Commit graph

419 commits

Author SHA1 Message Date
Simon Arlott
4c7d1de8f3
librb: linebuf needs to use the buffer limit from msgbuf_unparse_prefix 2017-07-29 23:32:27 +01:00
Simon Arlott
5ce6360b72
ircd: send: these buffers can be static 2017-07-29 23:24:23 +01:00
Simon Arlott
05a16d98e1
tests: add msgbuf_parse tests 2017-07-29 22:46:08 +01:00
Simon Arlott
f3564f47f4
msgbuf: correctly split buffers into IRCv3 tags and RFC1459 message data 2017-07-29 22:46:07 +01:00
Simon Arlott
33ded5fc57
librb: remove unnecessary NULL from the end of rb_string_to_array output 2017-07-29 22:46:04 +01:00
Simon Arlott
86432f8f86
ircd: attach_conf: avoid clang static analysis warning
In the impossible scenario where ClassPtr(aconf) is NULL, reject the
client instead of dereferencing the NULL pointer.
2017-07-29 22:45:58 +01:00
Simon Arlott
07807ce8b0
ircd: send_to_channel_flags: avoid clang static analysis warning
Set current_capmask and then use it, instead of referencing target_p->localClient->caps again.

This makes the purpose of current_capmask a bit clearer.
2017-07-29 22:39:50 +01:00
Simon Arlott
d856535edd
ircd: sendto_one_notice: avoid clang static analysis warning
target_p->from can't be NULL, and if it is then get_id(..., target_p)
dereferences it later in the function anyway
2017-07-29 22:39:49 +01:00
Simon Arlott
0d6da1a9c1
ircd: sendto_one_numeric: avoid clang static analysis warning
target_p->from can't be NULL, and if it is then get_id(..., target_p)
dereferences it later in the function anyway
2017-07-29 22:28:53 +01:00
Simon Arlott
b9a6f1e5a1
ircd: get_or_create_channel: avoid clang static analysis warning
Use `len` after setting it.
2017-07-29 22:28:51 +01:00
Simon Arlott
0ded533dbc
ircd: sendto_one_prefix: avoid clang static analysis warning
target_p->from can't be NULL, and if it is then get_id(..., target_p)
dereferences it later in the function anyway
2017-07-29 22:28:49 +01:00
Simon Arlott
6c1e15a432
exit_remote_server: avoid clang static analysis warning
if IsServer(source_p) then the following must be all non-NULL:
 ->serv
 ->servptr
 ->servptr->serv

Remove unnecessary and inconsistent pointer checks.
2017-07-29 22:28:48 +01:00
Simon Arlott
ab5fc9c032
ircd: hostmask: avoid clang static analysis warning
arec->Mask.ipa.bits is unused if arec->masktype == HM_HOST
2017-07-29 22:27:23 +01:00
Simon Arlott
8467fd9caf
ircd: listener: Document check_reject() behaviour 2017-07-29 22:20:04 +01:00
Simon Arlott
a940f54623
sslproc: check number of arguments to zipstats command 2017-07-29 13:32:21 +01:00
Aaron Jones
ed9f6a6565
src/channel.c: don't use the bancache in is_banned()/is_quieted()
The bancache will be re-architected onto clients in future for easier
invalidation, but this is a good-enough temporary fix for issue #243

Fixes #243
2017-07-29 13:32:20 +01:00
Simon Arlott
e9f0d740e3
msgbuf: remove unused field parselen 2017-07-27 18:31:08 +01:00
Simon Arlott
fb81421fc7
ircd: substitution: fix NULL termination buffer overrun when the output is too large for the buffer 2017-07-27 18:31:07 +01:00
Simon Arlott
1dfb080874
ircd: substitution: fix overrun with unterminated '}' in format string
handle a variable following an unterminated variable better
2017-07-27 18:31:05 +01:00
Simon Arlott
169a1c3535
msgbuf: s_assert is not a substitute for proper code
(dns, m_alias, m_stats updated as msgbuf no longer includes s_assert.h)
2017-07-26 19:30:41 +01:00
Simon Arlott
d2b3a2a474
ircd: check_server: don't allow a connection if that would exceed the class limit 2017-07-23 17:38:11 +01:00
Simon Arlott
e3cea4d811
ircd: serv_connect: don't try to connect if that would exceed the class limit 2017-07-23 15:40:00 +01:00
Simon Arlott
89bb7d65fb
ircd: s_conf: fix use of strlcpy in strip_tabs
strlcpy should be called with the size of the destination buffer, not
the length of the source string.

When the source is an empty string, the destination buffer isn't
written at all, resulting in it trying to output uninitialised data.

This could also cause a buffer overflow on very long invalid config
lines.
2017-06-25 19:48:49 +01:00
Aaron Jones
41390bfe5f
When a remote MODRESTART command is received, it will pass through the
ENCAP module. The ms_encap function is responsible for dispatching the
command handler and then the modules will eventually be reloaded.

However, if the ENCAP module is reloaded to a different address, the
stack now contains the address of a function that no longer exists.

Also, in this version of the IRCd, the module restarting functionality
was located in a function that is itself located in a module, so things
will also go badly if that module is reloaded to a different address,
too.

Return immediately from the command handler and have the event loop
call the function responsible for reloading the modules instead.

c.f. release/3.5 commit db05a36210

Reported-by: mniip (Freenode)
2016-12-28 22:08:14 +00:00
Simon Arlott
57dd2c6a89
msgbuf: don't append a ';' unless there are existing tags
When both account-tag and server-time are present but the client
doesn't have the first (i == 0) of these enabled. They will get
an erroneous ';' after the '@'.

Track whether or not there are tags present, and use this to
determine whether to add the ';' or not. Also remove the extra
function that loops over all of the tags by using this flag to
handle the case where there are no tags being written.
2016-12-04 19:41:08 +00:00
Simon Arlott
6396c5da07
fix privmsg/notice send functions to use variable argument lists properly 2016-12-04 19:41:07 +00:00
Simon Arlott
e2d5ffd5dd
echo-message should work for privmsg/notice to another user
Build the same message but send it to the local client first,
so that the echo-message capability works. But don't do it when
sending a message to yourself.
2016-11-23 21:59:43 +00:00
Simon Arlott
2d8d5b058b
echo-message should work for clients that aren't in the target channel
Move the echo part to the end of the channel membership loop so that it
works even if the user isn't on the channel.
2016-11-23 21:14:44 +00:00
Simon Arlott
f41f79971c
server_estab: don't try to send to a dead client
If the zlib setup fails the client will be exited, so don't send
to it before checking this.
2016-11-20 21:41:18 +00:00
Simon Arlott
50b1e5987c
listener: use exit_client instead of free_client
As well as leaking a connid and leaving the connection open,
these calls to free_client() leave the client in the unknown_list
causing check_unknowns_list() to crash when either ptr->data
(ptr being the freed client_p->localClient->tnode) is NULL or
when client_p->localClient is NULL.

Flag the client as an IO error so that we don't try to send it
any data (as this is not a normal plaintext connection).
2016-11-20 21:09:07 +00:00
Simon Arlott
4ce7eaefd4
free cache emptyline rb_dlink_node, allocated automatically but never freed
==00:00:01:09.081 1762== 48 bytes in 2 blocks are definitely lost in loss record 545 of 991
==00:00:01:09.081 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.081 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.081 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.081 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.081 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.081 1762==    by 0x4E52AC3: init_cache (cache.c:67)
==00:00:01:09.081 1762==    by 0x4E69530: charybdis_main (ircd.c:762)
==00:00:01:09.081 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 2,808 bytes in 117 blocks are definitely lost in loss record 960 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E5337A: load_help (cache.c:301)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)

==00:00:01:09.100 1762== 5,328 (5,304 direct, 24 indirect) bytes in 221 blocks are definitely lost in loss record 971 of 991
==00:00:01:09.100 1762==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==00:00:01:09.100 1762==    by 0x56C14A2: rb_malloc (rb_memory.h:41)
==00:00:01:09.100 1762==    by 0x56C177C: rb_bh_alloc (balloc.c:189)
==00:00:01:09.100 1762==    by 0x56CA0A9: rb_make_rb_dlink_node (tools.c:65)
==00:00:01:09.100 1762==    by 0x4E52D85: cache_file (cache.c:146)
==00:00:01:09.100 1762==    by 0x4E53278: load_help (cache.c:266)
==00:00:01:09.100 1762==    by 0x4E698AA: charybdis_main (ircd.c:848)
==00:00:01:09.100 1762==    by 0x400815: main (main.c:8)
2016-10-30 12:05:45 +00:00
Simon Arlott
1c4f9748d7
free server_p->certfp, allocated in newconf.c
==01:17:20:36.920 5966== 429 bytes in 3 blocks are possibly lost in loss record 899 of 1,020
==01:17:20:36.920 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.920 5966==    by 0x4E73867: rb_strdup (rb_memory.h:70)
==01:17:20:36.920 5966==    by 0x4E7674C: conf_set_connect_fingerprint (newconf.c:1421)
==01:17:20:36.920 5966==    by 0x4E78D55: conf_call_set (newconf.c:2562)
==01:17:20:36.920 5966==    by 0x4E6A33D: yyparse (ircd_parser.y:215)
==01:17:20:36.920 5966==    by 0x4E7FFC7: read_conf (s_conf.c:834)
==01:17:20:36.920 5966==    by 0x4E81718: read_conf_files (s_conf.c:1419)
==01:17:20:36.920 5966==    by 0x4E69567: charybdis_main (ircd.c:775)
==01:17:20:36.920 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:45:56 +00:00
Simon Arlott
c8641a273f
free localClient->cipher_string, allocated in sslproc.c
==01:17:20:36.919 5966== 280 bytes in 8 blocks are definitely lost in loss record 876 of 1,020
==01:17:20:36.919 5966==    at 0x4C2DB8F: malloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.919 5966==    by 0x4E93F4F: rb_strdup (rb_memory.h:70)
==01:17:20:36.919 5966==    by 0x4E95280: ssl_process_cipher_string (sslproc.c:476)
==01:17:20:36.919 5966==    by 0x4E95540: ssl_process_cmd_recv (sslproc.c:561)
==01:17:20:36.919 5966==    by 0x4E9582A: ssl_read_ctl (sslproc.c:632)
==01:17:20:36.919 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.919 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
==01:17:20:36.919 5966==    by 0x56C7FD6: rb_lib_loop (rb_lib.c:228)
==01:17:20:36.919 5966==    by 0x4E69987: charybdis_main (ircd.c:872)
==01:17:20:36.919 5966==    by 0x400815: main (main.c:8)
2016-10-30 11:21:45 +00:00
Simon Arlott
76f3591a2d
free localClient->zipstats, allocated in sslproc.c
==01:17:20:36.906 5966== 48 bytes in 1 blocks are definitely lost in loss record 544 of 1,020
==01:17:20:36.906 5966==    at 0x4C2FB55: calloc (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==01:17:20:36.906 5966==    by 0x4E93F0C: rb_malloc (rb_memory.h:41)
==01:17:20:36.906 5966==    by 0x4E961E8: start_zlib_session (sslproc.c:901)
==01:17:20:36.906 5966==    by 0x4E86FAC: server_estab (s_serv.c:877)
==01:17:20:36.906 5966==    by 0x13B2921A: mr_server (m_server.c:304)
==01:17:20:36.906 5966==    by 0x4E7AF03: handle_command (parse.c:241)
==01:17:20:36.906 5966==    by 0x4E7A96A: parse (parse.c:157)
==01:17:20:36.906 5966==    by 0x4E7A3DC: client_dopacket (packet.c:354)
==01:17:20:36.906 5966==    by 0x4E798D6: parse_client_queued (packet.c:98)
==01:17:20:36.906 5966==    by 0x4E79FAC: read_packet (packet.c:282)
==01:17:20:36.906 5966==    by 0x56CBAB6: rb_select_epoll (epoll.c:199)
==01:17:20:36.906 5966==    by 0x56C4EB5: rb_select (commio.c:2085)
2016-10-30 11:20:31 +00:00
Simon Arlott
d8f0b5d763
cppcheck: fix various warnings/errors
[ircd/match.c:316]: (error) Shifting a negative value is undefined behaviour
[librb/src/patricia.c:55]: (error) Shifting a negative value is undefined behaviour
[modules/m_alias.c:64]: (portability) '(void*)message' is of type 'void *'. When using void pointers in calculations, the behaviour is undefined.
[modules/m_time.c:111]: (warning) %u in format string (no. 9) requires 'unsigned int' but the argument type is 'signed int'.
[modules/m_time.c:111]: (warning) %u in format string (no. 10) requires 'unsigned int' but the argument type is 'signed int'.
[librb/src/dictionary.c:819]: (warning) %d in format string (no. 3) requires 'int' but the argument type is 'unsigned int'.
[librb/src/radixtree.c:1080]: (warning) %d in format string (no. 3) requires 'int' but the argument type is 'unsigned int'.
[ircd/s_user.c:351] -> [ircd/s_user.c:357]: (warning) Either the condition '0!=source_p' is redundant or there is possible null pointer dereference: source_p.
[extensions/ip_cloaking_3.0.c:109]: (warning, inconclusive) The buffer 'buf' may not be null-terminated after the call to strncpy().
[ircd/chmode.c:256]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_help.c:100]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_knock.c:169]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_stats.c:628]: (style) Clarify calculation precedence for '&' and '?'.
[modules/m_stats.c:727]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:601]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:704]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:739]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:763]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:768]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:774]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:781]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:786]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:791]: (style) Clarify calculation precedence for '&' and '?'.
[librb/src/radixtree.c:804]: (style) Clarify calculation precedence for '&' and '?'.
[ircd/wsproc.c:372]: (style) Unused variable: len
[modules/core/m_modules.c:382]: (style) Unused variable: i
[modules/m_stats.c:741]: (style) Unused variable: amsg
[ircd/authproc.c:390]: (style) Unused variable: iter
[ircd/authproc.c:391]: (style) Unused variable: client_p
2016-10-28 20:13:36 +01:00
Simon Arlott
3608f31d39
authproc: don't allow authd to write too many parameters to parv array 2016-10-22 22:42:22 +01:00
Simon Arlott
3656fa83a9
msgbuf_parse: rb_string_to_array outputs to a MAXPARA+1 size array 2016-10-22 22:38:07 +01:00
William Pitcock
087555a00f ircd: introduce 'no-export' links
Links that are 'no-export' are not distributed to the rest of the IRC network (including local peers).
This provides a core primitive for 'anycasting' services (but the actual issue of synchronizing data in
a services package is left to the authors of the services package).
2016-09-16 17:18:55 -05:00
William Pitcock
6e86cdd6d6 supported: fix up CHANTYPES 2016-09-16 14:00:00 -05:00
William Pitcock
01978a2c8c supported: add chantypes_update() 2016-09-16 13:49:02 -05:00
William Pitcock
f3b84221d0 match: allow the CharAttrs table to be modified at runtime 2016-09-16 13:09:44 -05:00
Aaron Jones
6d16f66be6
msgbuf: Fix remote crash vulnerability due to malformed message tag.
Fixes #218

Reported-by: ManiacTwister <github@s7t.de>
2016-09-11 10:35:13 +00:00
Simon Arlott
86e1de17f3
ircd: serv_connect: initialise sa_connect/sa_bind to AF_UNSPEC
These are read to check if they're AF_UNSPEC (unset) but they aren't
initialised.
2016-09-03 14:52:48 +01:00
Aaron Jones
0942c1fc26
Print initialisation notice before forking 2016-08-24 16:44:04 +00:00
Jason Volk
c1fc044c35
ircd: Fix umode orphan scheme.
Cherry-picked from jevolk/charybdis f5e7f335
Reformatted slightly.
2016-08-24 16:12:05 +00:00
Aaron Jones
f4e9d91580
startup: fork before initialising the event subsystem
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).

Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.

So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
2016-08-21 22:29:16 +00:00
Aaron Jones
0c23c0b1c5
Attempt to open /dev/null before forking incase it would fail 2016-08-21 00:32:34 +00:00
Aaron Jones
0c433865d3
Attempt #2 at fixing the file descriptor mess.
This commit defers daemonisation to the end of initialisation
as that makes it vastly simpler to get this right.
2016-08-21 00:15:17 +00:00
Aaron Jones
ef24ede3e2
Revert "ircd startup: avoid black magic with file descriptors"
This reverts commit 27c0f6d8f4.

A more extensive investigation and refactoring of the code is
necessary.
2016-08-20 22:22:37 +00:00
Aaron Jones
27c0f6d8f4
ircd startup: avoid black magic with file descriptors
This *should* fix a reported but as yet unreproducable
ircd abort on restart.
2016-08-20 21:14:53 +00:00