From 44c8d23e9faddacd86671cda9cec69317df1fe5f Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Thu, 20 Jan 2022 14:30:48 +0000 Subject: Fix parsing LIST commands with multiple constraints. --- src/coremods/core_list.cpp | 75 ++++++++++++++++++++++++---------------------- 1 file changed, 39 insertions(+), 36 deletions(-) diff --git a/src/coremods/core_list.cpp b/src/coremods/core_list.cpp index 28ea91ce1..e128a6a17 100644 --- a/src/coremods/core_list.cpp +++ b/src/coremods/core_list.cpp @@ -95,46 +95,49 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) size_t minusers = 0; size_t maxusers = 0; - for (Params::const_iterator iter = parameters.begin(); iter != parameters.end(); ++iter) + if (!parameters.empty()) { - const std::string& constraint = *iter; - if (constraint[0] == '<') + irc::commasepstream constraints(parameters[0]); + for (std::string constraint; constraints.GetToken(constraint); ) { - maxusers = ConvToNum(constraint.c_str() + 1); - } - else if (constraint[0] == '>') - { - minusers = ConvToNum(constraint.c_str() + 1); - } - else if (!constraint.compare(0, 2, "C<", 2) || !constraint.compare(0, 2, "c<", 2)) - { - mincreationtime = ParseMinutes(constraint); - } - else if (!constraint.compare(0, 2, "C>", 2) || !constraint.compare(0, 2, "c>", 2)) - { - maxcreationtime = ParseMinutes(constraint); - } - else if (!constraint.compare(0, 2, "T<", 2) || !constraint.compare(0, 2, "t<", 2)) - { - mintopictime = ParseMinutes(constraint); - } - else if (!constraint.compare(0, 2, "T>", 2) || !constraint.compare(0, 2, "t>", 2)) - { - maxtopictime = ParseMinutes(constraint); - } - else - { - // If the glob is prefixed with ! it is inverted. - match = constraint.c_str(); - if (match[0] == '!') + if (constraint[0] == '<') { - match_inverted = true; - match += 1; + maxusers = ConvToNum(constraint.c_str() + 1); + } + else if (constraint[0] == '>') + { + minusers = ConvToNum(constraint.c_str() + 1); + } + else if (!constraint.compare(0, 2, "C<", 2) || !constraint.compare(0, 2, "c<", 2)) + { + mincreationtime = ParseMinutes(constraint); + } + else if (!constraint.compare(0, 2, "C>", 2) || !constraint.compare(0, 2, "c>", 2)) + { + maxcreationtime = ParseMinutes(constraint); + } + else if (!constraint.compare(0, 2, "T<", 2) || !constraint.compare(0, 2, "t<", 2)) + { + mintopictime = ParseMinutes(constraint); + } + else if (!constraint.compare(0, 2, "T>", 2) || !constraint.compare(0, 2, "t>", 2)) + { + maxtopictime = ParseMinutes(constraint); + } + else + { + // If the glob is prefixed with ! it is inverted. + match = constraint.c_str(); + if (match[0] == '!') + { + match_inverted = true; + match += 1; + } + + // Ensure that the user didn't just run "LIST !". + if (match[0]) + match_name_topic = true; } - - // Ensure that the user didn't just run "LIST !". - if (match[0]) - match_name_topic = true; } } -- cgit v1.3.1-10-gc9f91 From 1373c45ccac3128633d3c6e6567693087080c0a7 Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Thu, 20 Jan 2022 14:51:22 +0000 Subject: Fix parsing a LIST request with both a match and inverted match. e.g. /LIST *foo* !*bar* --- src/coremods/core_list.cpp | 40 +++++++++++++++------------------------- 1 file changed, 15 insertions(+), 25 deletions(-) diff --git a/src/coremods/core_list.cpp b/src/coremods/core_list.cpp index e128a6a17..ea9485f8a 100644 --- a/src/coremods/core_list.cpp +++ b/src/coremods/core_list.cpp @@ -79,10 +79,10 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) time_t maxcreationtime = 0; // M: Searching based on mask. + std::string match; + // N: Searching based on !mask. - bool match_name_topic = false; - bool match_inverted = false; - const char* match = NULL; + std::string notmatch; // T: Searching based on topic time, via the "Tval" modifiers to // search for a topic time that is lower or higher than val respectively. @@ -124,19 +124,15 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) { maxtopictime = ParseMinutes(constraint); } - else + else if (constraint[0] == '!') { - // If the glob is prefixed with ! it is inverted. - match = constraint.c_str(); - if (match[0] == '!') - { - match_inverted = true; - match += 1; - } - // Ensure that the user didn't just run "LIST !". - if (match[0]) - match_name_topic = true; + if (constraint.length() > 2) + notmatch = constraint.substr(1); + } + else + { + match = constraint; } } } @@ -165,18 +161,12 @@ CmdResult CommandList::Handle(User* user, const Params& parameters) continue; // Attempt to match a glob pattern. - if (match_name_topic) - { - bool matches = InspIRCd::Match(chan->name, match) || InspIRCd::Match(chan->topic, match); - - // The user specified an match that we did not match. - if (!matches && !match_inverted) - continue; + if (!match.empty() && !InspIRCd::Match(chan->name, match) && !InspIRCd::Match(chan->topic, match)) + continue; - // The user specified an inverted match that we did match. - if (matches && match_inverted) - continue; - } + // Attempt to match an inverted glob pattern. + if (!notmatch.empty() && (InspIRCd::Match(chan->name, notmatch) || InspIRCd::Match(chan->topic, notmatch))) + continue; // if the channel is not private/secret, OR the user is on the channel anyway bool n = (has_privs || chan->HasUser(user)); -- cgit v1.3.1-10-gc9f91 From 5faa39f6719dfadad979d56d7db1bef06ca4ffce Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Thu, 20 Jan 2022 17:22:34 +0000 Subject: Work around the deprecation of manual DH params in GnuTLS 3.5.6. As of this version specifying custom DH parameters is deprecated and should not be used. Instead, a default (secure) DH parameters will be used. --- src/modules/extra/m_ssl_gnutls.cpp | 18 +++++++++++++++++- 1 file changed, 17 insertions(+), 1 deletion(-) diff --git a/src/modules/extra/m_ssl_gnutls.cpp b/src/modules/extra/m_ssl_gnutls.cpp index 256f1df6c..471505a11 100644 --- a/src/modules/extra/m_ssl_gnutls.cpp +++ b/src/modules/extra/m_ssl_gnutls.cpp @@ -94,6 +94,10 @@ # include #endif +#if INSPIRCD_GNUTLS_HAS_VERSION(3, 5, 6) +# define GNUTLS_AUTO_DH +#endif + #ifdef _WIN32 # pragma comment(lib, "libgnutls-30.lib") #endif @@ -220,6 +224,7 @@ namespace GnuTLS gnutls_digest_algorithm_t get() const { return hash; } }; +#ifndef GNUTLS_AUTO_DH class DHParams { gnutls_dh_params_t dh_params; @@ -246,6 +251,7 @@ namespace GnuTLS const gnutls_dh_params_t& get() const { return dh_params; } }; +#endif class X509Key { @@ -443,9 +449,11 @@ namespace GnuTLS class CertCredentials { +#ifndef GNUTLS_AUTO_DH /** DH parameters associated with these credentials */ SMART_PTR dh; +#endif protected: gnutls_certificate_credentials_t cred; @@ -468,6 +476,7 @@ namespace GnuTLS gnutls_credentials_set(sess, GNUTLS_CRD_CERTIFICATE, cred); } +#ifndef GNUTLS_AUTO_DH /** Set the given DH parameters to be used with these credentials */ void SetDH(SMART_PTR& DH) @@ -475,6 +484,7 @@ namespace GnuTLS dh = DH; gnutls_certificate_set_dh_params(cred, dh->get()); } +#endif }; class X509Credentials : public CertCredentials @@ -655,8 +665,10 @@ namespace GnuTLS std::string certstr; std::string keystr; - SMART_PTR dh; +#ifndef GNUTLS_AUTO_DH + SMART_PTR dh; +#endif std::string priostr; unsigned int mindh; std::string hashstr; @@ -668,7 +680,9 @@ namespace GnuTLS : name(profilename) , certstr(ReadFile(tag->getString("certfile", "cert.pem", 1))) , keystr(ReadFile(tag->getString("keyfile", "key.pem", 1))) +#ifndef GNUTLS_AUTO_DH , dh(DHParams::Import(ReadFile(tag->getString("dhfile", "dhparams.pem", 1)))) +#endif , priostr(GetPrioStr(profilename, tag)) , mindh(tag->getUInt("mindhbits", 1024)) , hashstr(tag->getString("hash", "md5", 1)) @@ -703,7 +717,9 @@ namespace GnuTLS , outrecsize(config.outrecsize) , requestclientcert(config.requestclientcert) { +#ifndef GNUTLS_AUTO_DH x509cred.SetDH(config.dh); +#endif x509cred.SetCA(config.ca, config.crl); } /** Set up the given session with the settings in this profile -- cgit v1.3.1-10-gc9f91 From 087b0b54f9e18efa4f6aa5adb1599826b24af3fb Mon Sep 17 00:00:00 2001 From: Sadie Powell Date: Thu, 20 Jan 2022 18:32:48 +0000 Subject: Work around the deprecation of manual DH params in OpenSSL 3.0.0. As of this version specifying custom DH parameters is deprecated and should not be used. Instead, a default (secure) DH parameters will be used. --- .github/workflows/ci-macos.yml | 2 +- src/modules/extra/m_ssl_openssl.cpp | 13 +++++++++++++ 2 files changed, 14 insertions(+), 1 deletion(-) diff --git a/.github/workflows/ci-macos.yml b/.github/workflows/ci-macos.yml index 23b6ff786..94438c5f8 100644 --- a/.github/workflows/ci-macos.yml +++ b/.github/workflows/ci-macos.yml @@ -17,7 +17,7 @@ jobs: - name: Install dependencies run: | brew update || true - for PACKAGE in pkg-config argon2 gnutls libmaxminddb libpq mbedtls mysql-client openssl@1.1 pcre re2 sqlite tre; + for PACKAGE in pkg-config argon2 gnutls libmaxminddb libpq mbedtls mysql-client openssl@3 pcre re2 sqlite tre; do brew install $PACKAGE || brew upgrade $PACKAGE diff --git a/src/modules/extra/m_ssl_openssl.cpp b/src/modules/extra/m_ssl_openssl.cpp index 5a317ad45..4fac43a02 100644 --- a/src/modules/extra/m_ssl_openssl.cpp +++ b/src/modules/extra/m_ssl_openssl.cpp @@ -102,6 +102,9 @@ #else # define INSPIRCD_OPENSSL_OPAQUE_BIO +# if OPENSSL_VERSION_NUMBER > 0x30000000L +# define INSPIRCD_OPENSSL_AUTO_DH +# endif #endif static bool SelfSigned = false; @@ -124,6 +127,7 @@ namespace OpenSSL : ModuleException(reason) { } }; +#ifndef INSPIRCD_OPENSSL_AUTO_DH class DHParams { DH* dh; @@ -152,6 +156,7 @@ namespace OpenSSL return dh; } }; +#endif class Context { @@ -190,11 +195,13 @@ namespace OpenSSL SSL_CTX_free(ctx); } +#ifndef INSPIRCD_OPENSSL_AUTO_DH bool SetDH(DHParams& dh) { ERR_clear_error(); return (SSL_CTX_set_tmp_dh(ctx, dh.get()) >= 0); } +#endif #ifndef OPENSSL_NO_ECDH void SetECDH(const std::string& curvename) @@ -329,9 +336,11 @@ namespace OpenSSL */ const std::string name; +#ifndef INSPIRCD_OPENSSL_AUTO_DH /** DH parameters in use */ DHParams dh; +#endif /** OpenSSL makes us have two contexts, one for servers and one for clients */ @@ -404,14 +413,18 @@ namespace OpenSSL public: Profile(const std::string& profilename, ConfigTag* tag) : name(profilename) +#ifndef INSPIRCD_OPENSSL_AUTO_DH , dh(ServerInstance->Config->Paths.PrependConfig(tag->getString("dhfile", "dhparams.pem", 1))) +#endif , ctx(SSL_CTX_new(SSLv23_server_method())) , clientctx(SSL_CTX_new(SSLv23_client_method())) , allowrenego(tag->getBool("renegotiation")) // Disallow by default , outrecsize(tag->getUInt("outrecsize", 2048, 512, 16384)) { +#ifndef INSPIRCD_OPENSSL_AUTO_DH if ((!ctx.SetDH(dh)) || (!clientctx.SetDH(dh))) throw Exception("Couldn't set DH parameters"); +#endif const std::string hash = tag->getString("hash", "md5", 1); digest = EVP_get_digestbyname(hash.c_str()); -- cgit v1.3.1-10-gc9f91