summaryrefslogtreecommitdiff
path: root/src
AgeCommit message (Collapse)Author
2017-06-05Merge remote-tracking branch 'gitlab/security'Ailin Nemui
2017-06-02Merge pull request #706 from dequis/parse-uintailin-nemui
Add parse_uint function to improve integer overflow handling
2017-06-01Use CXX for fe-fuzz linkingJoseph Bisch
2017-05-30Merge branch 'fix-gl9' into 'security'Nei
Fix dcc_request where addr is NULL See merge request !13
2017-05-29Fix dcc_request where addr is NULLJoseph Bisch
2017-05-29Fix oob read of one byte in get_file_params_count{,_resume}Joseph Bisch
We can use continue to handle cases such as: "ab<space><space>c"
2017-05-27do not reset true colour bit on colour resetailin-nemui
fixes #710
2017-05-18Add parse_uint function to improve integer overflow handlingdequis
Originally found by oss-fuzz (issue 525) in get_ansi_color using ubsan. After a lot of analysis I'm 99% sure this isn't security relevant so it's fine to handle this publicly. The fix is mainly adding a function that does it right and use it everywhere. This is harder than it seems because the strtol() family of functions doesn't have the friendliest of interfaces. Aside from get_ansi_color(), there were other pieces of code that used the same (out*10+(*in-'0')) pattern, like the parse_size() and parse_time_interval() functions, which are mostly used for settings. Those are interesting cases, since they multiply the parsed number (resulting in more overflows) and they write to a signed integer parameter (which can accidentally make the uints negative without UB) Thanks to Pascal Cuoq for enlightening me about the undefined behavior of parse_size (and, in particular, the implementation-defined behavior of one of the WIP versions of this commit, where something like signed integer overflow happened, but it was legal). Also for writing tis-interpreter, which is better than ubsan to verify these things.
2017-05-14Merge pull request #702 from vague666/server_modify_notlsailin-nemui
Added support for -notls and -notls_verify
2017-05-14Update fe-server.cailin-nemui
2017-05-12expand macroailin-nemui
2017-05-12improve nicklist performanceailin-nemui
2017-05-11Added code commentsJari Matilainen
2017-05-11Added bracesJari Matilainen
2017-05-11Added support for -notls and -notls_verifyJari Matilainen
2017-04-11Merge pull request #686 from josephbisch/remove-history-wrapLemonBoy
Don't allow command history to wrap around
2017-04-07Add syntax info for completionJoseph Bisch
Allows syntax info to be picked up and displayed by help command. Fixes #687
2017-04-07Remove over_counterJoseph Bisch
We are no longer using over_counter for any functional purpose, so remove it.
2017-04-06Don't allow command history to wrap aroundJoseph Bisch
This changes the behavior of the command history to avoid wrapping back to the bottom once the top of the history is reached.
2017-04-05Fix strange history behavior when history is emptyJoseph Bisch
If text is being entered and then the user presses the up arrow followed by the down arrow, the expected behavior is to return to the text being entered. Prior to this commit that was not the case. Fixes #462
2017-03-31Fix off by one error with char_expandosJoseph Bisch
2017-03-21Intentation/whitespace fixesStephen Oberholtzer
Change several instances of space-indentation to tabs, matching the surrounding code.
2017-03-21Fix delay at startup when running against glib 2.49.3+Stephen Oberholtzer
In glib v2.49.3, an optimization was made to eliminate certain unnecessary wakeups. (The specific change was made in e4ee3079c5afc3c1c3d2415f20c3e8605728f074). Before this change, the first call to g_main_iteration would always complete immediately. In Irssi, this effectively reversed the order of the main loop, causing the reload_config check and the dirty_check to run *before* the first blocking call to g_main_iteration. With the new logic, the first g_main_iteration call now blocks, preventing the screen from being refreshed until the user starts typing or a timer goes off. (It also delays processing of SIGHUP, but I expect that is not a common situation.) This commit reorders the main loop to wait at the end of the loop, rather than the beginning, addressing the problem. (This closes Debian bug #856201.)
2017-03-14up abi verailin-nemui
2017-03-11Merge pull request #645 from LemonBoy/keyboard-miscailin-nemui
Timeout feature for keys
2017-03-10Merge branch 'netjoin-timeout' into 'master'Ailin Nemui
fe-netjoin: remove irc servers on "server disconnected" signal Closes #7 See merge request !10
2017-03-08expand_escape: expand double backslash as a backslashdequis
2017-03-08Merge pull request #667 from ailin-nemui/fix-dcc-getailin-nemui
fix dcc get fixes #656
2017-03-07Merge pull request #659 from ailin-nemui/foreach_dontspamailin-nemui
make foreach send commands
2017-03-07fix dcc getailin-nemui
fixes #656
2017-03-06Revert "Quote the filename when dcc requests are auto accepted."ailin-nemui
2017-03-04Merge pull request #658 from LemonBoy/dcc-autoacceptailin-nemui
Quote the filename when dcc requests are auto accepted.
2017-03-04Properly check the command arguments in tail place.LemonBoy
A command requiring an argument and given in tail position would not raise an error but silently set the value to the empty string ''.
2017-03-04Merge branch 'd-minor' into 'master' Nei
Prevent some potential null-pointer deferences. See merge request !9
2017-02-28Don't emit the script destroyed signal before script is actually destroyedStephen Oberholtzer
The script unloading code originally worked like this: 1. Destroy package 2. Emit 'script destroyed' signal 3. Unhook script's signal handlers If a script added a 'script destroyed' signal handler, unloading that script would cause the 'script destroyed' signal to be sent to the (already destroyed) package. This would cause a script error, which would trigger a script unload, which would start the whole process over again, until we run out of heap or stack space and segfault. This commit simply reorders the operations so that the 'script destroyed' signal is sent *after* the script is fully destroyed.
2017-02-27fe-netjoin: remove irc servers on "server disconnected" signaldequis
2017-02-27Merge pull request #647 from dequis/fix-early-ison-take-2ailin-nemui
notify-ison: Don't send ison before the connection is done
2017-02-27make foreach send commandsailin-nemui
2017-02-22Handle file names with quotes.LemonBoy
Let's repurpose escape_string and make it more flexible by letting us choose the characters to escape.
2017-02-21Quote the filename when dcc requests are auto accepted.LemonBoy
PR #453 forces the user to quote the filenames given to /DCC commands when they contain spaces but the autoget functionality didn't get updated so the filename was always passed without quotes. Closes #656.
2017-02-18Execute what's left in the input queue when the timeout expires.LemonBoy
Similar to how vim behaves.
2017-02-15Merge pull request #627 from LemonBoy/ssl-expiryailin-nemui
Check whether the client certificate is expired.
2017-02-14Do not alias /server <hostname> to /server connect <hostname>LemonBoy
Closes #559.
2017-02-14Prevent some potential null-pointer deferences.LemonBoy
Spotted by our friend scan-build.
2017-02-11notify-ison: Don't send ison before the connection is donedequis
2017-02-06Merge pull request #622 from ailin-nemui/starttlsailin-nemui
provide net_start_ssl api
2017-02-05provide net_start_ssl apiailin-nemui
fixes #615
2017-02-05Merge pull request #628 from LemonBoy/openssl-compatailin-nemui
Support OpenSSL 1.1.0.
2017-02-03Support OpenSSL 1.1.0.LemonBoy
- X509_get_notBefore becomes X509_get0_notBefore - X509_get_notAfter becomes X509_get0_notAfter - ASN1_STRING_data becomes ASN1_STRING_get0_data (and drops the const) - The whole library is now initialized by OPENSSL_init_ssl Closes #597
2017-02-03Merge branch 'dub-the-wub' into 'master' Nei
Prevent a memory leak during the processing of the SASL response. See merge request !8
generated by cgit v1.2.3 (git 2.25.1) at 2025-01-03 14:42:36 +0000