A malicious or compromised IRC server could send data with no end-of-line
(or a flood of "005" messages), making WeeChat accumulate it in a buffer
that grew without limit, until all memory was exhausted.
The unterminated received message and the accumulated "005" (ISUPPORT)
data are now bounded by IRC_SERVER_RECV_MSG_MAX_LENGTH and
IRC_SERVER_ISUPPORT_MAX_LENGTH: extra data is ignored once the limit is
reached.
At the moment, building WeeChat triggers several thousand -Wstrict-prototypes
diagnostics. This is due to its source code using an empty argument list for
functions and function pointers that take no arguments, instead of explicitly
declaring that they take no arguments by using a void list.
This commit replaces all empty argument lists with a void list.
Note that Ruby's headers also suffer the same problem, which WeeChat can't
do anything to fix. Thus, building WeeChat with the Ruby plugin enabled
will still issue approximately 30 such diagnostics.
Detail of changes:
- the save of upgrade files in plugins is now done as soon as the "upgrade"
signal is received, and not when the plugin is unloaded (it was too late to
detect any problem and prevent the upgrade to happen)
- if the write of an upgrade file fails, the signal callback in plugin now
returns WEECHAT_RC_ERROR and WeeChat checks this code to stop the upgrade as
soon as this return code is received
- a new flag is added in plugin structure: unload_with_upgrade, it is set to 1
before unloading all plugins when upgrade will happen (all *.upgrade files
are then already successfully written).
Bump the requirement to v3.3.0 as available in Ubuntu 16.04 (3.4.10) and
Debian 10 (3.6.7). It was released around 10 years ago and any remotely
supported distribution has newer version.
As result, we can remove hundred+ lines of #ifdef spaghetti code.
Signed-off-by: Emil Velikov <emil.l.velikov@gmail.com>
The server option "autojoin_delay" adds a delay before autojoin.
The server option "command_delay" is now used to add a delay before the
execution of the command.
On upgrade from an old version, the option "command_delay" is copied to
"autojoin_delay" (in old versions, "command_delay" was applied after the
execution of command and before the autojoin).
This commit also includes support for passive DCC RESUME.
There was also a potential segfault with calling `atoi(pos_token)` when `pos_token` is NULL, so `token` is set to be stored as a string. Although it is an integer, we don't need to store it as such. That's really more of an implementation detail.
Sébastien Helleu