summaryrefslogtreecommitdiff
path: root/src/core/misc.c
AgeCommit message (Collapse)Author
2018-01-03check if \\c is complete in evalailin-nemui
2017-07-05Merge branch 'fix-10' into 'security'Nei
Check return value of localtime See merge request !15
2017-07-03Merge pull request #653 from ailin-nemui/regexexailin-nemui
Enable UTF8 in GRegex
2017-06-29Check return value of localtimeNei
Fixes #10
2017-06-17parse_time_interval: Allow negative time in settingsdequis
This splits sign parsing out of parse_time_interval_uint() so that the negative sign is applied outside of the unsigned context where the number parsing is done, and after all the checks that it's lower than (1 << 31) This fixes issues with settings like `server_reconnect_time`, `server_connect_timeout` and `lag_max_before_disconnect`, which accepted -1 as a valid value.
2017-06-04Refactor regex and implement UTF8 mode for GRegexailin-nemui
- with non-unicode byte to Private Use Area A mapping - move all ifdefs to iregex.h file only
2017-05-18Add parse_uint function to improve integer overflow handlingdequis
Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan. After a lot of analysis I'm 99% sure this isn't security relevant so it's fine to handle this publicly. The fix is mainly adding a function that does it right and use it everywhere. This is harder than it seems because the strtol() family of functions doesn't have the friendliest of interfaces. Aside from get_ansi_color(), there were other pieces of code that used the same (out*10+(*in-'0')) pattern, like the parse_size() and parse_time_interval() functions, which are mostly used for settings. Those are interesting cases, since they multiply the parsed number (resulting in more overflows) and they write to a signed integer parameter (which can accidentally make the uints negative without UB) Thanks to Pascal Cuoq for enlightening me about the undefined behavior of parse_size (and, in particular, the implementation-defined behavior of one of the WIP versions of this commit, where something like signed integer overflow happened, but it was legal). Also for writing tis-interpreter, which is better than ubsan to verify these things.
2017-03-08expand_escape: expand double backslash as a backslashdequis
2017-03-06Revert "Quote the filename when dcc requests are auto accepted."ailin-nemui
2017-02-22Handle file names with quotes.LemonBoy
Let's repurpose escape_string and make it more flexible by letting us choose the characters to escape.
2017-01-03switch for gregex and regex.hAilin Nemui
2017-01-02Use GLib's regexp interface (backed by PCRE)LemonBoy
2016-10-22Add function to convert a buffer to a colon-delimited hex string.Alexander Færøy
This patch adds binary_to_hex(), which can take an input buffer and convert it to colon-delimited hex strings suitable for printing for fingerprints.
2016-06-05Factor out some redundant code and remove hashtable_get_keysLemonBoy
2016-06-05str_to_uofft is a tiny wrapper over strtoul{,l}LemonBoy
2016-06-05Update the g_istr_hash function to use the djb hashLemonBoy
2016-06-05Remove unused regexp_matchLemonBoy
2016-06-05Replace strarray_length with g_strv_lengthLemonBoy
2016-06-05Replace strocpy with g_strlcpyLemonBoy
The only difference was that the former returned 1 if the buffer was overflown, but the return value was never checked.
2016-06-05Replace mkpath with g_mkdir_with_parentsLemonBoy
2016-03-14Return -1 from null-test to comply with the rest of strarray_findJari Matilainen
2015-12-09Remove all WIN32 ifdefs (unifdef -UWIN32)dequis
Just use cygwin. This looks like it wasn't enough to do anything useful, and I don't think anyone cares about supporting win32 the hard way.
2015-11-09strsplit_len: make it look more like the original versiondequis
2015-11-09strsplit_len: use strlen() directly instead of a remaining_len variabledequis
2015-10-23Fix invalid reads in strsplit_len when splitting on spacesdequis
The symptom for this one is randomly getting lines split before the last word, even if there's no need for splitting. Also, this function is only reached if recode is on, and iconv failed (for example, due to an incorrect source charset). Thanks to vague for finding this and providing valgrind logs. The loop that looks for spaces tried to read backwards from the end of the current line, with the end being determined by len. Assuming strsplit_len() with len=400, this meant accessing str[399] in the first iteration. For strings that don't need splitting, this means an invalid read always. If that invalid read happens to hit garbage that has a space character, (len - offset) points after the end of string, which isn't a problem for g_strndup() since it stops at the first null, and no splitting happens. If the garbage doesn't have any spaces, it splits by the last word. This commit avoids that loop entirely if (remaining_len > len). It also changes the way it iterates over the string to be much less confusing.
2015-09-02Fix two minor issues outlined in the PR#222LemonBoy
irc-cap.c has now a licence header. A minor style fix in misc.c
2015-05-05Implement support for IRCv3.1 CAP negotiationLemonBoy
2015-04-07Change all strcmp() to g_strcmp0() to handle nulls gracefullydequis
Just a string replacement (but i did check every one of them) sed -i 's/strcmp(/g_strcmp0(/g' **/*.c
2014-10-19Try to split long lines on spacesSebastian Thorarensen
Try to split long lines on spaces to avoid words being splitted. This can be turned off with the option `split_line_on_space'. The code assumes that the terminal encoding has ASCII spaces.
2014-07-07Fix Clang warningsAlexander Færøy
This patch fixes a few warnings emitted by clang by removing the initialization of the list by itself.
2014-07-06Fix minor coding style issues in message splittingSebastian Thorarensen
2014-07-06Properly split long IRC messagesSebastian Thorarensen
This commit adds handling of long IRC messages to the core. In contrast to the `splitlong.pl' plugin, multi-byte encoded and recoded messages are properly split. To allow for this, a new function has been added to the server struct: `split_message'. `split_message' returns a string array with the message splitted to substrings of a length that the server can handle. If a protocol module doesn't have any limit, it can simply return a singleton array with a copy of the message. The `MSG' chat command now calls `split_message' before `send_message', and emits `message own_public' / `message own_private' with each substring, so that the string splitting will be visible in the UI. `split_message' in the IRC module uses `recode_split' which in turn uses iconv to properly split multi-byte encoded (and recoded) messages.
2014-06-10Replace deprecated g_str[n]casecmp with g_ascii_str[n]cmp.David Hill
2010-11-17Do not go beyond the end of the string when processing an octal escape.Jilles Tjoelker
This code is used, for example, when /set expand_escapes on. I can't reproduce crashes but I can reproduce garbage if I type a\1. bug #775 git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5195 dbcabf3a-b0e7-0310-adc4-f8d773084564
2010-04-03deprecated glib strup/down fixes from exg.Alexander Færøy
git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5138 dbcabf3a-b0e7-0310-adc4-f8d773084564
2009-04-03Make the time duration parser stricter.Jilles Tjoelker
This makes /set server_reconnect_time = 10min fail instead of setting the time to 0. git-svn-id: file:///var/www/svn.irssi.org/SVN/irssi/trunk@5057 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-04-25Refactor code to create a watcher for an fd into a function.Emanuele Giaquinta
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4813 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-03-29Remove unneeded includes.Emanuele Giaquinta
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4784 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-03-28Make strstr_full_case internal.Emanuele Giaquinta
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4778 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-03-09Use g_ascii_str{,n}casecmp for case insensitive comparison withEmanuele Giaquinta
ascii only strings. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4739 dbcabf3a-b0e7-0310-adc4-f8d773084564
2008-03-03Rename some variables.Emanuele Giaquinta
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4718 dbcabf3a-b0e7-0310-adc4-f8d773084564
2007-05-08Oops. Update address correctly now.Wouter Coekaerts
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4490 dbcabf3a-b0e7-0310-adc4-f8d773084564
2007-05-08Update FSF addressWouter Coekaerts
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@4489 dbcabf3a-b0e7-0310-adc4-f8d773084564
2005-09-10Make parse_time_interval recognize negative times. Patch by Danijel Tasov ↵Wouter Coekaerts
and Elmar Hoffmann (Bug 23) git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3990 dbcabf3a-b0e7-0310-adc4-f8d773084564
2004-11-04Fixed bug with time settings where hours actually returned 60*hoursValentin Batz
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3679 dbcabf3a-b0e7-0310-adc4-f8d773084564
2004-03-23added strocpy()Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3238 dbcabf3a-b0e7-0310-adc4-f8d773084564
2003-11-16parse_time_interval: x days were actually returned as hours. weeks wereTimo Sirainen
returned as hours*7.. which also means I calculated the max. return value of over 1 year wrong. It's actually 24 days, but it's hopefully enough. Removed "weeks" unit to discourage usage of large values.. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3143 dbcabf3a-b0e7-0310-adc4-f8d773084564
2003-11-16Time parsing: allow omitting time unit without warning for backwardsTimo Sirainen
compatibility. git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3139 dbcabf3a-b0e7-0310-adc4-f8d773084564
2003-01-31Removed execute(), not used.Timo Sirainen
git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3107 dbcabf3a-b0e7-0310-adc4-f8d773084564
2003-01-08parse_time_interval() fallbacked to milliseconds, not seconds. some codeTimo Sirainen
cleanups. patch by Peder git-svn-id: http://svn.irssi.org/repos/irssi/trunk@3094 dbcabf3a-b0e7-0310-adc4-f8d773084564