]>
jfr.im git - solanum.git/log
Aaron Jones [Sat, 3 Sep 2016 17:29:53 +0000 (17:29 +0000)]
SASL: Disallow beginning : and space anywhere in AUTHENTICATE parameter
This is a FIX FOR A SECURITY VULNERABILITY. All Charybdis users must
apply this fix if you support SASL on your servers, or unload m_sasl.so
in the meantime.
Simon Arlott [Sat, 3 Sep 2016 13:50:59 +0000 (14:50 +0100)]
ircd: serv_connect: initialise sa_connect/sa_bind to AF_UNSPEC
These are read to check if they're AF_UNSPEC (unset) but they aren't
initialised.
Simon Arlott [Sat, 3 Sep 2016 13:36:17 +0000 (14:36 +0100)]
librb: set sockaddr port to 0 in success path
Instead of only in the failure path, which causes
all sorts of annoying server connection failures
when we try to repeatedly reuse the same port.
Aaron Jones [Thu, 1 Sep 2016 19:29:47 +0000 (19:29 +0000)]
OpenSSL: Initialise if LibreSSL
LibreSSL's definition of OPENSSL_VERSION_NUMBER bites us in the ass,
*again*.
Aaron Jones [Tue, 30 Aug 2016 10:30:17 +0000 (10:30 +0000)]
OpenSSL: Initialise one context at a time
If initialising the server context fails, but the client one succeeds,
we will not only leak memory, but the error message reported for
initialising the server context might not make sense, because we
initialise the client context after and that could erase or change the
list of queued errors.
This scenario is considered rare. Nevertheless, we now initialise the
client context after *successfully* initialising the server context.
Aaron Jones [Wed, 24 Aug 2016 16:44:04 +0000 (16:44 +0000)]
Print initialisation notice before forking
Jason Volk [Wed, 24 Aug 2016 13:14:47 +0000 (06:14 -0700)]
ircd: Fix umode orphan scheme.
Cherry-picked from jevolk/charybdis
f5e7f335
Reformatted slightly.
Aaron Jones [Sun, 21 Aug 2016 22:29:16 +0000 (22:29 +0000)]
startup: fork before initialising the event subsystem
On FreeBSD 4.8, fork(2) doesn't actually behave like fork(2).
Namely, kqueue(2) descriptors are not inherited by the child.
IOW, we can't fork(2) after we get the kqueue(2) descriptor.
So we'll just have to rely on people to actually read the
server log file if they want to understand why their server
is dying during startup.
Aaron Jones [Sun, 21 Aug 2016 00:32:34 +0000 (00:32 +0000)]
Attempt to open /dev/null before forking incase it would fail
Aaron Jones [Sun, 21 Aug 2016 00:15:17 +0000 (00:15 +0000)]
Attempt #2 at fixing the file descriptor mess.
This commit defers daemonisation to the end of initialisation
as that makes it vastly simpler to get this right.
Aaron Jones [Sat, 20 Aug 2016 22:22:37 +0000 (22:22 +0000)]
Revert "ircd startup: avoid black magic with file descriptors"
This reverts commit
27c0f6d8f406658655cc45a0a7f2d0a0f120244b .
A more extensive investigation and refactoring of the code is
necessary.
Aaron Jones [Sat, 20 Aug 2016 21:14:53 +0000 (21:14 +0000)]
ircd startup: avoid black magic with file descriptors
This *should* fix a reported but as yet unreproducable
ircd abort on restart.
Jason Volk [Sat, 20 Aug 2016 11:10:28 +0000 (04:10 -0700)]
ircd: Allow non-default CAP_MASK during server estab.
Aaron Jones [Sat, 20 Aug 2016 03:16:33 +0000 (04:16 +0100)]
TLS Backends: Harmomise the rb_ssl_get_cipher() function
The GNUTLS backend reports the version in use for the client as well
as its ciphersuite -- do the same for the other 2 backends.
Aaron Jones [Fri, 19 Aug 2016 20:26:43 +0000 (20:26 +0000)]
GNUTLS: Avoid null dereference in constructing ciphersuite
Aaron Jones [Fri, 19 Aug 2016 19:14:40 +0000 (19:14 +0000)]
GNUTLS: Cleanup fingerprint generation
Removes intermediate buffer, properly check return values
Aaron Jones [Mon, 15 Aug 2016 10:50:59 +0000 (10:50 +0000)]
README: Clarify that OpenSSL is not required for ECDHE
Aaron Jones [Mon, 15 Aug 2016 09:50:53 +0000 (09:50 +0000)]
mkpasswd: use urandom for salts, cleanup
Using /dev/random for salt generation is pointless -- it can block, and
any extra randomness it would provide (which is debatable) is not needed,
as salts only need to be unique, not unpredictable.
Aaron Jones [Fri, 12 Aug 2016 13:34:13 +0000 (13:34 +0000)]
openssl: Avoid use-after-free when rehashing fails to load new files
Commit
cf12678 introduced a fix for issue #186 by freeing the old SSL_CTX
structure before constructing a new one, which could disconnect existing
clients otherwise.
Unfortunately, the freeing is done first, which means that if setting up
a new structure fails for any reason, there will be no usable structures
left, but they are still referenced.
This fix moves the freeing to the end of the function, using intermediate
new variables in the meantime. This problem was discovered while testing
against OpenSSL 1.1.0 RC6.
William Pitcock [Sat, 6 Aug 2016 04:38:34 +0000 (23:38 -0500)]
charybdis 4-rc3.
William Pitcock [Sat, 6 Aug 2016 04:37:05 +0000 (23:37 -0500)]
m_grant: convert jevolk's rewritten version to AV2
William Pitcock [Sat, 6 Aug 2016 04:07:00 +0000 (23:07 -0500)]
Merge pull request #207 from charybdis-ircd/jevolk-patch-1
authd: Fix use after reference count decrement.
Jason Volk [Fri, 5 Aug 2016 19:08:16 +0000 (13:08 -0600)]
authd: Fix use after reference count decrement.
William Pitcock [Wed, 27 Jul 2016 07:34:38 +0000 (02:34 -0500)]
Merge pull request #205 from jevolk/release/4
m_grant: rewrite.
Jason Volk [Wed, 27 Jul 2016 05:40:26 +0000 (22:40 -0700)]
m_grant: rewrite.
Jason Volk [Tue, 19 Jul 2016 22:59:35 +0000 (15:59 -0700)]
ircd: Fix missing operhash reference decrement from
b02a913b .
Jason Volk [Sat, 16 Jul 2016 18:26:38 +0000 (11:26 -0700)]
Fix erroneous return value.
Aaron Jones [Sat, 16 Jul 2016 05:41:49 +0000 (05:41 +0000)]
reference.conf: Document fingerprint generation
[ci skip]
Elizabeth Myers [Tue, 28 Jun 2016 00:14:32 +0000 (19:14 -0500)]
Fix stupid compiler errors by my stupidity and tiredness
Elizabeth Myers [Tue, 28 Jun 2016 00:06:49 +0000 (19:06 -0500)]
blacklist: add blacklist_cancel_none
Elizabeth Myers [Tue, 28 Jun 2016 00:00:00 +0000 (19:00 -0500)]
blacklist: add return statement. d'oh.
Elizabeth Myers [Mon, 27 Jun 2016 23:59:53 +0000 (18:59 -0500)]
blacklist: fix precedence lossage
Elizabeth Myers [Mon, 27 Jun 2016 23:56:14 +0000 (18:56 -0500)]
blacklist: if no blacklists were checked, properly terminate query.
Elizabeth Myers [Mon, 27 Jun 2016 23:37:46 +0000 (18:37 -0500)]
build_rdns: minor cleanup
Elizabeth Myers [Mon, 27 Jun 2016 23:28:02 +0000 (18:28 -0500)]
blacklist: tweak message for timeout
Elizabeth Myers [Mon, 27 Jun 2016 23:24:39 +0000 (18:24 -0500)]
blacklist: give different messages for cancellation and timeout
William Pitcock [Sun, 26 Jun 2016 03:10:41 +0000 (22:10 -0500)]
charybdis 4-rc2.
William Pitcock [Sat, 25 Jun 2016 19:27:44 +0000 (14:27 -0500)]
Merge branch 'master' into release/4
Jason Volk [Sat, 25 Jun 2016 02:29:02 +0000 (19:29 -0700)]
Fix bug. Note: The second hunk is just an assumption. It's not called from anywhere.
William Pitcock [Wed, 22 Jun 2016 01:00:01 +0000 (20:00 -0500)]
Merge pull request #196 from jevolk/master
I typed MODRESTART by accident
Jason Volk [Wed, 22 Jun 2016 00:39:44 +0000 (17:39 -0700)]
Core modules cannot be unloaded, otherwise bad things happen.
Additionally some information is logged and passed to the operator
conducting a MODRESTART.
Jason Volk [Wed, 22 Jun 2016 00:32:28 +0000 (17:32 -0700)]
ircd: Fix capability entry name string ownership.
The entry->cap must be copied and exclusive to the entry for the
cap to be orphaned, even if literals are expected. Because modules.
William Pitcock [Mon, 20 Jun 2016 03:44:47 +0000 (22:44 -0500)]
charybdis 4-rc1.
William Pitcock [Mon, 20 Jun 2016 02:49:52 +0000 (21:49 -0500)]
Merge branch 'master' into release/4
William Pitcock [Mon, 20 Jun 2016 02:47:59 +0000 (21:47 -0500)]
librb: remove one more VMS detritius
William Pitcock [Mon, 20 Jun 2016 02:47:23 +0000 (21:47 -0500)]
librb: we have no plans to support VMS
William Pitcock [Sat, 18 Jun 2016 06:06:52 +0000 (01:06 -0500)]
Merge branch 'master' into release/4
William Pitcock [Sat, 18 Jun 2016 06:05:38 +0000 (01:05 -0500)]
ircd: relocate_paths() back on windows only now
William Pitcock [Sat, 18 Jun 2016 05:59:15 +0000 (00:59 -0500)]
m_modules: use new module api
William Pitcock [Sat, 18 Jun 2016 05:52:54 +0000 (00:52 -0500)]
conf_parser: warning fixes
William Pitcock [Sat, 18 Jun 2016 05:52:16 +0000 (00:52 -0500)]
modules: serious cleanups
William Pitcock [Sat, 18 Jun 2016 05:38:40 +0000 (00:38 -0500)]
modules: cleanups
William Pitcock [Sat, 18 Jun 2016 05:22:02 +0000 (00:22 -0500)]
ircd: fix compile of relocate_paths()
William Pitcock [Sat, 18 Jun 2016 05:21:39 +0000 (00:21 -0500)]
ircd: make relocate_paths() available always
William Pitcock [Sat, 18 Jun 2016 05:20:59 +0000 (00:20 -0500)]
ircd: call relocate_paths() in all cases
William Pitcock [Sat, 18 Jun 2016 04:39:19 +0000 (23:39 -0500)]
messages: fix format string warning reported by latest clang
William Pitcock [Sat, 18 Jun 2016 04:36:47 +0000 (23:36 -0500)]
ircd: print runtime path configuration
William Pitcock [Sat, 18 Jun 2016 04:29:11 +0000 (23:29 -0500)]
librb: dictionaries which use integer keys may use 0 legitimately
William Pitcock [Fri, 17 Jun 2016 01:20:50 +0000 (20:20 -0500)]
invite: do not send duplicate invite messages (closes #194)
William Pitcock [Fri, 17 Jun 2016 01:20:50 +0000 (20:20 -0500)]
invite: do not send duplicate invite messages (closes #194)
Aaron Jones [Sun, 12 Jun 2016 11:33:06 +0000 (11:33 +0000)]
mbedtls backend: indicate reason for TLS session termination
[ci skip]
Aaron Jones [Sun, 12 Jun 2016 11:33:06 +0000 (11:33 +0000)]
mbedtls backend: indicate reason for TLS session termination
[ci skip]
William Pitcock [Sun, 5 Jun 2016 04:53:21 +0000 (23:53 -0500)]
CREDITS: charybdis official channel will now be on irc.charybdis.io.
William Pitcock [Sun, 5 Jun 2016 04:53:21 +0000 (23:53 -0500)]
CREDITS: charybdis official channel will now be on irc.charybdis.io.
William Pitcock [Sun, 5 Jun 2016 04:47:47 +0000 (23:47 -0500)]
CREDITS: adjust to reflect present situation
William Pitcock [Sun, 5 Jun 2016 04:47:47 +0000 (23:47 -0500)]
CREDITS: adjust to reflect present situation
Aaron Jones [Wed, 1 Jun 2016 21:04:45 +0000 (21:04 +0000)]
Fix regression introduced by commit
2f361bfc
Aaron Jones [Wed, 1 Jun 2016 21:03:46 +0000 (21:03 +0000)]
Fix regression introduced by commit
1863a0f8
Aaron Jones [Wed, 1 Jun 2016 20:55:32 +0000 (20:55 +0000)]
Preliminary code tidying complete.
These issues (commits
47a66e15 through
906fd91f inclusive) were
identified with the Clang compiler. Please raise concerns about
them on the issue tracker or in the support channel.
Aaron Jones [Wed, 1 Jun 2016 20:41:03 +0000 (20:41 +0000)]
tools/mkfingerprint: strlen(3) on a raw byte array is wrong -- use its length as indicated by the function that filled it
Aaron Jones [Wed, 1 Jun 2016 20:38:54 +0000 (20:38 +0000)]
tools/mkpasswd: functions that call exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:37:51 +0000 (20:37 +0000)]
bandb/bandb: functions that call exit(3) should be marked noreturn, avoid sign overflow in integer function argument
Aaron Jones [Wed, 1 Jun 2016 20:34:51 +0000 (20:34 +0000)]
bandb/bantool: a function that calls exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:32:12 +0000 (20:32 +0000)]
authd/res: make function used only within this unit static, remove unused macros
Aaron Jones [Wed, 1 Jun 2016 20:29:35 +0000 (20:29 +0000)]
authd/provider: remove shadowed double variable decl
Aaron Jones [Wed, 1 Jun 2016 20:27:19 +0000 (20:27 +0000)]
authd/authd: a function that calls exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:23:13 +0000 (20:23 +0000)]
wsockd: various fixes
* Use correct sign for comparing data lengths
* Don't return a void statement in a void function
* Remove unused functions and macros
Aaron Jones [Wed, 1 Jun 2016 20:17:09 +0000 (20:17 +0000)]
ssld: remove unused macros, avoid sign overflow in integer function argument
Aaron Jones [Wed, 1 Jun 2016 20:15:07 +0000 (20:15 +0000)]
wsproc: compile out dead code
Investigation is required to determine if this function should
actually be used
Aaron Jones [Wed, 1 Jun 2016 20:14:09 +0000 (20:14 +0000)]
restart: functions that call exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:11:46 +0000 (20:11 +0000)]
ircd_signal: a function that tailcalls a noreturn function should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:05:56 +0000 (20:05 +0000)]
ircd: functions that call exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:03:52 +0000 (20:03 +0000)]
getopt: a function that calls exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:02:57 +0000 (20:02 +0000)]
dns: make function used only within this unit static
Aaron Jones [Wed, 1 Jun 2016 20:01:51 +0000 (20:01 +0000)]
class: remove unused macros
Aaron Jones [Wed, 1 Jun 2016 20:00:48 +0000 (20:00 +0000)]
chmode: remove unreachable break statement
Aaron Jones [Wed, 1 Jun 2016 20:00:11 +0000 (20:00 +0000)]
chmode: silence harmless uninitialised variable warning
Aaron Jones [Wed, 1 Jun 2016 19:58:53 +0000 (19:58 +0000)]
channel: silence harmless uninitialised variable warning
Aaron Jones [Wed, 1 Jun 2016 19:56:47 +0000 (19:56 +0000)]
bandbi: a function that calls exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 19:55:35 +0000 (19:55 +0000)]
authproc: don't shadow variable decls, avoid reserved name
Aaron Jones [Wed, 1 Jun 2016 19:50:09 +0000 (19:50 +0000)]
librb: silence some fairly harmless compiler warnings
These include warnings about "break" statements that will never be
executed (because they are after "return" statements), unused macros
(lost to code refactoring or never even used in the first place),
functions that call abort() or loop indefinitely but aren't marked with
the "noreturn" attribute, and use of variables possibly uninitialised
(a false positive).
Aaron Jones [Wed, 1 Jun 2016 20:46:43 +0000 (20:46 +0000)]
Preliminary code tidying complete.
These issues (commits
92706fd5 through
707bc7cd inclusive) were
identified with the Clang compiler. Please raise concerns about
them on the issue tracker or in the support channel.
Aaron Jones [Wed, 1 Jun 2016 20:41:03 +0000 (20:41 +0000)]
tools/mkfingerprint: strlen(3) on a raw byte array is wrong -- use its length as indicated by the function that filled it
Aaron Jones [Wed, 1 Jun 2016 20:38:54 +0000 (20:38 +0000)]
tools/mkpasswd: functions that call exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:37:51 +0000 (20:37 +0000)]
bandb/bandb: functions that call exit(3) should be marked noreturn, avoid sign overflow in integer function argument
Aaron Jones [Wed, 1 Jun 2016 20:34:51 +0000 (20:34 +0000)]
bandb/bantool: a function that calls exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:32:12 +0000 (20:32 +0000)]
authd/res: make function used only within this unit static, remove unused macros
Aaron Jones [Wed, 1 Jun 2016 20:29:35 +0000 (20:29 +0000)]
authd/provider: remove shadowed double variable decl
Aaron Jones [Wed, 1 Jun 2016 20:27:19 +0000 (20:27 +0000)]
authd/authd: a function that calls exit(3) should be marked noreturn
Aaron Jones [Wed, 1 Jun 2016 20:23:13 +0000 (20:23 +0000)]
wsockd: various fixes
* Use correct sign for comparing data lengths
* Don't return a void statement in a void function
* Remove unused functions and macros