Read()'s return value is the only bound on how many bytes are valid in
the caller's buffer; ignoring it is what caused the identfile OOB read.
All existing callers already use the result, so flag the rest at compile
time.
Read() returned up to 1024 bytes into a stack buffer that was then
assigned to a CString via the const char* overload, so strlen() walked
past the end of buf when the file filled all 1024 bytes without a NUL.
ReadFile() bounds the append by the byte count Read() returns and reads
the whole file, so the original contents also round-trip faithfully.
* Enable SSL by default in ZNC configuration when connecting to servers
* Change default port from 6667 to 6697 in znctest
* Update SSL variable initialization with preprocessor checks
Refactor SSL configuration to use preprocessor directives.
* Fix comment formatting in znc.cpp
Fix extraneous double tab that slipped into the commit
Opening the destination at the source's exact mode breaks when the
source lacks owner write (e.g. r-xr-xr-x): the create still works but
the overwrite path can't reopen such a destination for writing. Force
owner read+write while copying and let the trailing Chmod() put the
source mode back, which only ever adds owner bits so the group/other
bits stay as restrictive as the source throughout. Add a regression
test covering the restricted-mode and read-only-source cases.
Pull in gmock so the empty-delimiter Split assertions can keep using
EXPECT_THAT(..., ElementsAre(...)) and IsEmpty(). On failure the matcher
prints the actual vector contents, which EXPECT_TRUE(vempty.empty())
hides behind a bare 'not true'.
Switch the default Referrer-Policy from same-origin to no-referrer so the
webadmin URL (which can carry user/network names in the path) does not
leak to outbound clicks either.
Drop Pragma: no-cache; it is deprecated and modern intermediaries honor
Cache-Control. Simplify Cache-Control to a single no-store directive,
which on its own already prevents storing per RFC 9111; the previous
no-cache, must-revalidate, max-age=0 tail was HTTP/1.0-era padding.
StringTest.cpp does not include gmock, so EXPECT_THAT/ElementsAre/IsEmpty
do not compile and the unittest target fails on every CI configuration.
Use EXPECT_EQ against a VCString and EXPECT_TRUE(empty()) instead, which
keeps the test scope identical without dragging gmock into this file.
Close#2012.
Add X-Frame-Options: SAMEORIGIN, X-Content-Type-Options: nosniff and
Referrer-Policy: same-origin to every response so webadmin and module
pages are framed/sniff-protected by default. Add no-store Cache-Control
and Pragma: no-cache on dynamic responses so shared workstations can't
replay authenticated pages from browser history. Skip the cache headers
for 304 and for static asset MIME types (image, font, text/css,
application/javascript) that the existing ETag/Last-Modified path on
PrintFile already handles.
Per review feedback: the emitter is a private WriteHardeningHeaders that
writes each line via the socket directly from PrintHeader, not a public
helper returning a temporary VCString. Callers can override a default
value with AddHeader, or suppress one outright with the new public
OmitHardeningHeader(name).
Tests: drive PrintHeader on a CHTTPSock subclass that captures Write()
calls, then assert with gmock matchers (Contains(StartsWith(...))).
GCC parses "AA\xffA" greedily as \xffA (next character is a hex digit),
which is out of range for char and breaks the Linux CI build. Split the
literal into "AA\xff" "A" so the escape resolves before the next string,
yielding the intended four bytes (A, A, 0xff, A).
Per review feedback on #2017: a hand-rolled byte loop can in principle
be folded back into a short-circuiting compare by an aggressive optimizer.
Use CRYPTO_memcmp under HAVE_LIBSSL since OpenSSL is already a build
dependency for the SHA256 path. For non-OpenSSL builds, mark the
accumulator and pointers volatile and note in a comment that this is
best-effort.