1
0
mirror of https://github.com/weechat/weechat.git synced 2026-07-09 03:03:12 +02:00
Commit Graph

217 Commits

Author SHA1 Message Date
Sébastien Helleu e5df225d9f irc: limit size of data received from the server to prevent memory exhaustion
A malicious or compromised IRC server could send data with no end-of-line
(or a flood of "005" messages), making WeeChat accumulate it in a buffer
that grew without limit, until all memory was exhausted.

The unterminated received message and the accumulated "005" (ISUPPORT)
data are now bounded by IRC_SERVER_RECV_MSG_MAX_LENGTH and
IRC_SERVER_ISUPPORT_MAX_LENGTH: extra data is ignored once the limit is
reached.
2026-06-06 14:17:41 +02:00
Sébastien Helleu f5fa814fa4 core: fix timing attack on TOTP validation (GHSA-vhv8-g2r9-cwcc)
weecrypto_totp_validate compared the generated and client-supplied OTPs
with strcmp and broke out of the time-window loop on the first match.
Both choices leaked information via response timing: strcmp leaked the
expected OTP digit-by-digit (shrinking the brute-force search from
~10^digits to a handful of guesses within the 30-second window), and
the early break leaked which window offset matched.

Compare in constant time with string_memcmp_constant_time and always
iterate the full window, OR-ing the result into otp_ok without an
early exit.

This affects both relay protocols (which call totp_validate via the
public info hook) and any other caller of the info hook.
2026-06-06 14:10:15 +02:00
Sébastien Helleu a17a80f1d0 relay: fix timing attack on password authentication (GHSA-vhv8-g2r9-cwcc)
The relay authentication used non-constant-time comparisons (strcasecmp,
strcmp) to verify password hashes and plaintext passwords, allowing an
attacker to derive the expected hash byte-by-byte from response timing
and then authenticate without knowing the password.

- SHA/PBKDF2 hex hash comparisons: normalize the client-supplied hash to
  uppercase and compare in constant time over the fixed expected length.
- Plaintext password comparison: HMAC-SHA256 both passwords with a fresh
  per-call random key and compare the fixed-size MACs in constant time,
  hiding both per-byte timing and the password length.

Add string_memcmp_constant_time helper in core, exposed via the plugin
API. Bump WEECHAT_PLUGIN_API_VERSION accordingly.
2026-06-06 13:01:52 +02:00
Sébastien Helleu 405707d544 relay: limit size of decompressed websocket frame to prevent memory exhaustion (GHSA-v2v4-45wm-5cr3)
An authenticated relay client using the permessage-deflate websocket
extension could send a small compressed frame that decompresses to an
unbounded amount of data, exhausting all memory and crashing WeeChat.

The output buffer in relay_websocket_inflate is now capped to
WEBSOCKET_INFLATE_MAX_SIZE: frames decompressing beyond this limit are
rejected and the connection is closed.
2026-06-06 12:58:20 +02:00
Sébastien Helleu f4fe63c312 core: update ChangeLog (issue #2251) 2025-05-25 10:00:24 +02:00
Sébastien Helleu 95a940294e Revert "core, plugins: replace "%lx" by "%p" in calls to sscanf"
This reverts commit e64ab3c675.

This was causing incorrect conversion of strings "0x..." to pointers on systems
like Solaris/illumos.

And as a side effect, buffers were sometimes empty in weechat relay clients
like glowing-bear.
2025-05-18 22:29:39 +02:00
Sébastien Helleu 2f375b652b core: add support of specifier %@ for UTC time in function util_strftimeval 2025-05-18 22:23:04 +02:00
Sébastien Helleu 951c030082 Version 4.6.3 2025-05-11 11:22:11 +02:00
Sébastien Helleu 3db2f71112 core: fix buffer overflow in function eval_string_range_chars 2025-05-10 21:38:26 +02:00
Sébastien Helleu 09917a807b core: fix buffer overflow in function eval_string_base_encode 2025-05-10 21:31:22 +02:00
Sébastien Helleu 334f88ae2c core: fix buffer overflow in function eval_syntax_highlight_colorize 2025-05-10 21:30:33 +02:00
Sébastien Helleu 2e14645691 core: fix buffer overflow in function util_parse_time 2025-05-08 19:18:59 +02:00
Sébastien Helleu 2c0bbdf9b9 core: fix integer overflow in function util_version_number 2025-05-08 19:18:59 +02:00
Sébastien Helleu 5839df90e7 core: fix memory leak in function util_parse_delay 2025-05-08 18:39:03 +02:00
Sébastien Helleu 6082453002 core: fix integer overflow in base32 encoding/decoding 2025-05-05 21:39:00 +02:00
Sébastien Helleu d0568dce79 core: fix integer overflow with decimal numbers in calculation of expression 2025-05-05 21:38:28 +02:00
Sébastien Helleu 120b048efb Version 4.6.2 2025-04-18 20:39:02 +02:00
Sébastien Helleu 1478ecd77d core: fix write of weechat.log to stdout with weechat-headless --stdout (issue #2247) 2025-04-15 08:16:06 +02:00
Sébastien Helleu 5c9d9bc8fc core: add refresh of window title on buffer switch, when option weechat.look.window_title is set 2025-04-11 19:32:43 +02:00
Sébastien Helleu 1d2e5ce700 Version 4.6.1 2025-04-09 13:33:19 +02:00
Sébastien Helleu 2eebe241ab core: consider all keys are safe in cursor context (issue #2244) 2025-04-04 18:55:46 +02:00
Sébastien Helleu e93cebf02c core: update ChangeLog (issue #2243) 2025-04-02 23:05:16 +02:00
Sébastien Helleu 86d4da2fd1 irc: display nick changes and quit messages when option irc.look.ignore_tag_messages is enabled (closes #2241) 2025-03-28 12:11:29 +01:00
Sébastien Helleu 9663f79746 Version 4.6.0 2025-03-23 10:42:41 +01:00
Sébastien Helleu e0b7d2a645 core: update ChangeLog 2025-03-21 07:53:29 +01:00
Sébastien Helleu 36300c763d core: update ChangeLog (issue #1174) 2025-03-16 15:58:30 +01:00
Sébastien Helleu d91039ebd0 core: update ChangeLog 2025-03-16 15:11:41 +01:00
Sébastien Helleu 2e6249588f core: update ChangeLog (issue #665) 2025-03-16 15:01:17 +01:00
Sébastien Helleu b25a9b11a0 buflist: apply option buflist.look.nick_prefix_empty also on private and list buffers 2025-03-15 19:19:19 +01:00
Sébastien Helleu 2e570c599b core: add option weechat.completion.nick_ignore_words (closes #1143) 2025-03-03 08:27:22 +01:00
Sébastien Helleu 8280a3b65b api: return input string in function string_iconv_from_internal when current locale is wrong
This fixes a bug when writing configuration files with a wrong locale: now
UTF-8 is kept and written in files instead of string converted using a wrong
charset.
2025-03-01 16:44:22 +01:00
Sébastien Helleu f7cf044f33 core: add version 4.5.2 2025-02-20 23:56:38 +01:00
Sébastien Helleu d9ee4a3c13 core: update ChangeLog 2025-02-20 22:54:37 +01:00
Sébastien Helleu 145423c11f core: update ChangeLog (issue #2234) 2025-02-18 22:11:23 +01:00
Sébastien Helleu c7d21a3ea6 api: add function completion_set 2025-02-15 23:22:44 +01:00
Sébastien Helleu e89d6d69ad api: add property keep_spaces_right in function hook_set to keep trailing spaces in command arguments 2025-02-15 20:54:24 +01:00
Sébastien Helleu 3c9eb6dcac core: add option whitespace in command /debug (closes #947)
New options are added to configure the chars displayed for spaces and
tabulations:

- weechat.look.whitespace_char: char for spaces
- weechat.look.tab_whitespace_char: first char for tabulations
2025-02-15 20:54:14 +01:00
Sébastien Helleu ca6e483cdc relay/api: add a way to toggle between remote and local command execution on remote buffers (issue #2148)
New default key:

- Alt+Ctrl+l (L): toggle execution of commands: remote/local

New options:

- relay.api.remote_input_cmd_local: text displayed for command executed locally
- relay.api.remote_input_cmd_remote: text displayed for command executed on the
  remote WeeChat
2025-02-09 18:31:37 +01:00
Sébastien Helleu 36b62cfc5e core: add option -v to display upgrades in command /version
The number of upgrades is also displayed on startup after at least one
`/upgrade`.
2025-01-07 20:35:35 +01:00
Sébastien Helleu 80ca209e70 Revert "core: check "weechat" binary with command /upgrade"
This reverts commit d665e2d489.

The fix is not working when WeeChat is not executed with an absolute path.
2025-01-07 17:37:07 +01:00
Sébastien Helleu cf726265d1 core: fix typo in ChangeLog 2025-01-06 07:40:53 +01:00
Sébastien Helleu 8b2cdf3032 core: update ChangeLog (issue #2207) 2025-01-05 15:05:47 +01:00
Sébastien Helleu b88582c7ec core: update ChangeLog (issue #2222) 2025-01-05 10:03:26 +01:00
Sébastien Helleu d665e2d489 core: check "weechat" binary with command /upgrade
Always check that "weechat" binary exists and is executable with command
`/upgrade`, even when the path to binary is not given.
2025-01-04 18:08:19 +01:00
Sébastien Helleu 2a7f557f05 core: add version 4.5.1 2024-12-23 08:56:34 +01:00
Sébastien Helleu 8e8e982af6 core: fix typo in ChangeLog 2024-12-23 08:38:20 +01:00
Sébastien Helleu ad5fde5966 relay: fix crash after /upgrade when relay clients are connected 2024-12-22 19:31:04 +01:00
Sébastien Helleu 119664d090 api: allow to add empty buffer with function infolist_new_var_buffer
This fixes the following error with `/upgrade` command when relay clients are
connected:

  relay: failed to save upgrade data
2024-12-22 19:05:52 +01:00
Sébastien Helleu c26ff6c51b core: fix detection of dl library (closes #2218)
This fixes the linking to curl and ncurses on macOS.
2024-12-21 18:06:59 +01:00
Sébastien Helleu befcd09d63 logger: fix path displayed when the logs directory can not be created 2024-12-21 17:15:38 +01:00