Commit graph

3830 commits

Author SHA1 Message Date
Stephen Bennett
f32b9ebd63 Add hooks for local and remote nick changes 2016-09-16 00:04:16 -05:00
Aaron Jones
6d16f66be6
msgbuf: Fix remote crash vulnerability due to malformed message tag.
Fixes #218

Reported-by: ManiacTwister <github@s7t.de>
2016-09-11 10:35:13 +00:00
Xenthys
89aef424e9 m_grant.c - fixed remote grant support 2016-09-10 17:54:13 +02:00
Aaron Jones
c4acd427ac
MbedTLS: Misc backend cleanups
This is a forward-port of release/3.5 commit 566f4678

* Add generic direction enum for negotiation setup.

* Rename a rather long wrapper function to a shorter one consistent with
  what it does.

* Rework context setup function.

* Don't check for handshake state before beginning handshaking.

  The old backend began a handshake and then stepped into the callback
  function if it was interrupted; the current one just jumps right into
  it, so there is no need to check if it has previously succeeded,
  because it hasn't been attempted yet.

* Add missing errno assignment to one of the handshake wrappers.

* Don't bother checking if SSL_P(F) is NULL when we already checked if
  F->ssl is NULL -- this should be impossible.

* Don't bother checking if SSL_C(F) is NULL -- this was a no-op.

* Change the socket send and recv functions to not peer into a foreign
  ratbox structure -- use the correct function to get the socket fd.

* Rewrap some lines and function arguments.

Other backends will be brought into line with this backend soon.

This will enable easier maintenance of the backends, by reducing the
diffs between them, which should make different behaviour easier to
spot.
2016-09-10 08:51:09 +00:00
Aaron Jones
73c486c7a5
MbedTLS: Treat 0 bytes read/written to socket properly
At the moment, if a link quits in just the right (wrong [1]) way,
the quit reason will resemble:

    <-- foo (~bar@baz) has quit (Read error: (-0x0) )

This should resolve that.

[1] Peers should send a close_notify alert before abruptly shutting
    down their socket. This will result in a sane quit message:

    <-- foo (~bar@baz) has quit (Read error: (-0x7880) SSL -
    The peer notified us that the connection is going to be closed)

[ci skip]
2016-09-09 01:47:18 +00:00
Aaron Jones
7272518795
MbedTLS: Initial attempt to port release/3.5 commit 89d4c468 to this branch 2016-09-04 03:50:29 +00:00
Aaron Jones
ac88154f94
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
2016-09-03 17:29:53 +00:00
Simon Arlott
86e1de17f3
ircd: serv_connect: initialise sa_connect/sa_bind to AF_UNSPEC
These are read to check if they're AF_UNSPEC (unset) but they aren't
initialised.
2016-09-03 14:52:48 +01:00
Simon Arlott
1315fd5920
librb: set sockaddr port to 0 in success path
Instead of only in the failure path, which causes
all sorts of annoying server connection failures
when we try to repeatedly reuse the same port.
2016-09-03 14:36:17 +01:00
Aaron Jones
94f114641c
OpenSSL: Initialise if LibreSSL
LibreSSL's definition of OPENSSL_VERSION_NUMBER bites us in the ass,
*again*.
2016-09-01 19:29:47 +00:00
Aaron Jones
572c2d4b05
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.

This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
2016-08-30 10:30:17 +00:00
Aaron Jones
0942c1fc26
Print initialisation notice before forking 2016-08-24 16:44:04 +00:00
Jason Volk
c1fc044c35
ircd: Fix umode orphan scheme.
Cherry-picked from jevolk/charybdis f5e7f335
Reformatted slightly.
2016-08-24 16:12:05 +00:00
Aaron Jones
f4e9d91580
startup: fork before initialising the event subsystem
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).

Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.

So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
2016-08-21 22:29:16 +00:00
Aaron Jones
0c23c0b1c5
Attempt to open /dev/null before forking incase it would fail 2016-08-21 00:32:34 +00:00
Aaron Jones
0c433865d3
Attempt #2 at fixing the file descriptor mess.
This commit defers daemonisation to the end of initialisation
as that makes it vastly simpler to get this right.
2016-08-21 00:15:17 +00:00
Aaron Jones
ef24ede3e2
Revert "ircd startup: avoid black magic with file descriptors"
This reverts commit 27c0f6d8f4.

A more extensive investigation and refactoring of the code is
necessary.
2016-08-20 22:22:37 +00:00
Aaron Jones
27c0f6d8f4
ircd startup: avoid black magic with file descriptors
This *should* fix a reported but as yet unreproducable
ircd abort on restart.
2016-08-20 21:14:53 +00:00
Jason Volk
ffedad8dfb ircd: Allow non-default CAP_MASK during server estab. 2016-08-20 04:10:28 -07:00
Aaron Jones
31145ea0b3
TLS Backends: Harmomise the rb_ssl_get_cipher() function
The GNUTLS backend reports the version in use for the client as well
as its ciphersuite -- do the same for the other 2 backends.
2016-08-20 04:16:33 +01:00
Aaron Jones
4906854293
GNUTLS: Avoid null dereference in constructing ciphersuite 2016-08-19 20:26:43 +00:00
Aaron Jones
6971019a09
GNUTLS: Cleanup fingerprint generation
Removes intermediate buffer, properly check return values
2016-08-19 19:14:40 +00:00
Aaron Jones
fd9f652150
README: Clarify that OpenSSL is not required for ECDHE 2016-08-15 10:53:31 +00:00
Aaron Jones
ba1edd7277
mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
2016-08-15 09:50:53 +00:00
Aaron Jones
add3f90b9f
openssl: Avoid use-after-free when rehashing fails to load new files
Commit cf12678 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.

Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.

This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
2016-08-12 13:34:13 +00:00
William Pitcock
e5b5dc997d charybdis 4-rc3. 2016-08-05 23:38:34 -05:00
William Pitcock
f8f5ff705a m_grant: convert jevolk's rewritten version to AV2 2016-08-05 23:37:05 -05:00
William Pitcock
980cf654d0 Merge pull request #207 from charybdis-ircd/jevolk-patch-1
authd: Fix use after reference count decrement.
2016-08-05 23:07:00 -05:00
Jason Volk
7c003d84bc authd: Fix use after reference count decrement. 2016-08-05 13:08:16 -06:00
William Pitcock
5191cd0814 Merge pull request #205 from jevolk/release/4
m_grant: rewrite.
2016-07-27 02:34:38 -05:00
Jason Volk
17f925817e m_grant: rewrite. 2016-07-26 22:40:26 -07:00
Jason Volk
4cc889ae17
ircd: Fix missing operhash reference decrement from b02a913b. 2016-07-19 23:24:33 +00:00
Jason Volk
e4a7cf9f50 Fix erroneous return value. 2016-07-16 11:26:38 -07:00
Aaron Jones
6621472435
reference.conf: Document fingerprint generation
[ci skip]
2016-07-16 05:42:09 +00:00
Elizabeth Myers
8b0392ca39
Fix stupid compiler errors by my stupidity and tiredness 2016-06-27 19:37:02 -05:00
Elizabeth Myers
cec81c7978
blacklist: add blacklist_cancel_none 2016-06-27 19:36:52 -05:00
Elizabeth Myers
1db45f312a
blacklist: add return statement. d'oh. 2016-06-27 19:36:44 -05:00
Elizabeth Myers
c47e4958e9
blacklist: fix precedence lossage 2016-06-27 19:36:35 -05:00
Elizabeth Myers
02e4674001
blacklist: if no blacklists were checked, properly terminate query. 2016-06-27 19:36:24 -05:00
Elizabeth Myers
d52762b2a9
build_rdns: minor cleanup 2016-06-27 19:36:10 -05:00
Elizabeth Myers
c12d9cd3b2
blacklist: tweak message for timeout 2016-06-27 19:35:51 -05:00
Elizabeth Myers
f16493f468
blacklist: give different messages for cancellation and timeout 2016-06-27 19:35:32 -05:00
William Pitcock
9a71801d08 charybdis 4-rc2. 2016-06-25 22:14:52 -05:00
William Pitcock
74edf6bac0 Merge branch 'master' into release/4 2016-06-25 14:27:44 -05:00
Jason Volk
12de082e2c Fix bug. Note: The second hunk is just an assumption. It's not called from anywhere. 2016-06-25 14:27:32 -05:00
William Pitcock
c642292f25 Merge pull request #196 from jevolk/master
I typed MODRESTART by accident
2016-06-21 20:00:01 -05:00
Jason Volk
b5cfad0319 Core modules cannot be unloaded, otherwise bad things happen.
Additionally some information is logged and passed to the operator
conducting a MODRESTART.
2016-06-21 17:42:36 -07:00
Jason Volk
94afbe9c8e ircd: Fix capability entry name string ownership.
The entry->cap must be copied and exclusive to the entry for the
cap to be orphaned, even if literals are expected. Because modules.
2016-06-21 17:32:28 -07:00
William Pitcock
9ce88407b2 charybdis 4-rc1. 2016-06-19 22:44:47 -05:00
William Pitcock
34ec4fcaeb Merge branch 'master' into release/4 2016-06-19 21:49:52 -05:00