Commit graph

191 commits

Author SHA1 Message Date
Ed Kellett
59ea3c6753 Delay rehashing until we're not processing events
Fixes crash introduced by 0ab6dbbc65. It's
probably a regression since it defeats a system designed to stop this
from happening, but I didn't dig through the history.

rehash() closes listeners. If we happen to get a single epoll() result
that wants to first rehash and then accept a connection, the epoll info
will point to a freed rb_fde_t. Other selectors should have similar
problems, but we didn't investigate that.

rb_fde_ts are normally batched up and freed outside the event
processing, but as of the above commit close_listeners() screws that up
by closing pending FDs immediately in order to create new listeners.

I think it might be a bit better to revert this behaviour and simply not
close listeners if we are going to open new ones over them, but have
opted for the smallest reasonable change I can think of.

Helped-by: Eric Mertens <emertens@gmail.com>
2023-11-06 14:22:55 +00:00
Doug Freed
33822550e5 librb/helper: pass our fd limit to the child
Instead of arbitrarily limiting it to 256.  This avoids an issue with 
busy authds "running out" of fds because librb says no more.
2022-10-21 03:04:09 -04:00
hello-smile6
5206a066f2
Add semicolon to fix a compile error in librb/src/arc4random.c 2022-09-30 18:27:26 +01:00
jailbird777
1e7fd14296 Remove missed Winsock2 check 2022-08-26 18:58:49 -04:00
jailbird777
3c586ccf3e
Remove ancient portability code (#361)
Remove portability code for systems that don't follow at least SUSv3.
This fairly closely aligns with ISO C99, which solanum already requires.
2022-08-24 20:53:52 -04:00
jailbird777
8e9a741832 OpenSSL 3.0 compatibility
Edited by @aaronmdjones:

- Correct some data types and casts

- Minor style fixups (e.g. we put * on the variable name not the type)

- librb/src/openssl.c:

  - Defer call of BIO_free(3ssl) to the end of the conditional block
    to avoid having calls to it in multiple paths

  - Check the return value of SSL_CTX_set0_tmp_dh_pkey(3ssl) because if
    it fails then we must use EVP_PKEY_free(3ssl) to avoid a memory leak

    This could fail if, for example, the user supplied DSA parameters
    in the DH parameters file instead.

- ircd/newconf.c:

  - Check whether OSSL_DECODER_CTX_new_for_pkey(3ssl) was able to parse
    the given CHALLANGE public key as a valid RSA public key, and then
    check whether OSSL_DECODER_from_bio(3ssl) actually loads it
    successfully

- ircd/s_newconf.c:

  - Use EVP_PKEY_free(3ssl) instead of OPENSSL_free(3ssl) on EVP_PKEY
    pointers; this will avoid inadvertent memory leaks if the EVP_PKEY
    structure contains any dynamically-allocated child members

- modules/m_challenge.c:

  - Unconditionally use EVP(3ssl) to generate the SHA-1 digest of the
    random challenge; this API has been around for a very long time and
    is available in all supported versions of OpenSSL

  - Add lots of error checking to all steps of the process

Tested against 1.1.1 and 3.0; both with missing and provided DH parameters
(which works as you'd expect; the server will not negotiate a DHE cipher
without them), and CHALLENGE, including missing keys or keys of the wrong
type (e.g. when you supply an EdDSA key instead of an RSA key).

This does break compatibility with OpenSSL 1.1.0 and below, which are now
all end-of-life and unsupported anyway.

Closes #357
2022-08-25 00:36:47 +00:00
Aaron Jones
ae510cce12 librb/src/crypt.c: rb_sha*_crypt_r: avoid UB pointer math
This code is doing (foo - (char*)0) to convert foo from a pointer
value into a numeric value. Unfortunately, this is undefined
behaviour, which clang-14 is now warning about [1].

Cast to uintptr_t instead. Same result, but well-defined.

[1] cf. commit 0302f1532b
2022-08-24 20:03:22 -04:00
jailbird777
c8025927ae Fix assert = hard assignments
The spaces surrounding the = is bad syntax, which causes the shell to try to
execute 'assert'.

Granted, all of this is just cosmetic, as the only use of $assert seems to be
in the echo at the end of the configure run.
2022-08-24 18:15:43 -04:00
jailbird777
1b64bfa05e Fix SCTP support on FreeBSD & NetBSD
Unlike Linux, Solaris, and Illumos (and probably others), the 2 BSDs that still
support SCTP didn't put SCTP into its own library, they put it into libc.

They, unlike Linux, don't set SOL_SCTP for us. The official method appears to
be calling getprotobyname("sctp") & endprotoent(), with getprotobyname()
returning a struct that has a p_proto entry. This all reads from
/etc/protocols. However, SCTP is assigned 132 by IANA, so it's 132 everywhere,
so I just set SOL_SCTP to 132 if it's not already set.
2022-08-24 18:02:12 -04:00
Matthew Martin
5c01fc8bd7 Cast time_t to long long when printing 2022-07-01 03:43:36 -04:00
JailBird
62f6351d90 Illumos fixes
- getexecname(3) returns const char *
- pid_t is long
2022-06-29 20:28:11 -04:00
Matthew Martin
57aa79acb8 Normalize snprintf size to use sizeof where possible 2022-06-24 01:42:08 -04:00
jailbird777
e73eade529
Remove stray semicolons (#339) 2022-06-10 18:07:25 +01:00
jailbird777
3175172d52 The rb_heap_block struct doesn't appear to be used anywhere 2021-07-31 00:09:08 -04:00
Ariadne Conill
9a7b4a4521 librb: appease libtool by adding rb_close_pending_fds() to the export list 2021-07-31 00:05:59 -04:00
Ariadne Conill
ad2421c74e librb: make free_fds() public as rb_close_pending_fds() 2021-07-31 00:05:59 -04:00
jailbird777
8f0c3422e7 Remove Windows support 2021-07-30 14:17:47 -04:00
jailbird777
e370888264 (Mostly) exorcise select()
Sadly, this just sends it to purgatory. It's still around for the
socketpair() emulation and the nanosleep() emulation.

socketpair() obviously only selects() on 2 FDs, so not a huge deal.
nanosleep() only uses it for the timeout, so also not a huge deal.

socketpair() is SUSv3 (2001) and nanosleep() is SUSv2 (1997), so maybe
it's OK to remove those emulations.  If so, then we can also remove the
sys/select.h check in configure.ac
2021-06-26 17:56:40 +01:00
jailbird777
365feb397b Remove unneeded ugly hack for 32-bit Solaris
- The official Sun/Oracle solution is to use the extendedFILE(5)
  mechanism, which works around the limitation.
  https://docs.oracle.com/cd/E18752_01/html/816-5175/extendedfile-5.html
- Add a quick HOWTO to the README.md
2021-06-26 16:22:08 +01:00
jailbird777
b29800911a librb mbedTLS: der_pubkey is used out of scope 2021-06-02 18:38:22 +00:00
Ariadne Conill
3fc0499e77
Mailmap and copyright update for Ariadne 2021-06-01 12:40:02 -04:00
mniip
79a38ce96d Fix time.h in librb autoconf 2021-05-30 16:13:38 -05:00
Ariadne Conill
8dbfb0203e librb: radixtree: fix iteration restarting
STATE_CUR(state) = NULL causes rb_radixtree_foreach_next() to fail,
instead set both state pointers to the same address.
2021-05-30 10:39:34 -05:00
Aaron Jones
a90f22c92d OpenSSL: Support configuration of TLSv1.3 ciphersuites
The OpenSSL developers decided, during the OpenSSL 1.1.1 development
phase, to use a different API and different set of lists for TLSv1.3
ciphersuites, than for every TLS version preceeding it.

This is stupid, but we have to work with it.

This commit also improves configuration fault resilience. The reason
is that if you don't pass any valid old-style ciphersuites, OpenSSL
will not negotiate an older protocol at all. However, when they
implemented the new API, they decided that lack of any valid
ciphersuites should result in using the defaults. This means that if
you pass a completely invalid ciphersuite list (like "foo"), OR if
you pass a TLSv1.2-only ciphersuite list, TLSv1.3 continues to work.
This is not mirrored; passing a TLSv1.3-only ciphersuite list will
break TLSv1.2 and below.

Therefore we work around this lack of mirroring by falling back to
the default list for each protocol. This means that if
ssl_cipher_list is complete garbage, the default will be used, and
TLS setup will succeed for both protocols. This is logged, so that
administrators can fix their configuration.

I prefer this approach over explicitly disabling the protocols if
their respective ciphersuite lists are invalid, because it will
result in unusable TLSv1.3 if people run newer solanum with their
older charybdis/solanum configuration files that contain custom
ssl_cipher_list definitions. Hindering TLSv1.3 adoption is not an
option, in my opinion.

The downside of this is that it is no longer possible to disable a
protocol family by not including any of its ciphersuites. This could
be remedied by an ssl_protocol_list configuration directive if it is
decided that this functionality is ultimately necessary.

This work is not required for either of the other TLS backends,
because neither of those libraries yet support TLSv1.3, and in the
event that they eventually do, I expect them to allow configuration
of newer ciphersuites with the existing APIs. This can be revisited
if it turns out not to be the case.

Signed-off-by: Aaron Jones <me@aaronmdjones.net>
Tested-by: Aaron Jones <me@aaronmdjones.net>
2021-02-07 11:52:58 +00:00
Doug Freed
71325a9801 librb/helper: call rb_clear_cloexec on child fds 2021-01-26 00:03:48 -05:00
Doug Freed
1cad0654b7 librb: call rb_set_cloexec in rb_setup_fd 2021-01-26 00:03:48 -05:00
Doug Freed
34a2afbc28 librb: add rb_{set,clear}_cloexec 2021-01-26 00:03:48 -05:00
Ed Kellett
c07751a50d Remove hardcoded TLSv1 disables 2020-11-01 04:07:24 +00:00
Ed Kellett
a6f63a829e
Innovation by sed 2020-10-15 15:52:41 +01:00
Ed Kellett
ad516b7d47
librb/event: Don't leak event names on completion 2020-04-19 14:22:18 +01:00
Simon Arlott
400e650809
librb: Fix nossl 2019-09-15 12:33:56 +01:00
Simon Arlott
b7660ea49d
librb: Fix nossl 2019-09-15 11:43:52 +01:00
Simon Arlott
8679c0fe3c
Fix Clang 6 compiler warnings 2019-09-15 11:28:48 +01:00
Simon Arlott
4b7abcfb7d
librb: Avoid unused variable warning 2019-09-15 11:13:54 +01:00
Simon Arlott
53aeb0305a
librb: Specify -Wno-unused-parameter 2019-09-15 11:12:44 +01:00
Simon Arlott
c4c1bf3b79
librb: Fix GCC 8 warning; 640 bytes should be enough 2019-09-15 10:25:25 +01:00
Aaron Jones
f7f1c50494
Support ECDH X25519 for TLSv1.3 (OpenSSL 1.1.1) 2019-09-08 14:00:24 +00:00
Ed Kellett
3576d1b482
librb/event: delete indirectly via a dead flag
This avoids an issue where deleting an event inside the handler of a
different event puts the event iteration in an invalid state.
2019-09-07 14:50:42 +01:00
Simon Arlott
17809d2db7
librb: Fix type of dst for rb_inet_pton_sock() 2019-08-31 16:10:50 +01:00
Aaron Jones
8d93dd76ad
MbedTLS: Support ChaCha20-Poly1305 in TLSv1.2+ 2018-08-13 22:35:20 +00:00
Simon Arlott
30053ab982
gcc7 fixes: make fallthrough explicit 2018-01-19 23:26:03 +00:00
Aaron Jones
e081bf2988
libratbox/src/mbedtls.c: check public/private keys match 2018-01-06 16:05:48 +00:00
Simon Arlott
268044ea40
Add workaround for Linux SCTP_I_WANT_MAPPED_V4_ADDR bug on older kernels 2017-08-24 20:08:22 +01:00
Simon Arlott
6003ce763c
Add outgoing SCTP connect support 2017-08-24 20:08:21 +01:00
Simon Arlott
c6ad9b0c5f
Add basic SCTP listener support that binds to multiple addresses
This only supports two addresses as the intended use is 1 IPv4 and 1 IPv6
address on a single-homed host, and the only supported configuration of
outgoing connections to other servers is to bind a single IPv4 or IPv6
address.
2017-08-24 20:08:20 +01:00
Simon Arlott
589dbf4d0f
rb_connect: use SO_ERROR 2017-08-24 20:08:19 +01:00
Simon Arlott
9caecc9348
rb_inet_pton_sock: initialise sockaddr to zero 2017-08-24 20:08:19 +01:00
Simon Arlott
de2934965c
remove RB_IPV6 2017-08-20 12:54:46 +01:00
Simon Arlott
fa2367e3f3
librb: remove zstring
rb_zstring_serialized leaks memory while doing nothing with its
arguments... nothing is using zstring so remove it
2017-08-06 18:40:24 +01:00
Simon Arlott
1272b289e6
librb: dictionary_add mishandles replacing elements
This can only happen with soft asserts otherwise it will crash instead.

Nothing currently uses the return value of rb_dictionary_add.
2017-08-06 18:38:35 +01:00