Commit graph

3494 commits

Author SHA1 Message Date
Simon Arlott
169a1c3535
msgbuf: s_assert is not a substitute for proper code
(dns, m_alias, m_stats updated as msgbuf no longer includes s_assert.h)
2017-07-26 19:30:41 +01:00
Simon Arlott
d2b3a2a474
ircd: check_server: don't allow a connection if that would exceed the class limit 2017-07-23 17:38:11 +01:00
Simon Arlott
e3cea4d811
ircd: serv_connect: don't try to connect if that would exceed the class limit 2017-07-23 15:40:00 +01:00
Simon Arlott
fdfe62e7cc
m_webirc: use rb_inet_ntop_sock to populate sockhost 2017-06-27 21:13:25 +01:00
Simon Arlott
89bb7d65fb
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:48:49 +01:00
William Pitcock
40ac82e878 no really, it's dead people 2017-02-27 23:31:49 -06:00
Simon Arlott
fe45fd6105
CREDITS: fix my nickname and update my email address 2017-01-06 21:52:44 +00:00
Aaron Jones
c3abf98286
MbedTLS: Disable TLSv1.0 2016-12-30 17:59:48 +00:00
Aaron Jones
35cd299395
OpenSSL: Disable TLSv1.0
Also some misc other cleanups/additions to bring it in line with the
release/3.5 backend
2016-12-30 17:59:46 +00:00
Aaron Jones
5bcd4c7c60
GNUTLS: Provide a default priority string, disable TLSv1.0 in it
The user can still override this choice with the ssl_cipher_list option
in ircd.conf -- this is the only backend that will allow you to do so.
2016-12-30 17:59:35 +00:00
Keith Buck
1175ff837d extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret
channels, which prevents trivial ban evasion by setting the target
channel +s. Information leak due to this change is unlikely since the
attacker would have to know that the target channel exists, the name of
the channel (or guess it), have a specific user they wanted to know
whether was in the channel (and not know already), and the target user
would need to have something like autojoin-on-invite enabled (or any of
the other various ways hostname cloaking is attacked).
2016-12-29 06:21:58 +00:00
Aaron Jones
28f877462d
Documentation: Comment-out the OPM block and its options by default
The feature is not yet stable and is causing several issues.
2016-12-28 23:41:32 +00:00
Aaron Jones
41390bfe5f
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.

However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.

Also, in this version of the IRCd, the module restarting functionality
was located in a function that is itself located in a module, so things
will also go badly if that module is reloaded to a different address,
too.

Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.

c.f. release/3.5 commit db05a36210

Reported-by: mniip (Freenode)
2016-12-28 22:08:14 +00:00
Aaron Jones
6002ccec6b
mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails 2016-12-20 17:29:37 +00:00
Aaron Jones
d1f8acb0da
authd: don't exit() on OPM duplicate scanner errors, just ignore it
I run into this code even with a single kind of scanner with a single
port, so I'm not even sure how it thinks it already exists.

Perhaps it's being parsed twice, or something similar.

c.f. issue #229
2016-12-19 04:57:58 +00:00
Keith Buck
df0c70dd1f mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:08:47 +00:00
Jason Volk
d57ff45c68 .gitignore: ignore .exe extension.
Utilized when building on windows, but shouldn't require any iff
windows case when on unix, so it can be simply ignored.

[ci skip]
2016-12-05 14:36:36 -05:00
Keith Buck
fbd3e77eac m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:15:29 +00:00
Simon Arlott
ab6a27d184
Fix cross compile for Windows 2016-12-04 20:21:07 +00:00
Simon Arlott
57dd2c6a89
msgbuf: don't append a ';' unless there are existing tags
When both account-tag and server-time are present but the client
doesn't have the first (i == 0) of these enabled. They will get
an erroneous ';' after the '@'.

Track whether or not there are tags present, and use this to
determine whether to add the ';' or not. Also remove the extra
function that loops over all of the tags by using this flag to
handle the case where there are no tags being written.
2016-12-04 19:41:08 +00:00
Simon Arlott
6396c5da07
fix privmsg/notice send functions to use variable argument lists properly 2016-12-04 19:41:07 +00:00
Aaron Jones
a49b954f98
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:51:06 +00:00
Simon Arlott
e2d5ffd5dd
echo-message should work for privmsg/notice to another user
Build the same message but send it to the local client first,
so that the echo-message capability works. But don't do it when
sending a message to yourself.
2016-11-23 21:59:43 +00:00
Simon Arlott
2d8d5b058b
echo-message should work for clients that aren't in the target channel
Move the echo part to the end of the channel membership loop so that it
works even if the user isn't on the channel.
2016-11-23 21:14:44 +00:00
Simon Arlott
f41f79971c
server_estab: don't try to send to a dead client
If the zlib setup fails the client will be exited, so don't send
to it before checking this.
2016-11-20 21:41:18 +00:00
Simon Arlott
50b1e5987c
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:09:07 +00:00
Aaron Jones
4381284e72
reference.conf: document that SPKI is supported in version 3.5 now 2016-11-15 12:36:01 +00:00
Aaron Jones
05281d7a0d
TLS backends: Move some library-dependent functions to the proper location
The comment incorrectly stated these were library-agnostic; infact, they
use library-dependent data types or macro names.
2016-11-15 12:16:03 +00:00
Aaron Jones
19ec5fb1f9
README: Document glibtoolize use on Mac systems
Fixes #224
2016-10-31 09:08:46 +00:00
Simon Arlott
5bc95eaf4a
Use const hook data where possible
core/m_nick.c: In function `change_remote_nick':
core/m_nick.c:745: warning: assignment discards qualifiers from pointer target type
2016-10-30 12:36:50 +00:00
Simon Arlott
4ce7eaefd4
free cache emptyline rb_dlink_node, allocated automatically but never freed
==00:00:01:09.081 1762== 48 bytes in 2 blocks are definitely lost in loss record 545 of 991
==00:00:01:09.081 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.081 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.081 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.081 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.081 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.081 1762==    by 0x4E52AC3: init_cache (cache.c:67)
==00:00:01:09.081 1762==    by 0x4E69530: charybdis_main (ircd.c:762)
==00:00:01:09.081 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 2,808 bytes in 117 blocks are definitely lost in loss record 960 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E5337A: load_help (cache.c:301)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 5,328 (5,304 direct, 24 indirect) bytes in 221 blocks are definitely lost in loss record 971 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E53278: load_help (cache.c:266)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)
2016-10-30 12:05:45 +00:00
Simon Arlott
1c4f9748d7
free server_p->certfp, allocated in newconf.c
==01:17:20:36.920 5966== 429 bytes in 3 blocks are possibly lost in loss record 899 of 1,020
==01:17:20:36.920 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.920 5966==    by 0x4E73867: rb_strdup (rb_memory.h:70)
==01:17:20:36.920 5966==    by 0x4E7674C: conf_set_connect_fingerprint (newconf.c:1421)
==01:17:20:36.920 5966==    by 0x4E78D55: conf_call_set (newconf.c:2562)
==01:17:20:36.920 5966==    by 0x4E6A33D: yyparse (ircd_parser.y:215)
==01:17:20:36.920 5966==    by 0x4E7FFC7: read_conf (s_conf.c:834)
==01:17:20:36.920 5966==    by 0x4E81718: read_conf_files (s_conf.c:1419)
==01:17:20:36.920 5966==    by 0x4E69567: charybdis_main (ircd.c:775)
==01:17:20:36.920 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:45:56 +00:00
Simon Arlott
c8641a273f
free localClient->cipher_string, allocated in sslproc.c
==01:17:20:36.919 5966== 280 bytes in 8 blocks are definitely lost in loss record 876 of 1,020
==01:17:20:36.919 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.919 5966==    by 0x4E93F4F: rb_strdup (rb_memory.h:70)
==01:17:20:36.919 5966==    by 0x4E95280: ssl_process_cipher_string (sslproc.c:476)
==01:17:20:36.919 5966==    by 0x4E95540: ssl_process_cmd_recv (sslproc.c:561)
==01:17:20:36.919 5966==    by 0x4E9582A: ssl_read_ctl (sslproc.c:632)
==01:17:20:36.919 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.919 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
==01:17:20:36.919 5966==    by 0x56C7FD6: rb_lib_loop (rb_lib.c:228)
==01:17:20:36.919 5966==    by 0x4E69987: charybdis_main (ircd.c:872)
==01:17:20:36.919 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:21:45 +00:00
Simon Arlott
76f3591a2d
free localClient->zipstats, allocated in sslproc.c
==01:17:20:36.906 5966== 48 bytes in 1 blocks are definitely lost in loss record 544 of 1,020
==01:17:20:36.906 5966==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.906 5966==    by 0x4E93F0C: rb_malloc (rb_memory.h:41)
==01:17:20:36.906 5966==    by 0x4E961E8: start_zlib_session (sslproc.c:901)
==01:17:20:36.906 5966==    by 0x4E86FAC: server_estab (s_serv.c:877)
==01:17:20:36.906 5966==    by 0x13B2921A: mr_server (m_server.c:304)
==01:17:20:36.906 5966==    by 0x4E7AF03: handle_command (parse.c:241)
==01:17:20:36.906 5966==    by 0x4E7A96A: parse (parse.c:157)
==01:17:20:36.906 5966==    by 0x4E7A3DC: client_dopacket (packet.c:354)
==01:17:20:36.906 5966==    by 0x4E798D6: parse_client_queued (packet.c:98)
==01:17:20:36.906 5966==    by 0x4E79FAC: read_packet (packet.c:282)
==01:17:20:36.906 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.906 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
2016-10-30 11:20:31 +00:00
Simon Arlott
d8f0b5d763
cppcheck: fix various warnings/errors
[ircd/match.c:316]: (error) Shifting a negative value is undefined behaviour
[librb/src/patricia.c:55]: (error) Shifting a negative value is undefined behaviour
[modules/m_alias.c:64]: (portability) '(void*)message' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[modules/m_time.c:111]: (warning) %u in format string (no. 9) requires 'unsigned int' but the argument type is 'signed int'.
[modules/m_time.c:111]: (warning) %u in format string (no. 10) requires 'unsigned int' but the argument type is 'signed int'.
[librb/src/dictionary.c:819]: (warning) %d in format string (no. 3) requires 'int' but the argument type is 'unsigned int'.
[librb/src/radixtree.c:1080]: (warning) %d in format string (no. 3) requires 'int' but the argument type is 'unsigned int'.
[ircd/s_user.c:351] -> [ircd/s_user.c:357]: (warning) Either the condition '0!=source_p' is redundant or there is possible null pointer dereference: source_p.
[extensions/ip_cloaking_3.0.c:109]: (warning, inconclusive) The buffer 'buf' may not be null-terminated after the call to strncpy().
[ircd/chmode.c:256]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_help.c:100]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_knock.c:169]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_stats.c:628]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_stats.c:727]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:601]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:704]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:739]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:763]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:768]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:774]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:781]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:786]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:791]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:804]: (style) Clarify calculation precedence for '&' and '?'.
[ircd/wsproc.c:372]: (style) Unused variable: len
[modules/core/m_modules.c:382]: (style) Unused variable: i
[modules/m_stats.c:741]: (style) Unused variable: amsg
[ircd/authproc.c:390]: (style) Unused variable: iter
[ircd/authproc.c:391]: (style) Unused variable: client_p
2016-10-28 20:13:36 +01:00
Simon Arlott
3608f31d39
authproc: don't allow authd to write too many parameters to parv array 2016-10-22 22:42:22 +01:00
Simon Arlott
3656fa83a9
msgbuf_parse: rb_string_to_array outputs to a MAXPARA+1 size array 2016-10-22 22:38:07 +01:00
Simon Arlott
01dd3da541
rb_string_to_array: document parv array size 2016-10-22 22:36:47 +01:00
Aaron Jones
42e6fbaa8c
OpenSSL: Adjust ciphersuite order and update documentation 2016-10-18 11:17:41 +00:00
Aaron Jones
98c4aaeaff
MbedTLS: Adjust ciphersuite order and update documentation 2016-10-18 11:16:38 +00:00
Aaron Jones
d7f66fc3bf
README: Fix location of channel 2016-10-15 12:57:26 +00:00
Aaron Jones
23f5c31719
SASL: Relax rate limiting for failures a little
Begin at 8 seconds after 2 failures and up to ~4 minutes
2016-10-02 14:13:02 +00:00
Aaron Jones
8e3d0668a4 Merge pull request #221 from Xenthys/release/4
Added kick immunity to umode +p (oper-override)
2016-10-02 10:02:02 +00:00
Aaron Jones
c4a51af37c Merge pull request #222 from Xenthys/release/4+sasl
SASL: rate-limit after the 2nd failed attempt (m_sasl.c)
2016-10-02 09:50:57 +00:00
Xenthys
46ef49c390
SASL: rate-limit after the 2nd failed attempt (m_sasl.c) 2016-10-02 03:57:11 +02:00
Xenthys
bd2c29f738
Added kick immunity to umode +p (oper-override) 2016-09-29 00:34:53 +02:00
Aaron Jones
c6d884e877
whois: check target is an oper before assuming they have a privset
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.

Related to ircd-seven commit d7b05f7583babf6
2016-09-20 13:47:55 +00:00
William Pitcock
b1c32af98e helpops: add duplication guards on helper/dehelper state changes 2016-09-18 17:11:32 -05:00
Aaron Jones
56fbe141a1
GNUTLS: Forward-port release/3.5 improvements
The changes made in this file are detailed in release/3.5 commits
4d89c83c32 through ecfdcb08e8 inclusive.

Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the gnutls.c between release/3.5 and release/4.
2016-09-17 17:53:01 +00:00
Aaron Jones
dd066596dc
MbedTLS: Forward-port release/3.5 improvements
The changes made in this file are detailed in release/3.5 commits
295c8f7d37 through 265dc4e53c inclusive.

Some slight alterations are necessary; librb instead of libratbox,
snprintf() instead of rb_snprintf(), etc. Also, release/4 has
offline certificate digesting functionality. For more insight,
simply diff the mbedtls.c between release/3.5 and release/4.
2016-09-17 17:19:31 +00:00