From 91c9e871c78e203aed834edd1e1f558680a6ccfa Mon Sep 17 00:00:00 2001 From: LemonBoy Date: Tue, 12 Jul 2016 13:59:46 +0200 Subject: Add an option to stop the connection when SASL fails. --- src/fe-common/irc/fe-sasl.c | 17 +++++++++++++++++ src/irc/core/irc-servers.h | 1 + src/irc/core/sasl.c | 7 +++++++ 3 files changed, 25 insertions(+) diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c index 331b38b0..dfbfc84a 100644 --- a/src/fe-common/irc/fe-sasl.c +++ b/src/fe-common/irc/fe-sasl.c @@ -23,6 +23,9 @@ #include "signals.h" #include "levels.h" +#include "irc-servers.h" +#include "settings.h" + #include "printtext.h" static void sig_sasl_success(IRC_SERVER_REC *server) @@ -35,14 +38,28 @@ static void sig_sasl_failure(IRC_SERVER_REC *server, const char *reason) printformat(server, NULL, MSGLEVEL_CRAP, IRCTXT_SASL_ERROR, reason); } +static void sig_cap_end(IRC_SERVER_REC *server) +{ + /* The negotiation has now been terminated, if we didn't manage to + * authenticate successfully with the server just disconnect. */ + if (server->sasl_success == FALSE && + settings_get_bool("sasl_disconnect_on_failure")) + server_disconnect(SERVER(server)); + +} + void fe_sasl_init(void) { + settings_add_bool("server", "sasl_disconnect_on_failure", TRUE); + signal_add("server sasl success", (SIGNAL_FUNC) sig_sasl_success); signal_add("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); + signal_add_first("server cap end", (SIGNAL_FUNC) sig_cap_end); } void fe_sasl_deinit(void) { signal_remove("server sasl success", (SIGNAL_FUNC) sig_sasl_success); signal_remove("server sasl failure", (SIGNAL_FUNC) sig_sasl_failure); + signal_remove("server cap end", (SIGNAL_FUNC) sig_cap_end); } diff --git a/src/irc/core/irc-servers.h b/src/irc/core/irc-servers.h index bb100f86..09f3f81d 100644 --- a/src/irc/core/irc-servers.h +++ b/src/irc/core/irc-servers.h @@ -68,6 +68,7 @@ struct _IRC_SERVER_REC { unsigned int motd_got:1; /* We've received MOTD */ unsigned int isupport_sent:1; /* Server has sent us an isupport reply */ unsigned int cap_complete:1; /* We've done the initial CAP negotiation */ + unsigned int sasl_success:1; /* Did we authenticate successfully ? */ int max_kicks_in_cmd; /* max. number of people to kick with one /KICK command */ int max_modes_in_cmd; /* max. number of mode changes in one /MODE command */ diff --git a/src/irc/core/sasl.c b/src/irc/core/sasl.c index a1c16cdd..1021bea4 100644 --- a/src/irc/core/sasl.c +++ b/src/irc/core/sasl.c @@ -48,6 +48,7 @@ static gboolean sasl_timeout(IRC_SERVER_REC *server) cap_finish_negotiation(server); server->sasl_timeout = 0; + server->sasl_success = FALSE; signal_emit("server sasl failure", 2, server, "The authentication timed out"); @@ -84,6 +85,8 @@ static void sasl_fail(IRC_SERVER_REC *server, const char *data, const char *from params = event_get_params(data, 2, NULL, &error); + server->sasl_success = FALSE; + signal_emit("server sasl failure", 2, server, error); /* Terminate the negotiation */ @@ -99,6 +102,8 @@ static void sasl_already(IRC_SERVER_REC *server, const char *data, const char *f server->sasl_timeout = 0; } + server->sasl_success = TRUE; + signal_emit("server sasl success", 1, server); /* We're already authenticated, do nothing */ @@ -112,6 +117,8 @@ static void sasl_success(IRC_SERVER_REC *server, const char *data, const char *f server->sasl_timeout = 0; } + server->sasl_success = TRUE; + signal_emit("server sasl success", 1, server); /* The authentication succeeded, time to finish the CAP negotiation */ -- cgit v1.2.3 From 4ccffd85ffd06325687546f78b78e3e7fce575c5 Mon Sep 17 00:00:00 2001 From: LemonBoy Date: Thu, 20 Oct 2016 21:41:36 +0200 Subject: Expose 'sasl_success' to the perl side. --- src/fe-common/irc/fe-sasl.c | 2 +- src/perl/irc/Irc.xs | 1 + 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c index dfbfc84a..4c86f850 100644 --- a/src/fe-common/irc/fe-sasl.c +++ b/src/fe-common/irc/fe-sasl.c @@ -42,7 +42,7 @@ static void sig_cap_end(IRC_SERVER_REC *server) { /* The negotiation has now been terminated, if we didn't manage to * authenticate successfully with the server just disconnect. */ - if (server->sasl_success == FALSE && + if (!server->sasl_success && settings_get_bool("sasl_disconnect_on_failure")) server_disconnect(SERVER(server)); diff --git a/src/perl/irc/Irc.xs b/src/perl/irc/Irc.xs index 8b3b0c45..41690010 100644 --- a/src/perl/irc/Irc.xs +++ b/src/perl/irc/Irc.xs @@ -32,6 +32,7 @@ static void perl_irc_server_fill_hash(HV *hv, IRC_SERVER_REC *server) (void) hv_store(hv, "isupport_sent", 13, newSViv(server->isupport_sent), 0); (void) hv_store(hv, "cap_complete", 12, newSViv(server->cap_complete), 0); + (void) hv_store(hv, "sasl_success", 12, newSViv(server->sasl_success), 0); av = newAV(); for (tmp = server->cap_supported; tmp != NULL; tmp = tmp->next) -- cgit v1.2.3 From 7a7f6abc168b571a0db4fa65c760fe6e46edf199 Mon Sep 17 00:00:00 2001 From: LemonBoy Date: Thu, 15 Dec 2016 22:41:57 +0100 Subject: Prevent a UaF by calling server_disconnect in a signal handler. --- src/fe-common/irc/fe-sasl.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) diff --git a/src/fe-common/irc/fe-sasl.c b/src/fe-common/irc/fe-sasl.c index 4c86f850..6cba1887 100644 --- a/src/fe-common/irc/fe-sasl.c +++ b/src/fe-common/irc/fe-sasl.c @@ -43,8 +43,15 @@ static void sig_cap_end(IRC_SERVER_REC *server) /* The negotiation has now been terminated, if we didn't manage to * authenticate successfully with the server just disconnect. */ if (!server->sasl_success && - settings_get_bool("sasl_disconnect_on_failure")) - server_disconnect(SERVER(server)); + settings_get_bool("sasl_disconnect_on_failure")) { + /* We can't use server_disconnect() here because we'd end up + * freeing the 'server' object and be guilty of a slew of UaF. */ + server->connection_lost = TRUE; + /* By setting connection_lost we make sure the communication is + * halted and when the control goes back to irc_parse_incoming + * the server object is safely destroyed. */ + signal_stop(); + } } -- cgit v1.2.3