p
/
xK
1
1
Fork 0
Code Issues 1 Pull Requests Releases 10 Wiki Activity

kike: thorough review, no functional changes

This commit is contained in:
Přemysl Eric Janouch 2018-01-09 05:47:37 +01:00
parent 670e1c5770
commit 6c30452b28
Signed by: p
GPG Key ID: B715679E3A361BE6
1 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

18
kike.c
View File

@ -226,6 +226,7 @@ irc_is_valid_hostaddr (const char *hostaddr)
return false;
}
// TODO: we should actually use this, though what should we do on failure?
static bool
irc_is_valid_host (const char *host)
{
@ -1563,7 +1564,7 @@ irc_handle_time (const struct irc_message *msg, struct client *c)
if (msg->params.len > 0 && !irc_is_this_me (c->ctx, msg->params.vector[0]))
RETURN_WITH_REPLY (c, IRC_ERR_NOSUCHSERVER, msg->params.vector[0]);
char buf[32];
char buf[32] = "";
time_t now = time (NULL);
struct tm tm;
strftime (buf, sizeof buf, "%a %b %d %Y %T", localtime_r (&now, &tm));
@ -1840,7 +1841,7 @@ mode_processor_do_list (struct mode_processor *self,
break;
bool found = i != list->len;
if ((found ^ self->adding))
if (found != self->adding)
{
if (self->adding)
strv_append (list, mask);
@ -2131,6 +2132,7 @@ irc_send_rpl_list (struct client *c, const struct channel *chan)
int visible = 0;
for (struct channel_user *user = chan->users;
user; user = user->next)
// XXX: maybe we should skip IRC_USER_MODE_INVISIBLE
visible++;
irc_send_reply (c, IRC_RPL_LIST, chan->name, visible, chan->topic);
@ -3470,8 +3472,18 @@ irc_ssl_verify_callback (int verify_ok, X509_STORE_CTX *ctx)
(void) verify_ok;
(void) ctx;
// RFC 5246: "If the client has sent a certificate with signing ability,
// a digitally-signed CertificateVerify message is sent to explicitly
// verify possession of the private key in the certificate."
//
// The handshake will fail if the client doesn't have a matching private
// key, see OpenSSL's tls_process_cert_verify(), and the CertificateVerify
// message cannot be skipped (except for a case where it doesn't matter).
// Thus we're fine checking just the cryptographic hash of the certificate.
// We only want to provide additional privileges based on the client's
// certificate, so let's not terminate the connection because of a failure.
// certificate, so let's not terminate the connection because of a failure
// (especially since self-signed certificates are likely to be used).
return 1;
}