Jilles Tjoelker
e8cfec47c6
ircd_parser: Fix whitespace errors.
2014-02-28 15:51:52 +01:00
Jilles Tjoelker
299e25a630
SIGNON: Do not send uninitialized data if login name starts with '*'.
2014-02-28 15:48:07 +01:00
Jilles Tjoelker
6993ae2760
libratbox: Abort if the restart callback returns.
2014-02-28 00:53:13 +01:00
Jilles Tjoelker
f76ca17848
stats c: Simplify construction of flags string.
...
Perhaps this avoids false positives in static analysis.
2014-02-24 00:10:42 +01:00
Jilles Tjoelker
3cbcc11195
commio: Add error string for SSL trouble.
2014-02-24 00:06:19 +01:00
Jilles Tjoelker
a1f7ec5be0
server: Use rb_strlcpy() instead of strcpy().
...
An overflow should be impossible here, but be paranoid.
2014-02-24 00:04:11 +01:00
Jilles Tjoelker
26c6ac3dc7
Simplify module path list, removing strcpy use.
2014-02-23 23:47:27 +01:00
Jilles Tjoelker
b84e58f905
Fix use after free.
2014-02-23 23:46:57 +01:00
Jilles Tjoelker
12edf3e3d2
conf: Remove dead store.
2014-02-23 23:04:52 +01:00
Jilles Tjoelker
77910830e3
Fix various printf arg types.
2014-02-23 23:01:59 +01:00
Jilles Tjoelker
29c451d0ce
part: Fix constness issue with part hook.
2014-02-23 23:01:59 +01:00
Jilles Tjoelker
a9f1281448
modlist: Fix address display on 64-bit systems.
2014-02-23 22:55:40 +01:00
Jilles Tjoelker
1e170010e7
modules: Fix bad sizeofs.
2014-02-23 22:39:42 +01:00
Jilles Tjoelker
5ef68b1398
Replace double semicolons with single; place null statement on its own line.
...
No functional change is intended.
2014-02-23 22:23:34 +01:00
Jilles Tjoelker
43f45e81fb
conf: Do not leak memory when modules::module is already loaded.
2014-02-23 22:20:43 +01:00
Jilles Tjoelker
f9960c0262
extensions/mkpasswd: Do not leak /dev/random fd.
2014-02-23 22:18:44 +01:00
Jilles Tjoelker
899b05d387
balloc: Fix memory leak when get_block() fails.
2014-02-23 22:14:47 +01:00
Jilles Tjoelker
e3a3eb92a4
bantool: Close .conf files when done reading.
...
Not very many files are read, so leaving them open is not a major issue.
2014-02-23 22:10:34 +01:00
Jilles Tjoelker
a6b29d3ed4
extensions/roleplay: Fix memory leak on every use.
2014-02-23 22:01:04 +01:00
Jilles Tjoelker
b45b2daef9
startup: Check return value of open /dev/null. Don't fclose stdin/stdout/stderr.
...
Open /dev/null for standard fds earlier, so a failure can be reported.
Do not fclose stdin/stdout/stderr but just overwrite the fds with
/dev/null.
2014-02-23 21:51:19 +01:00
Jilles Tjoelker
0391874cc7
webirc: Check validity of given IP.
2014-02-23 21:14:09 +01:00
Jilles Tjoelker
a5de4edefd
doc/ts6-protocol: Document ETB message (EOPMOD capab).
2014-02-22 17:45:42 +01:00
Jilles Tjoelker
8a4b837775
m_services: Make sure to return a value from the modinit function.
2014-02-22 17:45:42 +01:00
Keith Buck
784ce5c1cc
Remove SSL_OP_NO_COMPRESSION from openssl initialization.
...
SSL_OP_NO_COMPRESSION was presumably added in an attempt to prevent
information leakage in a manner similar to recent attacks on HTTPS.
However, assuming that IRC is vulnerable to the same class of attacks is
incorrect: the behavior of the IRC protocol (a single long-running
connection) is not the same as that of HTTPS (multiple ephemeral
connections). HTTPS's use of ephemeral connections means that certain
assumptions can be made about the contents of the compression
algorithm's dictionaries and the content exchanged between the client
and server (e.g. the content being nearly the same for each connection),
which is not true for IRC. Additionally, they rely on the attacker being
able to coerce the client into creating many HTTPS connections (and
resending some secret token belonging to the user, along with
attacker-controlled data) each time, none of which is possible with IRC.
Lastly, since compression is no longer performed, this option will
result in leaking the lengths of messages transmitted to and from the
client. This option does reduce CPU utilization on Charybdis servers but
also increases bandwidth consumed.
2014-02-21 09:17:29 +00:00
Jilles Tjoelker
fab79c5d25
libratbox: Fix undefined behaviour advancing pointer beyond end of array.
...
The C standard does not allow constructing pointers beyond one past the end
of an array. Therefore, if size is an unsigned type (size_t), then
buf + size is never less than buf.
Clang on 32-bit took advantage of the undefined behaviour, causing
segfaults.
Lightly tested.
2014-02-16 16:06:01 +01:00
William Pitcock
7f2508c135
Merge pull request #46 from grawity/sasl-mechlist
...
sasl: send RPL_SASLMECHS
2014-02-08 13:02:16 -06:00
William Pitcock
85e9bf4151
ssld: force the control buffer to be unsigned bytes except in special circumstances
...
This has the side effect of fixing GnuTLS.
2014-02-08 18:40:35 +00:00
William Pitcock
bf4e01a427
libratbox: regenerate autotools files
2014-02-08 18:35:24 +00:00
William Pitcock
7aa40f6d2c
libratbox/gnutls: add gnutls v3 api compatibility without breaking v2
2014-02-08 18:34:49 +00:00
Rylee Elise Fowler
1870e06ad3
autotools: fix typo relating to ban db
2014-01-31 11:03:54 -05:00
Jilles Tjoelker
071e376d9e
Remove an unused variable.
2014-01-17 00:23:09 +01:00
Jilles Tjoelker
0c2ea0c3ce
Avoid wrong detection of redundant/duplicate auth blocks with auth_user.
...
If there was more than one user= per auth block, the check for redundant
or duplicate auth blocks did not take auth_user into account.
2014-01-17 00:22:47 +01:00
Jilles Tjoelker
362ef2d9ee
openssl: Improve security using options recommanded by Argure.
...
Note that these are not available in old versions of OpenSSL (like FreeBSD
9.x base OpenSSL), so allow them to be missing.
A side effect may be slightly higher CPU consumption and network traffic.
2014-01-15 22:25:26 +01:00
Jilles Tjoelker
9799bea4a1
openssl: Use cipher list suggested by Argure.
2014-01-15 22:13:47 +01:00
Jilles Tjoelker
cee842a829
openssl: Fix compiler warning.
2014-01-15 22:09:57 +01:00
Jilles Tjoelker
fabc3174fe
openssl: Set some sort of session id context.
...
Without a session id context and if client certificates are used, OpenSSL
fails the handshake if an attempt is made to reuse an old session. Various
clients could not reconnect after a disconnection because of this.
See https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for a bug
report.
2014-01-15 22:04:12 +01:00
Mantas Mikulėnas
9337f5ce45
doc/ts6-protocol: Correct the mode letter for termination
2014-01-12 21:17:52 +02:00
Keith Buck
c8729b08fb
bandb: Don't attempt to write to a NULL helper.
2014-01-12 01:38:48 +00:00
Mantas Mikulėnas
dbd8ca2bf6
sasl: send RPL_SASLMECHS
2014-01-12 00:29:32 +02:00
William Pitcock
f70fb6379a
Merge pull request #42 from Argure/genssl
...
Use sha-512 rather than deprecated sha-1; generate a csr
2013-12-27 05:13:08 -08:00
Keith Buck
a150c5935b
Merge pull request #45 from somasonic/master
...
Fix grammatical error in extensions/chm_sslonly.c
2013-12-21 18:55:32 -08:00
Andrew
46b55df60b
Fix grammatical error
2013-12-12 04:08:12 +00:00
William Pitcock
b6e799f5df
libratbox/openssl: check that ECDHE is really available on redhat derivatives ( closes #43 )
2013-11-30 19:55:01 +00:00
Keith Buck
566df88ff7
INSTALL: Fix documentation for assert configure options.
2013-11-27 09:23:29 +00:00
Jilles Tjoelker
88c478c2d2
Merge branch 'fix-sha256-crypt' of https://github.com/grawity/charybdis
2013-11-22 23:48:38 +01:00
Jilles Tjoelker
1de147abc5
help: Fix some required oper privileges.
2013-11-22 23:41:15 +01:00
Jilles Tjoelker
73c42a6766
help: Remove mention of remote commands that do not actually work.
2013-11-22 23:37:14 +01:00
Patrick Godschalk
3c55c3a355
Just use 4k RSA certificates while at it
2013-11-19 00:59:08 +01:00
Patrick Godschalk
b858bc54f9
Use sha-512 rather than deprecated sha-1; generate a csr
2013-11-19 00:49:01 +01:00
William Pitcock
faae23e6af
Merge pull request #41 from lyska/master
...
helpfiles: fix spelling, grammar remove old information
2013-11-15 04:26:39 -08:00