From 25440a07c3b421134b4376d7db3ee4b7ed57ad98 Mon Sep 17 00:00:00 2001 From: Michael Catanzaro Date: Mon, 12 Jul 2021 08:38:02 -0500 Subject: Avoid direct use of libproxy Since hexchat already depends on GLib, it's better to use GProxyResolver instead. This might use libproxy, or not, as appropriate. P.S. This removes a memory safety issue because proxy_list is allocated using malloc(), not g_malloc(), and therefore using g_strfreev() is incorrect. The proper way to free the proxy list returned by libproxy is to use px_proxy_factory_free_proxies() (but nobody does that because it was added in libproxy 0.4.16, which is somewhat recent). --- src/common/server.c | 26 ++++++++++++++++---------- 1 file changed, 16 insertions(+), 10 deletions(-) (limited to 'src/common/server.c') diff --git a/src/common/server.c b/src/common/server.c index 5c645eb5..4f809fa8 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -61,10 +61,6 @@ #include "ssl.h" #endif -#ifdef USE_LIBPROXY -#include -#endif - #ifdef USE_OPENSSL /* local variables */ static struct session *g_sess = NULL; @@ -78,9 +74,15 @@ static void server_disconnect (session * sess, int sendquit, int err); static int server_cleanup (server * serv); static void server_connect (server *serv, char *hostname, int port, int no_login); -#ifdef USE_LIBPROXY -extern pxProxyFactory *libproxy_factory; -#endif +static void +write_error (char *message, GError **error) +{ + if (error == NULL || *error == NULL) { + return; + } + g_printerr ("%s: %s\n", message, (*error)->message); + g_clear_error (error); +} /* actually send to the socket. This might do a character translation or send via SSL. server/dcc both use this function. */ @@ -1392,14 +1394,16 @@ server_child (server * serv) if (!serv->dont_use_proxy) /* blocked in serverlist? */ { -#ifdef USE_LIBPROXY if (prefs.hex_net_proxy_type == 5) { char **proxy_list; char *url, *proxy; + GProxyResolver *resolver; + GError *error = NULL; + resolver = g_proxy_resolver_get_default (); url = g_strdup_printf ("irc://%s:%d", hostname, port); - proxy_list = px_proxy_factory_get_proxies (libproxy_factory, url); + proxy_list = g_proxy_resolver_lookup (resolver, url, NULL, &error); if (proxy_list) { /* can use only one */ @@ -1412,6 +1416,8 @@ server_child (server * serv) proxy_type = 3; else if (!strncmp (proxy, "socks", 5)) proxy_type = 2; + } else { + write_error ("Failed to lookup proxy", &error); } if (proxy_type) { @@ -1426,7 +1432,7 @@ server_child (server * serv) g_strfreev (proxy_list); g_free (url); } -#endif + if (prefs.hex_net_proxy_host[0] && prefs.hex_net_proxy_type > 0 && prefs.hex_net_proxy_use != 2) /* proxy is NOT dcc-only */ -- cgit 1.4.1 From ef0e67039258b7db11838496c61dbdec0be97f60 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 23 Aug 2021 16:34:13 +0100 Subject: Remove some weird guesswork on the 004 numeric. (#2621) Bahamut and ircu both send 005 MODES and ELIST so this is entirely unnecessary. The other IRCd checked for here is for a dead network. While we're editing this code fix HexChat on servers that can only support one mode at a time (these are mostly gateway servers). --- src/common/modes.c | 4 ++-- src/common/proto-irc.c | 16 ---------------- src/common/server.c | 2 ++ 3 files changed, 4 insertions(+), 18 deletions(-) (limited to 'src/common/server.c') diff --git a/src/common/modes.c b/src/common/modes.c index 17f9ce99..188d2197 100644 --- a/src/common/modes.c +++ b/src/common/modes.c @@ -67,8 +67,8 @@ send_channel_modes (session *sess, char *tbuf, char *word[], int wpos, int usable_modes, orig_len, len, wlen, i, max; server *serv = sess->server; - /* sanity check. IRC RFC says three per line. */ - if (serv->modes_per_line < 3) + /* sanity check. IRC RFC says three per line but some servers may support less. */ + if (serv->modes_per_line < 1) serv->modes_per_line = 3; if (modes_per_line < 1) modes_per_line = serv->modes_per_line; diff --git a/src/common/proto-irc.c b/src/common/proto-irc.c index 501bf5a0..49017506 100644 --- a/src/common/proto-irc.c +++ b/src/common/proto-irc.c @@ -503,22 +503,6 @@ process_numeric (session * sess, int n, goto def; - case 4: /* check the ircd type */ - serv->use_listargs = FALSE; - serv->modes_per_line = 3; /* default to IRC RFC */ - if (strncmp (word[5], "bahamut", 7) == 0) /* DALNet */ - { - serv->use_listargs = TRUE; /* use the /list args */ - } else if (strncmp (word[5], "u2.10.", 6) == 0) /* Undernet */ - { - serv->use_listargs = TRUE; /* use the /list args */ - serv->modes_per_line = 6; /* allow 6 modes per line */ - } else if (strncmp (word[5], "glx2", 4) == 0) - { - serv->use_listargs = TRUE; /* use the /list args */ - } - goto def; - case 5: inbound_005 (serv, word, tags_data); goto def; diff --git a/src/common/server.c b/src/common/server.c index 4f809fa8..0c0306d5 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -1770,6 +1770,7 @@ server_set_defaults (server *serv) serv->chanmodes = g_strdup ("beI,k,l"); serv->nick_prefixes = g_strdup ("@%+"); serv->nick_modes = g_strdup ("ohv"); + serv->modes_per_line = 3; /* https://datatracker.ietf.org/doc/html/rfc1459#section-4.2.3.1 */ serv->sasl_mech = MECH_PLAIN; if (!serv->encoding) @@ -1778,6 +1779,7 @@ server_set_defaults (server *serv) serv->nickcount = 1; serv->end_of_motd = FALSE; serv->sent_capend = FALSE; + serv->use_listargs = FALSE; serv->is_away = FALSE; serv->supports_watch = FALSE; serv->supports_monitor = FALSE; -- cgit 1.4.1 From 8239fbd041abdfbc17ed605a8190a62f6825beb4 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 23 Aug 2021 23:30:32 +0100 Subject: Be a bit less insulting about servers with longer line lengths. --- src/common/server.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'src/common/server.c') diff --git a/src/common/server.c b/src/common/server.c index 0c0306d5..1825117c 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -362,7 +362,7 @@ server_read (GIOChannel *source, GIOCondition condition, server *serv) serv->linebuf[serv->pos] = lbuf[i]; if (serv->pos >= (sizeof (serv->linebuf) - 1)) fprintf (stderr, - "*** HEXCHAT WARNING: Buffer overflow - shit server!\n"); + "*** HEXCHAT WARNING: Buffer overflow - non-compliant server!\n"); else serv->pos++; } -- cgit 1.4.1 From 3f07670b34512c9242ae2c20984f38cb453ce51f Mon Sep 17 00:00:00 2001 From: Patrick Griffis Date: Fri, 1 Oct 2021 12:15:26 -0500 Subject: win32: Update to OpenSSL 1.1 --- .github/workflows/windows-build.yml | 2 +- meson.build | 2 +- plugins/fishlim/fishlim.vcxproj | 4 ++-- src/common/server.c | 2 +- src/common/ssl.c | 21 ++++++++++----------- src/common/ssl.h | 2 +- win32/copy/copy.vcxproj | 4 ++-- win32/hexchat.props | 4 ++-- win32/installer/hexchat.iss.tt | 9 +++++++-- 9 files changed, 27 insertions(+), 23 deletions(-) (limited to 'src/common/server.c') diff --git a/.github/workflows/windows-build.yml b/.github/workflows/windows-build.yml index 4ce03c00..f5e20e12 100644 --- a/.github/workflows/windows-build.yml +++ b/.github/workflows/windows-build.yml @@ -28,7 +28,7 @@ jobs: Invoke-WebRequest https://dl.hexchat.net/misc/idpsetup-1.5.1.exe -OutFile deps\idpsetup.exe & deps\idpsetup.exe /VERYSILENT - Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29.7z -OutFile deps\gtk-${{ matrix.arch }}.7z + Invoke-WebRequest https://dl.hexchat.net/gtk/gtk-${{ matrix.platform }}-2018-08-29-openssl1.1.7z -OutFile deps\gtk-${{ matrix.arch }}.7z & 7z.exe x deps\gtk-${{ matrix.arch }}.7z -oC:\gtk-build\gtk Invoke-WebRequest https://dl.hexchat.net/gtk-win32/gendef-20111031.7z -OutFile deps\gendef.7z diff --git a/meson.build b/meson.build index fe5f245d..9330abf3 100644 --- a/meson.build +++ b/meson.build @@ -22,7 +22,7 @@ dbus_glib_dep = dependency('dbus-glib-1', required: get_option('dbus')) global_deps = [] if cc.get_id() == 'msvc' - libssl_dep = cc.find_library('libeay32') + libssl_dep = cc.find_library('libssl') else libssl_dep = dependency('openssl', version: '>= 0.9.8', required: get_option('tls')) diff --git a/plugins/fishlim/fishlim.vcxproj b/plugins/fishlim/fishlim.vcxproj index 579c2436..3661e1e6 100644 --- a/plugins/fishlim/fishlim.vcxproj +++ b/plugins/fishlim/fishlim.vcxproj @@ -29,7 +29,7 @@ - WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions) + WIN32;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions) $(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories) @@ -40,7 +40,7 @@ - WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;%(PreprocessorDefinitions) + WIN32;_WIN64;_AMD64_;NDEBUG;_WINDOWS;_USRDLL;FISHLIM_EXPORTS;HAVE_DH_SET0_PQG;HAVE_DH_GET0_KEY;HAVE_DH_SET0_KEY;%(PreprocessorDefinitions) $(DepsRoot)\include;$(Glib);..\..\src\common;$(HexChatLib);%(AdditionalIncludeDirectories) diff --git a/src/common/server.c b/src/common/server.c index 1825117c..f90ce28f 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -772,7 +772,7 @@ server_connect_success (server *serv) /* it'll be a memory leak, if connection isn't terminated by server_cleanup() */ - if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify, NULL))) + if ((err = _SSL_set_verify (serv->ctx, ssl_cb_verify))) { EMIT_SIGNAL (XP_TE_CONNFAIL, serv->server_session, err, NULL, NULL, NULL, 0); diff --git a/src/common/ssl.c b/src/common/ssl.c index 0eb78bd7..e7f7e0a8 100644 --- a/src/common/ssl.c +++ b/src/common/ssl.c @@ -321,23 +321,22 @@ _SSL_socket (SSL_CTX *ctx, int sd) char * -_SSL_set_verify (SSL_CTX *ctx, void *verify_callback, char *cacert) +_SSL_set_verify (SSL_CTX *ctx, void *verify_callback) { - if (!SSL_CTX_set_default_verify_paths (ctx)) +#ifdef DEFAULT_CERT_FILE + if (!SSL_CTX_load_verify_locations (ctx, DEFAULT_CERT_FILE, NULL)) { - __SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths"); + __SSL_fill_err_buf ("SSL_CTX_load_verify_locations"); return (err_buf); } -/* - if (cacert) +#else + if (!SSL_CTX_set_default_verify_paths (ctx)) { - if (!SSL_CTX_load_verify_locations (ctx, cacert, NULL)) - { - __SSL_fill_err_buf ("SSL_CTX_load_verify_locations"); - return (err_buf); - } + __SSL_fill_err_buf ("SSL_CTX_set_default_verify_paths"); + return (err_buf); } -*/ +#endif + SSL_CTX_set_verify (ctx, SSL_VERIFY_PEER, verify_callback); return (NULL); diff --git a/src/common/ssl.h b/src/common/ssl.h index e722f831..bea2f440 100644 --- a/src/common/ssl.h +++ b/src/common/ssl.h @@ -45,7 +45,7 @@ SSL_CTX *_SSL_context_init (void (*info_cb_func)); #define _SSL_context_free(a) SSL_CTX_free(a); SSL *_SSL_socket (SSL_CTX *ctx, int sd); -char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback), char *cacert); +char *_SSL_set_verify (SSL_CTX *ctx, void *(verify_callback)); /* int SSL_connect(SSL *); int SSL_accept(SSL *); diff --git a/win32/copy/copy.vcxproj b/win32/copy/copy.vcxproj index b26d7e28..2fc7437b 100644 --- a/win32/copy/copy.vcxproj +++ b/win32/copy/copy.vcxproj @@ -40,7 +40,8 @@ - + + @@ -50,7 +51,6 @@ - diff --git a/win32/hexchat.props b/win32/hexchat.props index f40c794a..038873b1 100644 --- a/win32/hexchat.props +++ b/win32/hexchat.props @@ -15,7 +15,7 @@ - GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline + GTK_DISABLE_DEPRECATED;GDK_PIXBUF_DISABLE_DEPRECATED;G_DISABLE_SINGLE_INCLUDES;GDK_PIXBUF_DISABLE_SINGLE_INCLUDES;GTK_DISABLE_SINGLE_INCLUDES;HAVE_X509_GET_SIGNATURE_NID;HAVE_SSL_CTX_GET_SSL_METHOD;DEFAULT_CERT_FILE="cert.pem";HAVE_STRTOULL;strtoull=_strtoui64;strcasecmp=stricmp;strncasecmp=strnicmp;__inline__=__inline $(YourDepsPath)\$(PlatformName)\release $(YourGendefPath) @@ -33,7 +33,7 @@ lua51 $(DepsRoot)\include\glib-2.0;$(DepsRoot)\lib\glib-2.0\include;$(DepsRoot)\include\libxml2 $(DepsRoot)\include\gtk-2.0;$(DepsRoot)\lib\gtk-2.0\include;$(DepsRoot)\include\atk-1.0;$(DepsRoot)\include\cairo;$(DepsRoot)\include\pango-1.0;$(DepsRoot)\include\gdk-pixbuf-2.0 - gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libeay32.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib + gtk-win32-2.0.lib;gdk-win32-2.0.lib;atk-1.0.lib;gio-2.0.lib;gdk_pixbuf-2.0.lib;pangowin32-1.0.lib;pangocairo-1.0.lib;pango-1.0.lib;cairo.lib;gobject-2.0.lib;gmodule-2.0.lib;glib-2.0.lib;intl.lib;libxml2.lib;libcrypto.lib;libssl.lib;ssleay32.lib;wininet.lib;winmm.lib;ws2_32.lib $(SolutionDir)..\data\\ $(SolutionDir)..\..\hexchat-build $(HexChatBuild)\$(PlatformName)\bin\ diff --git a/win32/installer/hexchat.iss.tt b/win32/installer/hexchat.iss.tt index be985384..1671988d 100644 --- a/win32/installer/hexchat.iss.tt +++ b/win32/installer/hexchat.iss.tt @@ -138,7 +138,13 @@ Source: "gspawn-win32-helper-console.exe"; DestDir: "{app}"; Flags: ignoreversio Source: "gthread-2.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "gtk-win32-2.0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "iconv.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs -Source: "libeay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs +#if APPARCH == "x64" +Source: "libcrypto-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs +Source: "libssl-1_1-x64.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs +#else +Source: "libcrypto-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs +Source: "libssl-1_1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs +#endif Source: "libenchant.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "ffi-7.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "intl.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs @@ -148,7 +154,6 @@ Source: "pango-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: l Source: "pangocairo-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "pangoft2-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "pangowin32-1.0-0.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs -Source: "ssleay32.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "zlib1.dll"; DestDir: "{app}"; Flags: ignoreversion; Components: libs Source: "plugins\hcnotifications-winrt.dll"; DestDir: "{app}\plugins"; Flags: ignoreversion; Components: libs -- cgit 1.4.1 From 91adfb5917d31a7c29d6c0536f1e301542577e81 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 17 Jan 2022 12:08:16 +0000 Subject: Fix handling invalid ports. Instead of wrapping around, which is not behaviour any reasonable user would expect, just use the default port if above 65535. Disallow connecting on port 0. This port has special meaning and servers can not listen on it. It is more likely the user just gave an invalid value to the port field as atoi("invalid") == 0. --- src/common/server.c | 3 +-- 1 file changed, 1 insertion(+), 2 deletions(-) (limited to 'src/common/server.c') diff --git a/src/common/server.c b/src/common/server.c index f90ce28f..c2965eb3 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -1559,7 +1559,7 @@ server_connect (server *serv, char *hostname, int port, int no_login) if (!hostname[0]) return; - if (port < 0) + if (port < 1 || port > 65535) { /* use default port for this server type */ port = 6667; @@ -1568,7 +1568,6 @@ server_connect (server *serv, char *hostname, int port, int no_login) port = 6697; #endif } - port &= 0xffff; /* wrap around */ if (serv->connected || serv->connecting || serv->recondelay_tag) server_disconnect (sess, TRUE, -1); -- cgit 1.4.1 From 7df34cdcb2039678356f9dd44bb52e670dbcf8ce Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Mon, 17 Jan 2022 21:51:40 +0000 Subject: Log when the user specifies an invalid port. --- src/common/server.c | 1 + 1 file changed, 1 insertion(+) (limited to 'src/common/server.c') diff --git a/src/common/server.c b/src/common/server.c index c2965eb3..e14da237 100644 --- a/src/common/server.c +++ b/src/common/server.c @@ -1567,6 +1567,7 @@ server_connect (server *serv, char *hostname, int port, int no_login) if (serv->use_ssl) port = 6697; #endif + g_debug ("Attempted to connect to invalid port, assuming default port %d", port); } if (serv->connected || serv->connecting || serv->recondelay_tag) -- cgit 1.4.1