bound the configured proxy username and password before they are copied into the fixed stack buffer in network_pass_socks5proxy, otherwise a login longer than the buffer (a long password or token) overruns it while building the SOCKS5 auth request.
weecrypto_totp_validate compared the generated and client-supplied OTPs
with strcmp and broke out of the time-window loop on the first match.
Both choices leaked information via response timing: strcmp leaked the
expected OTP digit-by-digit (shrinking the brute-force search from
~10^digits to a handful of guesses within the 30-second window), and
the early break leaked which window offset matched.
Compare in constant time with string_memcmp_constant_time and always
iterate the full window, OR-ing the result into otp_ok without an
early exit.
This affects both relay protocols (which call totp_validate via the
public info hook) and any other caller of the info hook.
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.
- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
per-call random key and compare the fixed-size MACs in constant time,
hiding both per-byte timing and the password length.
Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
This reverts commit e64ab3c675.
This was causing incorrect conversion of strings "0x..." to pointers on systems
like Solaris/illumos.
And as a side effect, buffers were sometimes empty in weechat relay clients
like glowing-bear.
At the moment, building WeeChat triggers several thousand -Wstrict-prototypes
diagnostics. This is due to its source code using an empty argument list for
functions and function pointers that take no arguments, instead of explicitly
declaring that they take no arguments by using a void list.
This commit replaces all empty argument lists with a void list.
Note that Ruby's headers also suffer the same problem, which WeeChat can't
do anything to fix. Thus, building WeeChat with the Ruby plugin enabled
will still issue approximately 30 such diagnostics.
This fixes a bug when writing configuration files with a wrong locale: now
UTF-8 is kept and written in files instead of string converted using a wrong
charset.
New options are added to configure the chars displayed for spaces and
tabulations:
- weechat.look.whitespace_char: char for spaces
- weechat.look.tab_whitespace_char: first char for tabulations
src/gui/curses/gui-curses-main.c: In function ‘gui_main_loop’:
src/gui/curses/gui-curses-main.c:399:33: error: passing argument 2 of ‘signal_catch’ from incompatible pointer type [-Wincompatible-pointer-types]
399 | signal_catch (SIGWINCH, &gui_main_signal_sigwinch);
| ^~~~~~~~~~~~~~~~~~~~~~~~~
| |
| void (*)(void)
In file included from src/gui/curses/gui-curses-main.c:38:
src/gui/curses/../../core/core-signal.h:33:46: note: expected ‘void (*)(int)’ but argument is of type ‘void (*)(void)’
33 | extern void signal_catch (int signum, void (*handler)(int));
| ~~~~~~~^~~~~~~~~~~~~
aizu-m