Commit Graph

1068 Commits

Author SHA1 Message Date
grunfink
5ae107188f Merge pull request 'Fix some overflow bugs' (#29) from saagarjha/snac2:master into master
Reviewed-on: https://codeberg.org/grunfink/snac2/pulls/29
2023-04-10 13:11:34 +00:00
Saagar Jha
ea9c030249 Fix heap overflow from curl-originating buffers
Most of xs.h seems to expect that buffers are rounded up to block size,
so we should preserve that invariant here. (In particular, xs_expand
will avoid calling xs_realloc if the new size fits in the same block,
which means that if we don't pad out the data it will expand out of the
memory we're allocated.)
2023-04-10 01:34:48 -07:00
Saagar Jha
632bbe475c Avoid reading too much data in xs_data_new 2023-04-10 01:29:07 -07:00
default
74817a4552 Updated RELEASE_NOTES. 2023-04-06 00:03:06 +02:00
default
1fe34ffb4a New function lastlog_write(). 2023-04-05 23:46:51 +02:00
default
7c00a9918a Updated RELEASE_NOTES. 2023-04-05 23:27:18 +02:00
default
5d26f31a8a Fixed overzealous rejection of Announces. 2023-04-05 23:23:19 +02:00
default
1cdd6d1996 Version 2.26 RELEASED. 2023-04-05 09:19:51 +02:00
default
14cbf124f9 More log level tweaks. 2023-04-04 10:40:22 +02:00
default
976083bf87 Some log tweaks. 2023-04-02 11:17:51 +02:00
default
c7285494fc Updated RELEASE_NOTES. 2023-04-01 04:25:02 +02:00
default
1722b2891d Bumped version. 2023-04-01 04:22:36 +02:00
default
b19c68622d Deleted OpenSSL that uses deprecated functions. 2023-04-01 03:56:37 +02:00
default
c83b601f90 In is_msg_public(), also look at 'Announce' messages. 2023-03-31 19:09:59 +02:00
default
4070c009f1 Updated TODO. 2023-03-30 12:09:13 +02:00
default
6ee71cdbc8 Backport from xs. 2023-03-30 11:17:27 +02:00
default
1b22dbb5df Backport from xs. 2023-03-30 10:49:08 +02:00
default
e187302ae7 Updated TODO. 2023-03-26 20:19:48 +02:00
default
efe0a0960a Backport from xs. 2023-03-18 10:28:04 +01:00
default
ba787061d8 Version 2.25 RELEASED. 2023-03-08 20:17:33 +01:00
default
9da3149a5d Updated documentation. 2023-03-08 10:18:45 +01:00
default
21e562cfbd Inbox collection can be disabled from the config file. 2023-03-08 10:14:40 +01:00
default
cef1b928c7 Updated documentation. 2023-03-08 04:56:33 +01:00
default
1956c05ca4 Updated documentation. 2023-03-08 04:47:57 +01:00
default
278575c2aa Backport from xs. 2023-03-08 04:28:20 +01:00
default
158bc127a3 Show Unicode symbols for replaced control codes. 2023-03-08 03:55:10 +01:00
default
b0f39a8f78 Updated RELEASE_NOTES. 2023-03-07 18:46:59 +01:00
default
ec31697b8d Collected addresses are also purged. 2023-03-07 14:33:15 +01:00
default
a2d36aa5f2 Renamed _purge_subdir() to _purge_user_subdir(). 2023-03-07 14:10:13 +01:00
default
985bb474ba Enable back inbox recollection. 2023-03-07 10:29:50 +01:00
default
2dadfffd8c Updated TODO. 2023-03-07 10:28:51 +01:00
default
71394774f4 Disabled inbox recollection temporarily (for global re push). 2023-03-07 10:27:50 +01:00
default
35995d03be Reject messages not for me. 2023-03-07 10:04:13 +01:00
default
2250ad7027 Sanitize control codes in JSON code. 2023-03-07 09:56:16 +01:00
default
23177e9395 is_msg_for_me() also accepts msgs where a followed is cc'ed. 2023-03-07 09:40:55 +01:00
default
946c29773a Some improvements to is_msg_for_me(). 2023-03-06 20:07:44 +01:00
default
b032e3d522 Fixed is_msg_for_me(). 2023-03-06 14:35:11 +01:00
default
e3e45b7c98 New function is_msg_for_me(). 2023-03-06 14:28:53 +01:00
default
1152450d1c Changed the way invalid codes in strings are stripped. 2023-03-06 13:28:15 +01:00
default
60f77b6cad msg_update() sends copies the 'to' and 'cc' fields in notes. 2023-03-06 11:26:43 +01:00
default
751211684f Don't send public admirations of non-public messages. 2023-03-06 11:16:15 +01:00
default
49f2f498de Strip dangerous control codes in sanitize(). 2023-03-06 11:06:35 +01:00
default
79ea0bf4ab Reject MUTEd actor messages ASAP with a 403 status. 2023-03-04 00:26:50 +01:00
default
1254602afb Merge branch 'master' of triptico.com:git/snac2 2023-03-03 22:40:41 +01:00
default
d0306975c5 Changed the way the content-length is set. 2023-03-03 22:40:37 +01:00
default
caedaca537 Updated TODO. 2023-03-03 21:13:42 +01:00
default
45f490286a Send to collected inboxes AFTER sending to explicit recipients. 2023-03-03 06:04:40 +01:00
default
aaf6ff20c1 Add the baseurl to the user agent in the signed GET. 2023-03-02 17:28:29 +01:00
default
b2ce9323db Added the url to srv_archive(). 2023-03-02 17:13:17 +01:00
default
8451d66601 Log the user-agent when serving the actor. 2023-03-02 15:34:04 +01:00