Age | Commit message (Collapse) | Author | |
---|---|---|---|
2017-05-18 | Add parse_uint function to improve integer overflow handling | dequis | |
Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan. After a lot of analysis I'm 99% sure this isn't security relevant so it's fine to handle this publicly. The fix is mainly adding a function that does it right and use it everywhere. This is harder than it seems because the strtol() family of functions doesn't have the friendliest of interfaces. Aside from get_ansi_color(), there were other pieces of code that used the same (out*10+(*in-'0')) pattern, like the parse_size() and parse_time_interval() functions, which are mostly used for settings. Those are interesting cases, since they multiply the parsed number (resulting in more overflows) and they write to a signed integer parameter (which can accidentally make the uints negative without UB) Thanks to Pascal Cuoq for enlightening me about the undefined behavior of parse_size (and, in particular, the implementation-defined behavior of one of the WIP versions of this commit, where something like signed integer overflow happened, but it was legal). Also for writing tis-interpreter, which is better than ubsan to verify these things. | |||
2017-05-14 | Update fe-server.c | ailin-nemui | |
2017-05-11 | Added code comments | Jari Matilainen | |
2017-05-11 | Added braces | Jari Matilainen | |
2017-05-11 | Added support for -notls and -notls_verify | Jari Matilainen | |
2017-04-11 | Merge pull request #686 from josephbisch/remove-history-wrap | LemonBoy | |
Don't allow command history to wrap around | |||
2017-04-07 | Add syntax info for completion | Joseph Bisch | |
Allows syntax info to be picked up and displayed by help command. Fixes #687 | |||
2017-04-07 | Remove over_counter | Joseph Bisch | |
We are no longer using over_counter for any functional purpose, so remove it. | |||
2017-04-06 | Don't allow command history to wrap around | Joseph Bisch | |
This changes the behavior of the command history to avoid wrapping back to the bottom once the top of the history is reached. | |||
2017-04-05 | Fix strange history behavior when history is empty | Joseph Bisch | |
If text is being entered and then the user presses the up arrow followed by the down arrow, the expected behavior is to return to the text being entered. Prior to this commit that was not the case. Fixes #462 | |||
2017-03-11 | Merge pull request #645 from LemonBoy/keyboard-misc | ailin-nemui | |
Timeout feature for keys | |||
2017-03-10 | Merge branch 'netjoin-timeout' into 'master' | Ailin Nemui | |
fe-netjoin: remove irc servers on "server disconnected" signal Closes #7 See merge request !10 | |||
2017-03-07 | Merge pull request #659 from ailin-nemui/foreach_dontspam | ailin-nemui | |
make foreach send commands | |||
2017-03-06 | Revert "Quote the filename when dcc requests are auto accepted." | ailin-nemui | |
2017-03-04 | Merge pull request #658 from LemonBoy/dcc-autoaccept | ailin-nemui | |
Quote the filename when dcc requests are auto accepted. | |||
2017-03-04 | Merge branch 'd-minor' into 'master' | Nei | |
Prevent some potential null-pointer deferences. See merge request !9 | |||
2017-02-27 | fe-netjoin: remove irc servers on "server disconnected" signal | dequis | |
2017-02-27 | make foreach send commands | ailin-nemui | |
2017-02-22 | Handle file names with quotes. | LemonBoy | |
Let's repurpose escape_string and make it more flexible by letting us choose the characters to escape. | |||
2017-02-18 | Execute what's left in the input queue when the timeout expires. | LemonBoy | |
Similar to how vim behaves. | |||
2017-02-14 | Prevent some potential null-pointer deferences. | LemonBoy | |
Spotted by our friend scan-build. | |||
2017-01-31 | Merge pull request #590 from LemonBoy/hi-minor | ailin-nemui | |
Minor cleanup in the highlighting signal. | |||
2017-01-16 | Add SUPPRESS_PRINTF_FALLBACK | Joseph Bisch | |
There are some cases (such as fuzzing with fe-fuzz) where suppressing printf output may be desirable. | |||
2017-01-09 | fix regression in completion | ailin-nemui | |
fixes #609 | |||
2017-01-03 | Merge branch 'master' into 'security' | Nei | |
Sync to master See merge request !6 | |||
2017-01-03 | Merge pull request #585 from ailin-nemui/win_seq | ailin-nemui | |
g_sequence backing for window list | |||
2017-01-03 | switch for gregex and regex.h | Ailin Nemui | |
2017-01-02 | Merge branch 'percent_flag' into 'security' | Nei | |
fix %[ See merge request !5 | |||
2017-01-02 | Use the RAW flag when building the regexps. | LemonBoy | |
Also, plugged a memory leak when retrieving the match position. | |||
2017-01-02 | Remove the regexp_compiled field. | LemonBoy | |
It was made redundant by the introduction of the pointer to the GRegex structure. Silence the compiler warning in textbuffer.c about preg being initialized by setting it to NULL. | |||
2017-01-02 | Use GLib's regexp interface (backed by PCRE) | LemonBoy | |
2017-01-02 | Merge pull request #586 from LemonBoy/fix-580 | ailin-nemui | |
Process the nick changes in queries before the PRIVMSG is handled. | |||
2017-01-01 | Make sure SASL was actually requested before failing. | LemonBoy | |
2016-12-20 | remove some for loops | ailin-nemui | |
2016-12-20 | sort windows_seq helpers to top | ailin-nemui | |
2016-12-20 | nits | ailin-nemui | |
2016-12-20 | clean up window_refnum_{prev,next} | ailin-nemui | |
2016-12-20 | fix %[ | ailin-nemui | |
2016-12-19 | add some sequence helper functions | ailin-nemui | |
2016-12-18 | Minor cleanup in the highlighting signal. | LemonBoy | |
2016-12-15 | Prevent a UaF by calling server_disconnect in a signal handler. | LemonBoy | |
2016-12-15 | Process the nick changes in queries before the PRIVMSG is handled. | LemonBoy | |
Otherwise we end up with the message in the status window since the frontend knows jack shit about the casemapping option when it tries to find the associated window for the query. | |||
2016-12-15 | check for end of string in ansi 48 | ailin-nemui | |
2016-12-13 | g_sequence backing for window list | ailin-nemui | |
2016-12-12 | Expose 'sasl_success' to the perl side. | LemonBoy | |
2016-12-12 | Add an option to stop the connection when SASL fails. | LemonBoy | |
2016-11-29 | Merge pull request #565 from ahf/bug/524 | LemonBoy | |
Kill bell_beeps. | |||
2016-11-23 | Don't shadow the 'channel' variable when printing the netjoins. | LemonBoy | |
This is the root cause of #567 | |||
2016-11-23 | Minor corrections to the netsplit code. | LemonBoy | |
2016-11-08 | add completion_empty_line setting | Lauri Tirkkonen | |