev
2017-01-08 21:55:39 +01:00
Joseph Bisch
cf46907256
Add frontend for fuzzing
Use the following configure command:

$ ./configure --with-fuzzer --with-fuzzer-lib=/path/to/libFuzzer.a \
      CC=clang CXX=clang++

Places an irssi-fuzz in src/fe-fuzz/ after build.

Also can specify SANFLAGS to override the chosen sanitizer flags
(defaults to "-g -fsanitize=address -fsanitize-coverage=trace-pc-guard").
2017-01-07 20:01:07 -05:00
Tim Konick
5917bc6f75 Follow g_strsplit with call to g_strfreev 2017-01-07 14:31:35 -08:00
dequis
1831a8e1a7 Don't reset wait_cmd during connection registration (fixes early ISON) 2017-01-06 12:49:56 -03:00
dequis
752f484c6c Add OPENSSL_NO_EC for solaris 11.3, see issue #598
Original patch by 'Slarky'

According to that ticket, the next major version of solaris won't need
this. Consider reverting this when solaris 11.3 stops being relevant.
2017-01-06 11:47:24 -03:00
Martijn Dekker
c9c45e4f89 make irssi --with-perl build with separate object directory
irssi 1.0.0 will not build if Perl is enabled and a separate
object code directory is used. The problem was a relative path
to an internal Perl dependency in four Makefile.PL.in files.
2017-01-06 12:24:36 +01:00
ailin-nemui
33107be748 fix GRegex GError problem 2017-01-05 13:06:55 +01:00
Nei
7a112e0217 Merge branch 'master' into 'security'
Sync to master

See merge request !6
2017-01-03 13:30:39 +01:00
ailin-nemui
01163710e7 Merge pull request #585 from ailin-nemui/win_seq
g_sequence backing for window list
2017-01-03 12:45:50 +01:00
Ailin Nemui
1f72b8e66a up abi version 2017-01-03 12:29:52 +01:00
Ailin Nemui
f5cbbebc2e switch for gregex and regex.h 2017-01-03 12:29:11 +01:00
Nei
1b99299ed2 Merge branch 'percent_flag' into 'security'
fix %[

See merge request !5
2017-01-02 17:01:47 +00:00
Nei
124bcd4804 Merge branch '4-use-after-free-when-receiving-numeric-432-invalid-nick' into 'security'
avoid server_disconnect

See merge request !4
2017-01-02 17:01:29 +00:00
Nei
c3cca5ecf3 Merge branch '1-null-pointer-dereference-in-irc_nickcmp_rfc1459' into 'security'
bail out if nick is NULL

See merge request !3
2017-01-02 17:01:05 +00:00
Nei
24d2d039b5 Merge branch '3-out-of-bounds-read-with-invalid-utf8-in-term_addstr' into 'security'
Fix oob read on invalid utf8 in term_addstr

See merge request !2
2017-01-02 17:00:44 +00:00
Nei
7daa7a6aa9 Merge branch '2-out-of-bounds-read-of-one-byte-with-x1b-48-in-truecolor-builds' into 'security'
check for end of string in ansi 48

See merge request !1
2017-01-02 17:00:15 +00:00
LemonBoy
5dcf291f21 Use the RAW flag when building the regexps.
Also, plugged a memory leak when retrieving the match position.
2017-01-02 17:50:14 +01:00
LemonBoy
5eaead761f Rebase against master. 2017-01-02 17:50:14 +01:00
LemonBoy
3fcd3cd2b9 Remove the regexp_compiled field.
It was made redundant by the introduction of the pointer to the GRegex
structure.
Silence the compiler warning in textbuffer.c about preg being
initialized by setting it to NULL.
2017-01-02 17:50:14 +01:00
LemonBoy
8e5db471e4 Use GLib's regexp interface (backed by PCRE) 2017-01-02 17:50:14 +01:00
ailin-nemui
91f48c6f0e Merge pull request #586 from LemonBoy/fix-580
Process the nick changes in queries before the PRIVMSG is handled.
2017-01-02 14:44:07 +01:00
LemonBoy
7e22d051ae Make sure SASL was actually requested before failing. 2017-01-01 23:08:38 +01:00
ailin-nemui
77ff8f5b74 Merge pull request #514 from LemonBoy/sasl_fail
Add an option to stop the connection when SASL fails.
2016-12-21 15:29:26 +01:00
ailin-nemui
07050e2a3c Merge pull request #587 from ailin-nemui/sbar_crash
add assertion to statusbar_read_group
2016-12-21 15:28:17 +01:00
ailin-nemui
9151f87145 remove some for loops 2016-12-20 21:40:18 +01:00
ailin-nemui
9a018a782c sort windows_seq helpers to top 2016-12-20 21:36:56 +01:00
ailin-nemui
03f5dc63fe nits 2016-12-20 21:33:51 +01:00
ailin-nemui
9004265e54 clean up window_refnum_{prev,next} 2016-12-20 21:01:16 +01:00
ailin-nemui
7dc2f832c1 fix %[ 2016-12-20 16:41:57 +01:00
ailin-nemui
2f59fe2062 add some sequence helper functions 2016-12-19 22:03:46 +01:00
Joseph Bisch
8007e9e61d
Fix oob read on invalid utf8 in term_addstr 2016-12-19 15:52:05 -05:00
ailin-nemui
508d2e0860 bail out if nick is NULL in irc_query_find
Closes #1
2016-12-19 21:41:47 +01:00
ailin-nemui
77aab79057 avoid server_disconnect
Closes #4
2016-12-19 21:16:37 +01:00
LemonBoy
a39e210ea8 Minor cleanup in the highlighting signal. 2016-12-18 15:46:48 +01:00
LemonBoy
7a7f6abc16 Prevent a UaF by calling server_disconnect in a signal handler. 2016-12-15 22:41:57 +01:00
LemonBoy
0d6add02cf Process the nick changes in queries before the PRIVMSG is handled.
Otherwise we end up with the message in the status window since the
frontend knows jack shit about the casemapping option when it tries to
find the associated window for the query.
2016-12-15 19:36:44 +01:00
ailin-nemui
7b856d628b check for end of string in ansi 48 2016-12-15 18:01:26 +01:00
ailin-nemui
17e42649bb reset background for mirc colour 99
fix #571
2016-12-15 17:06:40 +01:00
ailin-nemui
59242cb595 add assertion to statusbar_read_group
fix #564
2016-12-15 16:59:38 +01:00
ailin-nemui
365097319f manually redraw the activity list on expose only
might speed up /foreach query /unquery
2016-12-13 03:19:00 +01:00
ailin-nemui
560283ba4e g_sequence backing for window list 2016-12-13 01:04:26 +01:00
LemonBoy
4ccffd85ff Expose 'sasl_success' to the perl side. 2016-12-12 21:41:07 +01:00
LemonBoy
91c9e871c7 Add an option to stop the connection when SASL fails. 2016-12-12 21:41:06 +01:00
ailin-nemui
618c8bd10e Merge pull request #581 from LemonBoy/set-contract
Enforce the is_node_list contract in lib-config setters.
2016-12-08 12:29:52 +01:00
ailin-nemui
964f423fed Merge pull request #570 from josephbisch/fix-issue-563
enforce check that chatnets are nodelists to handle invalid config
2016-12-08 12:11:59 +01:00
LemonBoy
7fb84b5b7d Enforce the is_node_list contract in lib-config setters.
An assertion failure is better than a segfault.
2016-11-29 23:08:45 +01:00
LemonBoy
5efb3077d5 Merge pull request #565 from ahf/bug/524
Kill bell_beeps.
2016-11-29 22:13:53 +01:00
LemonBoy
22ce6637c7 Merge pull request #577 from LemonBoy/flagz
Minor corrections to the netsplit code.
2016-11-25 21:52:42 +01:00
LemonBoy
5f0e755a00 Don't shadow the 'channel' variable when printing the netjoins.
This is the root cause of #567
2016-11-23 22:22:37 +01:00
ailin-nemui
dcffa98d46 add a static buffer for dcc received data
increased buffersize might make irssi freeze less / #159
2016-11-23 17:02:29 +01:00
LemonBoy
7574bed26c Minor corrections to the netsplit code. 2016-11-23 16:11:38 +01:00
Lauri Tirkkonen
4cbf279d88 add completion_empty_line setting 2016-11-08 16:27:38 +02:00
ailin-nemui
43934ae9ad add missing inheritance to Exec item from 3532fc46 2016-11-01 17:08:28 +01:00
Joseph Bisch
c98f5f23ea
enforce check that chatnets are nodelists to handle invalid config 2016-10-27 11:18:37 -04:00
Alexander Færøy
6a6196eebe
Kill bell_beeps.
Fixes #524
2016-10-23 21:24:12 +02:00
Alexander Færøy
bc4e2c9ade
Shorten the certificate chain output. 2016-10-23 02:51:08 +02:00
Alexander Færøy
322625b548
Only do checks for SSL_get_server_tmp_key in network-openssl.c. 2016-10-22 22:04:33 +02:00
Alexander Færøy
0a6e66f8b7
Kill do { ... } while (0); and replace it with goto's. 2016-10-22 22:04:33 +02:00
Alexander Færøy
d501a54f4f
Emit the TLS handshake finished signal before we do verification.
This patch moves the emitted "tls handshake finished" signal to before
we do validation of the given TLS certificate. This ensures that we
display certificate information before we possibly error out and
disconnects from the server.
2016-10-22 22:04:33 +02:00
Alexander Færøy
5a04430998
Kill support for DANE.
This patch removes support for DANE validation of TLS certificates.

There wasn't enough support in the IRC community to push for this on the
majority of bigger IRC networks. If you believe this should be
reintroduced into irssi, then please come up with an implementation that
does not rely on the libval library. It is causing a lot of troubles for
our downstream maintainers.
2016-10-22 22:04:33 +02:00
Alexander Færøy
f533baa191
Lift EC_KEY declaration onto the entry of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
25824e2d3f
Lift ASN1_STRING declaration onto the entry of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
4e170c5233
Declare variables in the beginning of the function. 2016-10-22 22:04:32 +02:00
Alexander Færøy
53d772e48b
Make sure we clean-up after ourself upon failure. 2016-10-22 22:04:31 +02:00
Alexander Færøy
5146ce9631
Add x509 certificate and public key pinning support.
This patch adds two new options to /CONNECT and /SERVER to let the user
pin either an x509 certificate and/or the public key of a given server.

It is possible to fetch the certificate outside of Irssi itself to
verify the checksum. To fetch the certificate call:

    $ openssl s_client -connect chat.freenode.net:6697 < /dev/null 2>/dev/null | \
      openssl x509 > freenode.cert

This will download chat.freenode.net:6697's TLS certificate and put it into the
file freenode.cert.

-tls_pinned_cert
----------------

This option allows you to specify the SHA-256 hash of the x509
certificate. When succesfully connected to the server, irssi will verify
that the given server certificate matches the pin set by the user.

The SHA-256 hash of a given certificate can be verified outside of irssi
using the OpenSSL command line tool:

    $ openssl x509 -in freenode.cert -fingerprint -sha256 -noout

-tls_pinned_pubkey
------------------

This option allows you to specify the SHA-256 hash of the subject public key
information section of the server certificate. This section contains both the
cryptographic parameters for the public key, but also information about the
algorithm used together with the public key parameters.

When succesfully connected to the server, irssi will verify that the
given public key matches the pin set by the user.

The SHA-256 hash of a public key can be verified outside of irssi using
the OpenSSL command line tool:

    $ openssl x509 -in freenode.cert -pubkey -noout | \
      openssl pkey -pubin -outform der | \
      openssl dgst -sha256 -c | \
      tr a-z A-Z

It is possible to specify both -tls_pinned_cert and -tls_pinned_pubkey
together.
2016-10-22 22:01:50 +02:00
Alexander Færøy
c6c2e79537
Display TLS connection information when connected to a TLS enabled server. 2016-10-22 21:58:50 +02:00
Alexander Færøy
1d101afe0d
s/SSL/TLS/ for warning strings. 2016-10-22 21:58:49 +02:00
Alexander Færøy
13f75d49e0
Simplify TLS verification error handling. 2016-10-22 21:58:49 +02:00
Alexander Færøy
b630fd1703
Populate and emit TLS_REC after TLS handshake have completed. 2016-10-22 21:58:49 +02:00
Alexander Færøy
99d017720d
Add TLS_REC.
This patch adds the TLS_REC structure. This structure is used to emit
information about the TLS handshake from the core of irssi to the
front-end layers such that we can display connection information to the
user.
2016-10-22 20:37:33 +02:00
Alexander Færøy
2be7289085
Rename SSL to TLS.
This patch changes the internal name of SSL to TLS. We also add -tls_*
options to /CONNECT and /SERVER, but make sure that the -ssl_* versions
of the commands continue to work like before.
2016-10-22 20:36:50 +02:00
Alexander Færøy
da67d3e8e6
Add function to convert a buffer to a colon-delimited hex string.
This patch adds binary_to_hex(), which can take an input buffer and
convert it to colon-delimited hex strings suitable for printing for
fingerprints.
2016-10-22 20:36:50 +02:00
Alexander Færøy
6300dfec71
Always build irssi with TLS support.
This patch removes the optional checks for whether to build irssi with
TLS support or not. This will allow us to ship a default configuration
file where we connect to TLS enabled IRC servers out of the box.
2016-10-16 14:55:48 +02:00
ailin-nemui
61590f31df Merge pull request #465 from LemonBoy/netsplit-print
Some small adjustments to the netsplit code.
2016-10-11 16:12:35 +02:00
LemonBoy
3667fd9fd1 Make the cap_complete field unsigned.
Fixes a problem where the field would end up as a negative number when
exposed to the perl scripts.
And move it near the other bit-packed fields so we take advantage of the
packing.
2016-09-30 19:30:43 +02:00
ailin-nemui
8d4d313cc9 Merge pull request #506 from kruton/sasl-400-byte-chunk
SASL: handle fragmentation
2016-09-26 16:43:33 +02:00
ailin-nemui
f9fd50a357 nullptr when doing module backward compat on invalid config 2016-09-25 23:17:20 +02:00
ailin-nemui
31044ec004 Merge pull request #542 from LemonBoy/xs-add
Expose the CAP fields to the perl scripts.
2016-09-22 17:10:33 +02:00
ailin-nemui
295a4b77f0 Patches for heap corruption and missing bounds check
By Gabriel Campana and Adrien Guinet from Quarkslab.
2016-09-20 19:56:06 +02:00
ailin-nemui
b3c6cdbb91 Merge pull request #540 from LemonBoy/reset-autorun
/script reset can now also run the autorun scripts
2016-09-19 22:14:57 +02:00