cf702d541f
api: change type of parameter "pos_option_name" to "const char **" in function config_search_with_string
2026-06-15 07:29:33 +02:00
b802681230
api: fix infinite loop in function string_replace when the search string is empty
2026-06-03 21:15:16 +02:00
6948aea626
relay: fix timing attack on password authentication (GHSA-vhv8-g2r9-cwcc)
...
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.
- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
per-call random key and compare the fixed-size MACs in constant time,
hiding both per-byte timing and the password length.
Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
2026-05-31 09:16:15 +02:00
54eff44d74
core: check error ERANGE after call to strtoul in function util_version_number
2026-04-05 15:33:33 +02:00
83d760deae
core: check error ERANGE after call to strtoull in function util_parse_delay
2026-04-05 15:33:33 +02:00
94e5de4836
core: use function util_parse_int in function string_get_priority_and_name
2026-04-05 15:33:33 +02:00
7e8f8b5178
core: use util functions to parse integers in core commands
2026-04-05 15:33:33 +02:00
f53e7fb9ef
core, plugins: fix typos in comments on functions, use imperative
2026-03-23 20:45:36 +01:00
71329fd595
core: remove double quotes around buffer number in error message
2026-03-09 22:45:30 +01:00
106fe6ca7c
core: update copyright dates
2026-03-08 10:37:15 +01:00
1c53d3d466
api: add functions to parse integer numbers
...
New functions:
- util_parse_int
- util_parse_long
- util_parse_longlong
2025-11-12 20:24:00 +01:00
4ab11b7705
tests: add unit tests on command /window
2025-11-12 20:20:04 +01:00
1ffc96955e
tests: add unit tests on command /sys
2025-11-12 13:45:27 +01:00
8316745061
tests: add unit tests on command /repeat
2025-11-12 13:45:27 +01:00
753475f530
tests: add unit tests on command /proxy
2025-11-11 11:27:34 +01:00
dacd29b1d7
tests: add unit tests on command /print
2025-11-11 10:57:51 +01:00
e5285c5545
tests: remove duplicate test
2025-11-11 10:39:30 +01:00
1bfd744249
tests: add unit tests on command /hotlist
2025-11-10 20:48:24 +01:00
cd20c0e843
tests: add unit tests on command /history
2025-11-10 15:06:44 +01:00
16245f44ae
tests: add unit tests on command /help
2025-11-10 15:06:44 +01:00
2f8393d504
tests: add unit tests on command /filter
2025-11-10 15:06:44 +01:00
c34d26dd70
tests: add unit tests on command /eval
2025-11-10 15:06:44 +01:00
96e225ac39
tests: add unit tests on command /debug
2025-11-10 15:06:44 +01:00
e570d76c53
tests: add macros to search messages using a regex
2025-11-10 15:06:44 +01:00
3a3dec985d
tests: add missing include of string.h
2025-11-10 13:39:03 +01:00
7051dd4351
tests: add unit tests on command /cursor
2025-11-10 09:05:36 +01:00
1094e70de2
tests: add unit tests on command /command
2025-11-10 09:04:13 +01:00
08545facb6
tests: add unit tests on command /color
2025-11-10 09:04:13 +01:00
2c4ede614e
tests: add unit tests on command /buffer
2025-11-10 09:04:13 +01:00
a89d5302fd
tests: add unit tests on command /bar
2025-11-10 09:04:13 +01:00
b61dca7d2d
tests: add unit tests on command /allbuf
2025-11-10 09:04:13 +01:00
4232123ca3
tests: add macros to test errors with commands
2025-11-10 09:04:13 +01:00
1c09118fe1
api: allow lower characters "t" and "z" in function util_parse_time
...
The following dates are now parsed with the same result:
2025-08-30T20:12:55.866643Z
2025-08-30t20:12:55.866643z
2025-08-31 12:15:33 +02:00
5acbfe9b7d
api: fix parsing of date/times with timezone offset in function util_parse_time
2025-08-31 12:15:33 +02:00
7980a6d100
api: add support of date like ISO 8601 but with spaces in function util_parse_time
...
So for example the format "2024-01-04 22:01:02.123456 +0100" is supported in
addition to ""2024-01-04T22:01:02.123456+0100".
2025-08-31 12:15:33 +02:00
f48e6ee81d
Bump required (lib)gcrypt to v1.8.0
...
Bump the requirement to v1.8.0, which means we can remove ~70% of the
ifdef guard.
It was released over 8 years ago, with 3 new feature releases since
then and dozen of bugfix releases in the 1.8 branch.
The oldest distributions we target Ubuntu 20.04 and Debian Bullseye,
have 1.8.5 and 1.8.7 respectively.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com >
2025-08-31 10:36:20 +02:00
a6e859b7ff
tests: add test with a float number using a lot of decimals in calculation of expression
...
This test validates the fix made in commit
5b4820ab06
2025-06-07 09:45:15 +02:00
927a50e366
core, plugins: replace "%p" by "%lx" in calls to sscanf
2025-05-18 22:17:29 +02:00
d0c00f7db2
Revert "core, plugins: replace "%lx" by "%p" in calls to sscanf"
...
This reverts commit e64ab3c675
2025-05-18 22:17:16 +02:00
8106db400d
core: add support of specifier %@ for UTC time in function util_strftimeval
2025-05-18 22:15:06 +02:00
d475c16671
core: fix buffer overflow in function utf8_next_char and return NULL for empty string
...
Now the function utf8_next_char with an empty string returns NULL instead of
the next char, which is most of the time after an allocated buffer.
And the function utf8_char_size with an empty string now returns 0 instead of
1.
This indirectly fixes a buffer overflow in function eval_string_range_chars
when the input string is empty (for example when doing `/eval -n ${chars:}`).
2025-05-10 20:53:04 +02:00
2bc290b6ed
core: fix integer overflow and return "unsigned long" in function util_version_number
2025-05-08 18:45:39 +02:00
51d24fd2da
api: add function file_compare (issue #2250 )
2025-05-07 20:44:48 +02:00
a1cbe63a42
tests: move CMake file, main C++/headers for tests and scripts to unit directory
2025-05-05 13:18:34 +02:00
2475f20cb7
all: move description of C files below the copyright and license
2025-03-31 11:47:49 +02:00
3a6ac9ee76
all: add SPDX license tag
2025-03-31 07:49:26 +02:00
d8987a1678
all: replace Copyright lines by SPDX copyright tag
2025-03-30 14:47:12 +02:00
caa7af253a
tests: add tests on function util_strftimeval with microseconds < 0 or > 999999
2025-03-17 08:12:33 +01:00
9fe5fa23a0
core: convert "long long" to "unsigned long long" in functions util_get_microseconds_string and util_parse_delay
2025-03-16 11:13:25 +01:00
547e2b934e
core: update copyright dates
2025-02-01 23:13:18 +01:00
Sébastien Helleu