pegasus/weechat
1
0
Fork 0
mirror of https://github.com/weechat/weechat.git synced 2026-06-24 20:06:38 +02:00
Code Activity
13,835 Commits 38 Branches 229 Tags
theme
Commit Graph

17 Commits

Author SHA1 Message Date
Sébastien Helleu e540d7a2cf relay/irc: fix timing attack on PASS command (GHSA-vhv8-g2r9-cwcc) 
The IRC relay protocol's PASS handler compared the server password with
the client-supplied value using strcmp, leaking the password byte-by-byte
via response timing. This is the same class of bug fixed for the api and
weechat protocols, on a separate code path that did not go through
relay_auth_check_password_plain.

Extract the HMAC-then-constant-time-compare logic from
relay_auth_check_password_plain into relay_auth_password_equals, then
use it in both the plain-auth wrapper and the IRC PASS handler.
 2026-05-31 09:16:36 +02:00
Sébastien Helleu f53e7fb9ef core, plugins: fix typos in comments on functions, use imperative 2026-03-23 20:45:36 +01:00
Sébastien Helleu 106fe6ca7c core: update copyright dates 2026-03-08 10:37:15 +01:00
Sébastien Helleu 2475f20cb7 all: move description of C files below the copyright and license 2025-03-31 11:47:49 +02:00
Sébastien Helleu 3a6ac9ee76 all: add SPDX license tag 2025-03-31 07:49:26 +02:00
Sébastien Helleu d8987a1678 all: replace Copyright lines by SPDX copyright tag 2025-03-30 14:47:12 +02:00
Sébastien Helleu 547e2b934e core: update copyright dates 2025-02-01 23:13:18 +01:00
Sébastien Helleu 6908eec160 tests: replace POINTERS_EQUAL by STRCMP_EQUAL in string comparisons with NULL 2024-09-14 10:26:42 +02:00
Sébastien Helleu 24c4029c96 core: remove "wee-" prefix from source files in src/core and src/core/hook 2024-03-12 21:27:37 +01:00
Sébastien Helleu 83567fd871 relay: allow password hash authentication in api relay, add option relay.network.time_window (issue #2066) 2024-02-01 21:39:23 +01:00
Sébastien Helleu eecb2a997e core: update copyright dates 2024-01-01 22:29:58 +01:00
Sébastien Helleu 33bba784c3 core: update copyright dates 2023-01-01 14:54:35 +01:00
Sébastien Helleu c44b79dce7 core: update copyright dates 2022-01-17 18:41:06 +01:00
Sébastien Helleu efc7a588d6 core: update copyright dates 2021-01-02 21:34:16 +01:00
Sébastien Helleu 60b75f4677 tests: add tests on functions relay_auth_password_hash_algo_search and relay_auth_generate_nonce 2020-04-20 07:16:08 +02:00
Sébastien Helleu d38701f99f tests: reduce number of iterations in PBKDF2 tests from 100000 to 1000 
This speeds up tests by about 30%.
 2020-04-19 10:56:25 +02:00
Sébastien Helleu 9fa3609c85 relay: add command "handshake" in weechat relay protocol and nonce to prevent replay attacks (closes #1474) 
This introduces a new command called "handshake" in the weechat relay protocol.
It should be sent by the client before the "init" command, to negotiate the way
to authenticate with a password.

3 new options are added:

* relay.network.auth_password
* relay.network.hash_iterations
* relay.network.nonce_size
 2020-04-14 21:38:12 +02:00