crypt.c:49:4: warning: 'break' will never be executed
[-Wunreachable-code-break]
(... and 3 more of the same)
crypt.c:627:7: warning: variable 'f' may be uninitialized when used
here [-Wconditional-uninitialized]
crypt.c:539:12: note: initialize the variable 'f' to silence this
warning
ssld.c:1251:14: warning: signed shift result (0x80000000) sets the sign
bit of the shift expression's type ('int') and becomes
negative [-Wshift-sign-overflow]
ircd.c:125:1: warning: function 'ircd_shutdown' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
ircd.c:437:1: warning: function 'ircd_die_cb' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
bandb.c:243:1: warning: function 'error_cb' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
bandb.c:289:1: warning: function 'db_error_cb' could be declared with
attribute 'noreturn' [-Wmissing-noreturn]
bandb.c:293:13: warning: signed shift result (0x80000000) sets the sign
bit of the shift expression's type ('int') and becomes
negative [-Wshift-sign-overflow]
- Add (void) casts for unused function parameters
- Rearrange member in `struct rb_mbedtls_cfg_context' for data alignment
- Document a `clang-4.0 -Weverything' (-Wcast-qual) diagnostic
- Avoid pointless conversions between positive/negative error codes
- Use capital hexadecimals in error codes and properly cast to
(unsigned int) for %x/%X
strlcpy should be called with the size of the destination buffer, not
the length of the source string.
When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.
This could also cause a buffer overflow on very long invalid config
lines.
the rationale behind switching away from SGML/Docbook is the following:
* SGML is hard to edit for humans
* the output is not much prettier
* the toolchain is not well supported and missing from the build
* the build is not hooked into anywhere, no automation
the reason why RST was chosen:
* it allows for a strong structure like Docbook
* the theme from Read The Docs is pretty
* it also supports mobile devices
* sphinx can easily output to PDF and ePUB formats
* RST is plaintext that can be easily edited and diff'd
* RST can be automatically built by ReadTheDocs and the toolchain is
readily available
* the output is also parsed by Github so documentation can be read
straight from GH
the reason why Markdown was not chosen:
* the current strong structure would be hard to replicate
* markdown is not standardized and output varies according to the
implementation
the docs were converted with Pandoc, using the following commands:
mkdir oper-guide
for source in sgml/oper-guide/*.sgml; do
pandoc --toc -s -f docbook -t rst $source -o oper-guide/$(basename $source .sgml).rst
done
cd oper-guide
sphinx-quickstart
git add *.rst make.bat conf.py
git add -f Makefile
git rm -r ../sgml
the [manpage][] says:
> unsigned int * cert_max
> Initially must hold the maximum number of certs. It will be updated
> with the number of certs available.
ratbox doesn't actually initialize that variable, so gnutls naturally
fails. i would also recommend considering dynamically allocating the
cert list to deal with that error in other ways than failing to
configured SSL completely in GnuTLS. the apache gnutls module has a
similar problem and came up with a [patch][] to do exactly this which
you may want to consider.
but since our cert chain is only (!) 5 certs long, our itched is
scratch by this particular patch.
[manpage]: https://manpages.debian.org/jessie/gnutls-doc/gnutls_x509_crt_list_import.3.en.html
[patch]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573#35
This change modifies extb_channel to allow matching users in secret
channels, which prevents trivial ban evasion by setting the target
channel +s. Information leak due to this change is unlikely since the
attacker would have to know that the target channel exists, the name of
the channel (or guess it), have a specific user they wanted to know
whether was in the channel (and not know already), and the target user
would need to have something like autojoin-on-invite enabled (or any of
the other various ways hostname cloaking is attacked).
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.
However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.
Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.
Reported-by: mniip (Freenode)
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).