Commit graph

2341 commits

Author SHA1 Message Date
Aaron Jones
b012874243 Merge pull request #238 from anarcat/gnutls-cert-count
properly call gnutls_x509_crt_list_import
2017-02-28 22:44:35 +00:00
Antoine Beaupré
9f21f1b353
properly call gnutls_x509_crt_list_import
the [manpage][] says:

>  unsigned int * cert_max
>      Initially must hold the maximum number of certs. It will be updated
>      with the number of certs available.

ratbox doesn't actually initialize that variable, so gnutls naturally
fails. i would also recommend considering dynamically allocating the
cert list to deal with that error in other ways than failing to
configured SSL completely in GnuTLS. the apache gnutls module has a
similar problem and came up with a [patch][] to do exactly this which
you may want to consider.

but since our cert chain is only (!) 5 certs long, our itched is
scratch by this particular patch.

[manpage]: https://manpages.debian.org/jessie/gnutls-doc/gnutls_x509_crt_list_import.3.en.html
[patch]: https://bugs.debian.org/cgi-bin/bugreport.cgi?bug=511573#35
2017-02-28 17:36:56 -05:00
Aaron Jones
9bd8c1c0dc
Charybdis 3.5.4 2017-02-28 21:28:20 +00:00
Simon Arlott
b04acc54ac
CREDITS: fix my nickname and update my email address 2017-01-06 21:51:05 +00:00
Aaron Jones
5633e89376
MbedTLS: Disable TLSv1.0 2016-12-30 18:00:45 +00:00
Aaron Jones
e140ba71d6
OpenSSL: Disable TLSv1.0 2016-12-30 18:00:43 +00:00
Aaron Jones
6bcfd29624
GNUTLS: Provide a default priority string, disable TLSv1.0 in it
The user can still override this choice with the ssl_cipher_list option
in ircd.conf -- this is the only backend that will allow you to do so.
2016-12-30 18:00:41 +00:00
Keith Buck
4574e77f43 extensions/extb_channel: Allow matching secret channels.
This change modifies extb_channel to allow matching users in secret
channels, which prevents trivial ban evasion by setting the target
channel +s. Information leak due to this change is unlikely since the
attacker would have to know that the target channel exists, the name of
the channel (or guess it), have a specific user they wanted to know
whether was in the channel (and not know already), and the target user
would need to have something like autojoin-on-invite enabled (or any of
the other various ways hostname cloaking is attacked).
2016-12-29 05:44:18 +00:00
Aaron Jones
db05a36210
MODRESTART: Defer restart to the event loop
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.

However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.

Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.

Reported-by: mniip (Freenode)
2016-12-28 20:15:39 +00:00
Aaron Jones
9cdd7270f9
mkpasswd: avoid strdup(NULL) and the like if rb_crypt() fails 2016-12-20 03:54:08 +00:00
Keith Buck
a91a4515c9 mr_server: Handle certificate validation errors.
When certificate validation fails, the certificate fingerprint won't be
calculated, resulting in an attempt to format NULL into a log line
showing the fingerprint. Instead, add a different error message for
missing fingerprint (i.e. validation failed).
2016-12-09 10:01:22 +00:00
Keith Buck
5fd7e2bb8c m_rehash: Require admin privileges for REHASH SSLD.
This change enforces admin privileges for the REHASH SSLD command, as
originally intended.
2016-12-04 22:03:34 +00:00
Simon Arlott
598a7d3b7e mr_server: Report certificate fingerprint mismatches
Log the received certificate fingerprint when it causes a server to be
rejected.
2016-12-04 21:49:59 +00:00
Simon Arlott
8d0153ff55 mr_server: Handle unknown error codes
As mr_server is a module, it could potentially receive an unknown
error code from check_server().
2016-12-04 21:45:16 +00:00
Simon Arlott
0264fe161f sslproc: don't send updated config to dead/shutdown sslds
They might be running older versions of the SSL library that
doesn't support the key type or ciphers being configured.
2016-12-04 21:40:08 +00:00
Simon Arlott
9c98c1f866 ircd: add missing sslproc function ssld_foreach_info()
Iterate through the ssl daemons and report their status.
2016-12-04 21:25:41 +00:00
Simon Arlott
d4b074a771 ircd: support restarting ssld processes
Add REHASH SSLD (admins only) that starts new sslds and marks the
existing ones as inactive until all their clients disconnect.

Very useful whenever the SSL library has a vulnerability because
new connections can use a new version of the library without
disconnecting existing clients/servers.

Add STATS S (admins only) to list ssld processes, status, and client
count.
2016-12-04 21:24:56 +00:00
Aaron Jones
e386d7f362
reference.conf: missed a line
(see previous commit) [ci skip]
2016-12-01 05:15:30 +00:00
Aaron Jones
2815967598
reference.conf: simplify SPKI fingerprint generation commands
[ci skip]
2016-12-01 05:08:15 +00:00
Aaron Jones
256e6fd251
reference.conf: Use proper IPv6 RFC Documentation Range Subnet
[ci skip]
2016-11-27 20:50:20 +00:00
Simon Arlott
65b9b1d06d
server_estab: don't try to send to a dead client
If the zlib setup fails the client will be exited, so don't send
to it before checking this.
2016-11-20 21:43:58 +00:00
Simon Arlott
aaf6039eea
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:43:44 +00:00
Aaron Jones
785df805d7
reference.conf: bump the recommended digest algorithm from SHA-1 to SHA2-256
ircd.conf.example still has SHA-1 for the people who want to quickly deploy
by renaming that file and adjusting as appropriate.
2016-11-15 12:34:49 +00:00
Aaron Jones
2afd965b21
TLS: Partially backport the SubjectPublicKeyInfo digesting functionality
This backports the code responsible for SPKI digests from release/4.

It also adjusts doc/reference.conf to note that SPKI digests are now
supported, and how to generate them. It does NOT backport the mkfingerprint
program -- the instructions in reference.conf are sufficient. I am ofcourse
open to anyone else backporting the program, but I don't see the need.
2016-11-15 12:30:09 +00:00
Aaron Jones
0a9598655c
TLS backends: Move some library-dependent functions to the proper location
The comment incorrectly stated these were library-agnostic; infact, they
use library-dependent data types or macro names.
2016-11-15 12:11:12 +00:00
Simon Arlott
95bdc091b2
free cache emptyline rb_dlink_node, allocated automatically but never freed
==00:00:01:09.081 1762== 48 bytes in 2 blocks are definitely lost in loss record 545 of 991
==00:00:01:09.081 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.081 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.081 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.081 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.081 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.081 1762==    by 0x4E52AC3: init_cache (cache.c:67)
==00:00:01:09.081 1762==    by 0x4E69530: charybdis_main (ircd.c:762)
==00:00:01:09.081 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 2,808 bytes in 117 blocks are definitely lost in loss record 960 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E5337A: load_help (cache.c:301)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 5,328 (5,304 direct, 24 indirect) bytes in 221 blocks are definitely lost in loss record 971 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E53278: load_help (cache.c:266)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)
2016-10-30 12:08:13 +00:00
Simon Arlott
ccd9e858f3
free server_p->certfp, allocated in newconf.c
==01:17:20:36.920 5966== 429 bytes in 3 blocks are possibly lost in loss record 899 of 1,020
==01:17:20:36.920 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.920 5966==    by 0x4E73867: rb_strdup (rb_memory.h:70)
==01:17:20:36.920 5966==    by 0x4E7674C: conf_set_connect_fingerprint (newconf.c:1421)
==01:17:20:36.920 5966==    by 0x4E78D55: conf_call_set (newconf.c:2562)
==01:17:20:36.920 5966==    by 0x4E6A33D: yyparse (ircd_parser.y:215)
==01:17:20:36.920 5966==    by 0x4E7FFC7: read_conf (s_conf.c:834)
==01:17:20:36.920 5966==    by 0x4E81718: read_conf_files (s_conf.c:1419)
==01:17:20:36.920 5966==    by 0x4E69567: charybdis_main (ircd.c:775)
==01:17:20:36.920 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:48:23 +00:00
Simon Arlott
2b439b88fc
free localClient->cipher_string, allocated in sslproc.c
==01:17:20:36.919 5966== 280 bytes in 8 blocks are definitely lost in loss record 876 of 1,020
==01:17:20:36.919 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.919 5966==    by 0x4E93F4F: rb_strdup (rb_memory.h:70)
==01:17:20:36.919 5966==    by 0x4E95280: ssl_process_cipher_string (sslproc.c:476)
==01:17:20:36.919 5966==    by 0x4E95540: ssl_process_cmd_recv (sslproc.c:561)
==01:17:20:36.919 5966==    by 0x4E9582A: ssl_read_ctl (sslproc.c:632)
==01:17:20:36.919 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.919 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
==01:17:20:36.919 5966==    by 0x56C7FD6: rb_lib_loop (rb_lib.c:228)
==01:17:20:36.919 5966==    by 0x4E69987: charybdis_main (ircd.c:872)
==01:17:20:36.919 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:29:15 +00:00
Simon Arlott
6f3d3cb6f5
free localClient->zipstats, allocated in sslproc.c
==01:17:20:36.906 5966== 48 bytes in 1 blocks are definitely lost in loss record 544 of 1,020
==01:17:20:36.906 5966==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.906 5966==    by 0x4E93F0C: rb_malloc (rb_memory.h:41)
==01:17:20:36.906 5966==    by 0x4E961E8: start_zlib_session (sslproc.c:901)
==01:17:20:36.906 5966==    by 0x4E86FAC: server_estab (s_serv.c:877)
==01:17:20:36.906 5966==    by 0x13B2921A: mr_server (m_server.c:304)
==01:17:20:36.906 5966==    by 0x4E7AF03: handle_command (parse.c:241)
==01:17:20:36.906 5966==    by 0x4E7A96A: parse (parse.c:157)
==01:17:20:36.906 5966==    by 0x4E7A3DC: client_dopacket (packet.c:354)
==01:17:20:36.906 5966==    by 0x4E798D6: parse_client_queued (packet.c:98)
==01:17:20:36.906 5966==    by 0x4E79FAC: read_packet (packet.c:282)
==01:17:20:36.906 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.906 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
2016-10-30 11:26:37 +00:00
Aaron Jones
0508eea2ed
OpenSSL: Adjust ciphersuite order and update documentation 2016-10-18 11:14:47 +00:00
Aaron Jones
a3868e7141
MbedTLS: Adjust ciphersuite order and update documentation 2016-10-18 10:56:04 +00:00
Aaron Jones
866026ab70
whois: check target is an oper before assuming they have a privset
The CHALLENGE functionality will set opername but not privset --
if an oper performs a WHOIS on someone currently half-way through
a challenge we will perform a NULL dereference.

Related to ircd-seven commit d7b05f7583babf6
2016-09-20 13:46:40 +00:00
William Pitcock
5de892828f Merge pull request #220 from charybdis-ircd/gnutls220
Improvements to the GNUTLS backend
2016-09-16 22:50:27 -07:00
Aaron Jones
ecfdcb08e8
GNUTLS: Reorder all functions to match the other backends
No code was changed in this commit; just entire lines moved up or down.
Ofcourse, most git diff tools won't see it that way.

The diff between the MbedTLS backend and this one is now fairly
minimal.

Note to auditors importing this series of patches for review and
integration: This means you can skip this patch if you don't trust me.
2016-09-17 00:56:54 +00:00
Aaron Jones
fe9fba46cf
GNUTLS: Add some more misc checks to the start of functions 2016-09-17 00:56:54 +00:00
Aaron Jones
70bb2e24e0
GNUTLS: Cosmetic preprocessor cleanliness 2016-09-17 00:56:54 +00:00
Aaron Jones
1a75461594
GNUTLS: Minor fix to rb_ssl_accept_common()/rb_ssl_connect_common()
Properly check whether the library was interrupted by the kernel
before assuming that a nonzero errno was caused by the kernel.

Otherwise, a memory allocation failure in the library for example
would incorrectly be interpreted as a syscall error instead of a
library error.
2016-09-17 00:56:54 +00:00
Aaron Jones
0071c423d5
GNUTLS: Improve rb_ssl_read_or_write()
* Set errno to 0 before attempting any read/write operations as it may
  affect our tests otherwise.

* Properly check whether the gnutls_record_recv()/gnutls_record_send()
  call failed and distinguish between kernel and library errors.
2016-09-17 00:56:54 +00:00
Aaron Jones
d4e71871c0
GNUTLS: rb_ssl_read_or_write(): Use macro to refer to session context 2016-09-17 00:56:54 +00:00
Aaron Jones
939d7ec7fe
GNUTLS: Apply whole-file const correctness 2016-09-17 00:56:54 +00:00
Aaron Jones
9c7dda22e8
GNUTLS: Improve rb_ssl_get_cipher()
* Add debugging assertions.

* Reduce the buffer size in line with the other backends.

* Ask for the cipher name directly instead of constructing it ourselves
  from the key exchange / authentication algorithm, symmetric encryption
  algorithm, and message authentication code algorithm.
2016-09-17 00:56:54 +00:00
Aaron Jones
dd59642de1
GNUTLS: Improve rb_get_ssl_info()
Explicitly ignore the snprintf return value and properly indent
the following line.

Also add a 'v' before the version strings so it reads as e.g.:
  library (v3.3.8), compiled (v3.3.8)
2016-09-17 00:56:54 +00:00
Aaron Jones
67d31a2755
GNUTLS: Improve rb_get_ssl_certfp()
* Give function parameters const correctness.

* Use similar variable names as the other backends -- this will reduce
  the diff between them.

* Check for more kinds of errors in retrieving the peer's certificate.

* Log failure to generate fingerprints, like the MbedTLS backend does.
2016-09-17 00:56:54 +00:00
Aaron Jones
9986455edc
GNUTLS: Log PRNG initialisation 2016-09-17 00:56:53 +00:00
Aaron Jones
2b5bf0bada
GNUTLS: Improve rb_connect_tcp_ssl() and rb_ssl_start_connected()
Use the variable name instead of its type as an argument to a sizeof
allocation. This will prevent possible future errors being introduced
when the type of the variable is changed, but the sizeof argument is
not updated.
2016-09-17 00:56:53 +00:00
Aaron Jones
f4726edf7a
GNUTLS: Fix up rb_ssl_listen()
Declare and assign variables at the same time; give function
parameters const correctness.
2016-09-17 00:56:53 +00:00
Aaron Jones
4369f1fa55
GNUTLS: Improve rb_ssl_connect_common()
This is the same as the previous commit for rb_ssl_accept_common().
2016-09-17 00:56:53 +00:00
Aaron Jones
8ebebff4b4
GNUTLS: Improve rb_ssl_accept_common()
* Add more debugging assertions

* Cancel timeouts and callbacks when handshake succeeds or hard fails

* Differentiate between kernel and library errors

* Increase F->handshake_count on handshake success

  I'm still not exactly sure what this is even used for. It may be
  removed from all backends at a later time if I find it's not being
  used for anything important, as right now it can only have the values
  0 or 1.
2016-09-17 00:56:53 +00:00
Aaron Jones
8099d352c9
GNUTLS: Store error codes properly
This is similar to commit db12df5c16 for
the MbedTLS backend.

The difference is, GNUTLS will not accept positive values as input to
gnutls_strerror(), so we invert the sign bit after retrieving the value
too, not just when storing it.

Also add a forgotten ssl_errno assignment to rb_ssl_connect_common().
2016-09-17 00:56:53 +00:00
Aaron Jones
c6600fe290
GNUTLS: Add rb_ssl_strerror() function in line with other backends 2016-09-17 00:56:53 +00:00