Commit Graph

1255 Commits

Author SHA1 Message Date
Alexey Sokolov 866303eef0 Merge pull request #2014 from MarkLee131/fix/parseservertime-clamp-range
Utils: reject out-of-range years in ParseServerTime
2026-04-27 01:43:24 +01:00
MarkLee131 20e8f73b03 HTTPSock: extract IsValidHeaderField helper and add tests (#2010) 2026-04-25 17:38:31 +08:00
MarkLee131 04cf89beec HTTPSock: reject CR/LF in AddHeader name/value
AddHeader wrote its arguments straight into the response stream. No
in-tree caller reaches it with attacker-controlled bytes today, but the
public API is exposed to module authors; one bad caller would be a
header-injection bug. Filter at the entry rather than at every caller.
2026-04-25 10:38:31 +08:00
MarkLee131 b944299167 Utils: reject out-of-range years in ParseServerTime
cctz::parse into a microseconds time_point internally multiplies the
parsed seconds-since-epoch by 1,000,000 in signed int64. Years past ~292k
overflow, which is UB under UBSan or -ftrapv builds. In plain production
builds the overflow silently wraps and buffer playback shows a garbage
timestamp.

Reject anything with a year longer than 5 digits before calling into
cctz. 5 digits covers every realistic IRCv3 @time tag.
2026-04-25 10:36:53 +08:00
jabberwock 94aeaa02bf Message: add bounds check in GetParamsColon when uIdx >= params.size()
Without this check, when uIdx >= m_vsParams.size() and the vector is
non-empty, the subtraction in the clamp condition underflows to SIZE_MAX.
GetParamsSplit() already has the equivalent check at the top of the
function; this brings GetParamsColon() in line with it.

Fixes #1994
2026-03-17 09:39:50 -07:00
TehPeGaSuS 4c0483adfa Use user configured network
Use user configured network on the IRC client connection message example, so it turns from `/server <znc_server_ip> 1025 Admin:<pass>` to `/server <znc_server_ip> 1025 Admin/libera:<pass>`.

Should have done this from the start... 😅
2026-03-10 10:26:35 +01:00
TehPeGaSuS 9cb82dad06 Fix formatting in ZNC connection message
Make IRC client connection example consistent with the line above
2026-03-10 10:02:55 +01:00
Alexey Sokolov ad7bd6d7ee Don't try to join channel which ZNC is already on.
When Goguma connects to ZNC, it joins the joined channels again and
again, triggering flood protection.

Note: even with this fix, the Goguma+ZNC experience is still pretty bad
and requires doing something about repeating chat history
2026-01-26 22:15:23 +00:00
Falk Rund ad6a397ca4 Welcome to 2026
[skip ci]
2026-01-01 13:44:32 +01:00
Alexey Sokolov d8b8c16783 Merge branch '1.10.x' 2025-12-10 00:55:07 +00:00
ZNC-Jenkins ea22b297fc Update translations from Crowdin for de_DE nl_NL 2025-11-10 00:26:12 +00:00
ZNC-Jenkins 4115baa9f4 Update translations from Crowdin for de_DE nl_NL 2025-11-10 00:26:11 +00:00
ZNC-Jenkins 74a5da185c Update translations from Crowdin for de_DE 2025-11-09 00:26:22 +00:00
ZNC-Jenkins 3427c58246 Update translations from Crowdin for de_DE 2025-11-09 00:26:17 +00:00
ZNC-Jenkins 69c3471a7e Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-08-01 00:26:05 +00:00
Alexey Sokolov 8c983564e8 Add test for modperl SCString functions.
Pass CClient to the OnClientGetSASLMechanisms callback.

See #1970
2025-07-31 23:47:26 +01:00
Alexey Sokolov 8890a7bb0d Merge branch '1.10.x' 2025-07-24 22:16:59 +01:00
Alexey Sokolov 2daae4358a Fix build when part of Boost was found
Fix #1969
Ref #1934
2025-07-24 22:15:16 +01:00
ZNC-Jenkins 80e1bf559a Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-07-08 00:26:12 +00:00
ZNC-Jenkins e3d5c6c87f Update translations from Crowdin for tr_TR 2025-07-08 00:26:11 +00:00
RealKindOne 106a9fcbb4 Make account, away-notify, and chghost only send to client if attached into a channel. 2025-06-26 10:15:13 -04:00
ZNC-Jenkins ee54fb121e Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-06-25 00:26:40 +00:00
ZNC-Jenkins 641958d85d Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-06-25 00:26:39 +00:00
Alexey Sokolov d48e215761 Merge branch '1.10.x' 2025-06-24 18:16:41 +01:00
Alexey Sokolov c46bd41037 Unix listener: chmod and change group
Fix #1955
2025-06-24 09:04:29 +01:00
Alexey Sokolov 4b12c0dc3c Fix nullptr dereference
If client sends TAGMSG while server is not connected
2025-06-23 22:52:34 +01:00
Alexey Sokolov 7b7f691213 Don't store "this" in static variable
Fix #1960

This could also cause use-after-free if the first connected socket disconnects
2025-06-23 22:41:08 +01:00
ZNC-Jenkins 5ac26bb0ab Update translations from Crowdin for tr_TR 2025-06-17 00:26:08 +00:00
ZNC-Jenkins 7eaa3048b3 Update translations from Crowdin for tr_TR 2025-06-17 00:26:07 +00:00
ZNC-Jenkins 154208d9b3 Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-06-16 00:26:11 +00:00
ZNC-Jenkins d575543fc4 Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-06-16 00:26:10 +00:00
KindOne a7bfc73749 Save DisableClientCap/DisableServerCap settings.
(cherry picked from commit 0c13b2392f)
2025-06-15 08:08:23 +01:00
ZNC-Jenkins 88099916a2 Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-06-10 00:26:29 +00:00
ZNC-Jenkins 0abfd1361c Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-05-12 00:26:03 +00:00
Alexey Sokolov 694f50c9c0 Make CTCP flood timer use monotonic time
Probably should use std::chrono types instead of int, but that'll be a later change
2025-05-11 21:24:08 +01:00
Alexey Sokolov 4f65f86ccd Warn user if flood protection is delaying the messages for too long
This should help with cases like #1943
2025-05-11 21:06:21 +01:00
Alexey Sokolov cfd8d3f88d Make PING skip the flood queue just like PONG does
It's unlikely server has nothing to send at all for all the other messages ZNC is sending and that there's nothing happening server-side too. But PING at least is guaranteed to give the response, so ZNC shouldn't disconnect too eagerly
2025-05-11 19:36:53 +01:00
Alexey Sokolov aaeab22ea3 Fix processing of multi-token CAP ACK
I broke it in 5943bc9ed9 while fixing #1950
2025-05-11 18:49:35 +01:00
ZNC-Jenkins cc1333fd5e Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-05-11 00:26:00 +00:00
Alexey Sokolov 3d1551b7f2 Don't forward client JOINs during registration
ZNC remembers that it should join these channels, and will join them after registration. But if client automatically joins some channels, we don't want it to be added to send queue before parts of registration itself (CAP, AUTHENTICATE), because server will just disconnect with "Registration timeout". After registration is complete, using /join still joins the channel immediately.

Only limiting this to joins, because server may request some input from user to finish registration, and joins are the ones which are prone to be sent automatically by client to cause issues.

Fix #1949
2025-05-10 20:09:25 +01:00
ZNC-Jenkins 8dab274ed8 Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-05-10 00:25:54 +00:00
Alexey Sokolov 5e5d6cac59 merge 2025-05-09 23:59:54 +01:00
Alexey Sokolov 5943bc9ed9 Send several caps in the same CAP REQ
If they got NAKed, then retry them one by one

This should speed up the usual case

Fix #1950
2025-05-09 23:46:11 +01:00
Alexey Sokolov e80b11b5b5 Move base64 table from header to .cpp 2025-05-09 21:54:36 +01:00
ZNC-Jenkins 2ca596ce8f Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-05-09 00:26:31 +00:00
Alexey Sokolov c2f299abdf Filter out server-dependent caps in CAP NEW using blacklist too 2025-05-08 23:25:58 +01:00
Alexey Sokolov 1c197a5508 Add a way to disable certain capabilities
This is a way for admins to mitigate some issues caused by caps if such issues ever arise.

E.g. add this to global level in znc.conf:

DisableClientCap = sasl
DisableServerCap = chghost
DisableServerCap = message-tags

Then these caps will be NAKed to client / not requested from server.

Note that this mechanism doesn't fully prevent a cap from being activated, e.g. one could use *send_raw module to request it from server even when disabled.
2025-05-08 21:55:40 +01:00
ZNC-Jenkins ca6d6cd27f Update translations from Crowdin for bg_BG da_DK de_DE el_GR es_ES fr_FR id_ID it_IT nl_NL pl_PL pt_BR pt_PT ro_RO ru_RU tr_TR 2025-05-02 00:24:52 +00:00
Alexey Sokolov 5b871e74aa Bring unix socket syntax of AddPort in line with AddServer 2025-05-02 01:00:56 +01:00
Alexey Sokolov 2f02a9ea00 Merge branch 'master' into unix 2025-05-01 22:41:27 +01:00