summaryrefslogtreecommitdiff
path: root/src/fe-common
AgeCommit message (Collapse)Author
2017-05-18Add parse_uint function to improve integer overflow handlingdequis
Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan. After a lot of analysis I'm 99% sure this isn't security relevant so it's fine to handle this publicly. The fix is mainly adding a function that does it right and use it everywhere. This is harder than it seems because the strtol() family of functions doesn't have the friendliest of interfaces. Aside from get_ansi_color(), there were other pieces of code that used the same (out*10+(*in-'0')) pattern, like the parse_size() and parse_time_interval() functions, which are mostly used for settings. Those are interesting cases, since they multiply the parsed number (resulting in more overflows) and they write to a signed integer parameter (which can accidentally make the uints negative without UB) Thanks to Pascal Cuoq for enlightening me about the undefined behavior of parse_size (and, in particular, the implementation-defined behavior of one of the WIP versions of this commit, where something like signed integer overflow happened, but it was legal). Also for writing tis-interpreter, which is better than ubsan to verify these things.
2017-05-14Update fe-server.cailin-nemui
2017-05-11Added code commentsJari Matilainen
2017-05-11Added bracesJari Matilainen
2017-05-11Added support for -notls and -notls_verifyJari Matilainen
2017-04-11Merge pull request #686 from josephbisch/remove-history-wrapLemonBoy
Don't allow command history to wrap around
2017-04-07Add syntax info for completionJoseph Bisch
Allows syntax info to be picked up and displayed by help command. Fixes #687
2017-04-07Remove over_counterJoseph Bisch
We are no longer using over_counter for any functional purpose, so remove it.
2017-04-06Don't allow command history to wrap aroundJoseph Bisch
This changes the behavior of the command history to avoid wrapping back to the bottom once the top of the history is reached.
2017-04-05Fix strange history behavior when history is emptyJoseph Bisch
If text is being entered and then the user presses the up arrow followed by the down arrow, the expected behavior is to return to the text being entered. Prior to this commit that was not the case. Fixes #462
2017-03-11Merge pull request #645 from LemonBoy/keyboard-miscailin-nemui
Timeout feature for keys
2017-03-10Merge branch 'netjoin-timeout' into 'master'Ailin Nemui
fe-netjoin: remove irc servers on "server disconnected" signal Closes #7 See merge request !10
2017-03-07Merge pull request #659 from ailin-nemui/foreach_dontspamailin-nemui
make foreach send commands
2017-03-06Revert "Quote the filename when dcc requests are auto accepted."ailin-nemui
2017-03-04Merge pull request #658 from LemonBoy/dcc-autoacceptailin-nemui
Quote the filename when dcc requests are auto accepted.
2017-03-04Merge branch 'd-minor' into 'master' Nei
Prevent some potential null-pointer deferences. See merge request !9
2017-02-27fe-netjoin: remove irc servers on "server disconnected" signaldequis
2017-02-27make foreach send commandsailin-nemui
2017-02-22Handle file names with quotes.LemonBoy
Let's repurpose escape_string and make it more flexible by letting us choose the characters to escape.
2017-02-18Execute what's left in the input queue when the timeout expires.LemonBoy
Similar to how vim behaves.
2017-02-14Prevent some potential null-pointer deferences.LemonBoy
Spotted by our friend scan-build.
2017-01-31Merge pull request #590 from LemonBoy/hi-minorailin-nemui
Minor cleanup in the highlighting signal.
2017-01-16Add SUPPRESS_PRINTF_FALLBACKJoseph Bisch
There are some cases (such as fuzzing with fe-fuzz) where suppressing printf output may be desirable.
2017-01-09fix regression in completionailin-nemui
fixes #609
2017-01-03Merge branch 'master' into 'security'Nei
Sync to master See merge request !6
2017-01-03Merge pull request #585 from ailin-nemui/win_seqailin-nemui
g_sequence backing for window list
2017-01-03switch for gregex and regex.hAilin Nemui
2017-01-02Merge branch 'percent_flag' into 'security' Nei
fix %[ See merge request !5
2017-01-02Use the RAW flag when building the regexps.LemonBoy
Also, plugged a memory leak when retrieving the match position.
2017-01-02Remove the regexp_compiled field.LemonBoy
It was made redundant by the introduction of the pointer to the GRegex structure. Silence the compiler warning in textbuffer.c about preg being initialized by setting it to NULL.
2017-01-02Use GLib's regexp interface (backed by PCRE)LemonBoy
2017-01-02Merge pull request #586 from LemonBoy/fix-580ailin-nemui
Process the nick changes in queries before the PRIVMSG is handled.
2017-01-01Make sure SASL was actually requested before failing.LemonBoy
2016-12-20remove some for loopsailin-nemui
2016-12-20sort windows_seq helpers to topailin-nemui
2016-12-20nitsailin-nemui
2016-12-20clean up window_refnum_{prev,next}ailin-nemui
2016-12-20fix %[ailin-nemui
2016-12-19add some sequence helper functionsailin-nemui
2016-12-18Minor cleanup in the highlighting signal.LemonBoy
2016-12-15Prevent a UaF by calling server_disconnect in a signal handler.LemonBoy
2016-12-15Process the nick changes in queries before the PRIVMSG is handled.LemonBoy
Otherwise we end up with the message in the status window since the frontend knows jack shit about the casemapping option when it tries to find the associated window for the query.
2016-12-15check for end of string in ansi 48ailin-nemui
2016-12-13g_sequence backing for window listailin-nemui
2016-12-12Expose 'sasl_success' to the perl side.LemonBoy
2016-12-12Add an option to stop the connection when SASL fails.LemonBoy
2016-11-29Merge pull request #565 from ahf/bug/524LemonBoy
Kill bell_beeps.
2016-11-23Don't shadow the 'channel' variable when printing the netjoins.LemonBoy
This is the root cause of #567
2016-11-23Minor corrections to the netsplit code.LemonBoy
2016-11-08add completion_empty_line settingLauri Tirkkonen