Jilles Tjoelker [Thu, 29 May 2014 14:07:45 +0000 (16:07 +0200)]
channel: Stop pretending to support per-mode server capabilities.
After a change for dynamic server capabilities, the code to send out mode
changes was changed to use the capabilities belonging to the last mode
being sent out. This does not make sense; therefore, just use no
capabilities and remove supporting infrastructure.
Jilles Tjoelker [Thu, 29 May 2014 14:13:39 +0000 (16:13 +0200)]
server: Require EX and IE capabilities (+e and +I cmodes).
The code to send each channel mode only to servers supporting it was
broken a while ago and was not very useful anyway. Therefore, require
all connecting servers to support all standard channel modes.
chmode +c doesn't strip ^O, which turns off all previous formatting.
This can cause clients that internally use mIRC formatting to render messages weirdly,
e.g. highlighted messages in HexChat: <https://i.imgur.com/eDX8Aif.png>.
Keith Buck [Mon, 3 Mar 2014 04:12:07 +0000 (04:12 +0000)]
s_conf: Don't leak log file paths when loading default conf
This change prevents the log file paths from being leaked when
rehashing. Additionally, fname_killlog was added to two places where it
was previously forgotten.
Keith Buck [Mon, 3 Mar 2014 03:58:40 +0000 (03:58 +0000)]
s_conf: Don't leak strings when loading default conf
This change prevents conf strings from being leaked when resetting the
conf to default prior to a rehash. Additionally, some default strings
are now rb_strdup'd into the ConfigFileEntry structure after loading the
conf so that they aren't allocated and then immediately freed by the
conf loading process.
Jilles Tjoelker [Sun, 2 Mar 2014 20:54:29 +0000 (21:54 +0100)]
log_client_name: Remove MASK_IP case.
The MASK_IP case in log_client_name() was broken (because of a missing
break, it behaved as HIDE_IP). However, log_client_name() with MASK_IP
does not make sense anyway and is not used.
Jilles Tjoelker [Sat, 1 Mar 2014 18:05:55 +0000 (19:05 +0100)]
listener: Move error messages to something visible by default.
If a listening port cannot be opened, send error messages to opers with
snomask +s and ircd.log, instead of snomask +d and the ioerror log, which
both are usually disabled.
Also, restore information about what listener is having problems. This
was lost when report_error() was replaced.
Keith Buck [Fri, 28 Feb 2014 07:02:49 +0000 (07:02 +0000)]
conf parsing: Fix memory leaks and clean up code a bit.
Charybdis currently leaks about 45-50k per configuration parse,
including every rehash. This change plugs these leaks by properly
iterating through all conf_parm_t structures to seek all strings that
should be freed and also by freeing the conf_parm_t structures
themselves.
These leaks have been present since the original rewrite of the
configuration parsing system in ircd-ratbox r11953.
Additionally, this change also cleans up and documents the parsing code
a bit.
Keith Buck [Fri, 21 Feb 2014 09:17:29 +0000 (09:17 +0000)]
Remove SSL_OP_NO_COMPRESSION from openssl initialization.
SSL_OP_NO_COMPRESSION was presumably added in an attempt to prevent
information leakage in a manner similar to recent attacks on HTTPS.
However, assuming that IRC is vulnerable to the same class of attacks is
incorrect: the behavior of the IRC protocol (a single long-running
connection) is not the same as that of HTTPS (multiple ephemeral
connections). HTTPS's use of ephemeral connections means that certain
assumptions can be made about the contents of the compression
algorithm's dictionaries and the content exchanged between the client
and server (e.g. the content being nearly the same for each connection),
which is not true for IRC. Additionally, they rely on the attacker being
able to coerce the client into creating many HTTPS connections (and
resending some secret token belonging to the user, along with
attacker-controlled data) each time, none of which is possible with IRC.
Lastly, since compression is no longer performed, this option will
result in leaking the lengths of messages transmitted to and from the
client. This option does reduce CPU utilization on Charybdis servers but
also increases bandwidth consumed.
Jilles Tjoelker [Sun, 16 Feb 2014 15:06:01 +0000 (16:06 +0100)]
libratbox: Fix undefined behaviour advancing pointer beyond end of array.
The C standard does not allow constructing pointers beyond one past the end
of an array. Therefore, if size is an unsigned type (size_t), then
buf + size is never less than buf.
Clang on 32-bit took advantage of the undefined behaviour, causing
segfaults.
Jilles Tjoelker [Wed, 15 Jan 2014 20:50:08 +0000 (21:50 +0100)]
openssl: Set some sort of session id context.
Without a session id context and if client certificates are used, OpenSSL
fails the handshake if an attempt is made to reuse an old session. Various
clients could not reconnect after a disconnection because of this.
See https://bugzilla.mozilla.org/show_bug.cgi?id=858394#c34 for a bug
report.