about summary refs log tree commit diff
path: root/chat.h
diff options
context:
space:
mode:
authorKlemens Nanni <klemens@posteo.de>2021-07-17 20:04:15 +0000
committerJune McEnroe <june@causal.agency>2021-07-20 12:03:46 -0400
commitf8e3414af06df95b18b8e29caa74a7eea3022c92 (patch)
tree3924d2b8519cabb3d43c2114e243ba5b889ffa2b /chat.h
parentchat.tmux.conf: Fix base-index setting (diff)
downloadcatgirl-f8e3414af06df95b18b8e29caa74a7eea3022c92.tar.gz
catgirl-f8e3414af06df95b18b8e29caa74a7eea3022c92.zip
Add -q/quiet option to raise default message visibility threshold
Silencing all windows with `M-+' (across multiple catgirl instances)
can be cumbersome, so provide an option to hide events, JOIN/PART noise,
etc. by default (each window's threshold will persist across load/save
cycles, i.e. when using the `-s/save' option).

Started out as `-v | visibility = threshold' to set a specific level,
the idea of a simpler toggle comes from june, who also squashed other
bugs (as usual).
Diffstat (limited to '')
-rw-r--r--chat.h1
1 files changed, 1 insertions, 0 deletions
diff --git a/chat.h b/chat.h
index c247dd7..dd9c823 100644
--- a/chat.h
+++ b/chat.h
@@ -292,6 +292,7 @@ void commandCompleteAdd(void);
 
 enum Heat { Ice, Cold, Warm, Hot };
 enum { TimeCap = 64 };
+extern enum Heat uiThreshold;
 extern struct Time {
 	bool enable;
 	const char *format;
generated by cgit-pink 1.4.1 (git 2.36.1) at 2024-10-26 21:36:37 +0000
README: times, they are a-changinJason A. Donenfeld2012-10-09 | * syntax-highlight: when the file has no extension, assume textFerry Huberts2012-10-09 | | | | | | | | | | There are 2 situations: 1- empty extension: assuming text is better than highlight producing no output because of a missing argument. 2- no extension at all: assuming text is better than setting the extension to the filename, which is what now happens. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> * ui-repolist: do not use agefile if it's date could not be parsedFerry Huberts2012-10-09 | | | | Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> * Revert "filters/syntax-highlighting.sh: work around highlight --force bug"Ferry Huberts2012-10-09 | | | | | | | | | This reverts commit f50be7fda0a7ab57009169dd5905fcbab8eb5166. An update with the latest highlight landed in EPEL. This new version doesn't have the --force bug, so the workaround can now be removed. Signed-off-by: Ferry Huberts <ferry.huberts@pelagic.nl> * Makefile: add tag target to generate ctagsJamie Couture2012-10-08 | | | | Signed-off-by: Jamie Couture <jamie.couture@gmail.com> * ui-repolist: Bold the currently viewed page.Jamie Couture2012-10-08 | | | | Signed-off-by: Jamie Couture <jamie.couture@gmail.com> * do not write outside heap bufferJim Meyering2012-10-02 | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | | * parsing.c (substr): Handle tail < head. This started when I noticed some cgit segfaults on savannah.gnu.org. Finding the offending URL/commit and then constructing a stand-alone reproducer were far more time-consuming than writing the actual patch. The problem arises with a commit like this, in which the user name part of the "Author" field is empty: $ git log -1 commit 6f3f41d73393278f3ede68a2cb1e7a2a23fa3421 Author: <T at h.or> Date: Mon Apr 23 22:29:16 2012 +0200 Here's what happens: (this is due to buf=malloc(0); strncpy (buf, head, -1); where "head" may point to plenty of attacker-specified non-NUL bytes, so we can overwrite a zero-length heap buffer with arbitrary data) Invalid write of size 1 at 0x4A09361: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process (cache.c:322) Address 0x4c718d0 is 0 bytes after a block of size 0 alloc'd at 0x4A0884D: malloc (vg_replace_malloc.c:263) by 0x455C85: xmalloc (wrapper.c:35) by 0x40894C: substr (parsing.c:60) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) Invalid write of size 1 at 0x4A09400: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process (cache.c:322) Address 0x4c7192b is not stack'd, malloc'd or (recently) free'd Invalid write of size 1 at 0x4A0940E: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process (cache.c:322) Address 0x4c7192d is not stack'd, malloc'd or (recently) free'd Process terminating with default action of signal 11 (SIGSEGV) Access not within mapped region at address 0x502F000 at 0x4A09400: strncpy (mc_replace_strmem.c:463) by 0x408977: substr (parsing.c:61) by 0x4089EF: parse_user (parsing.c:73) by 0x408D10: cgit_parse_commit (parsing.c:153) by 0x40A540: cgit_mk_refinfo (shared.c:171) by 0x40A581: cgit_refs_cb (shared.c:181) by 0x43DEB3: do_for_each_ref (refs.c:690) by 0x41075E: cgit_print_branches (ui-refs.c:191) by 0x416EF2: cgit_print_summary (ui-summary.c:56) by 0x40780A: summary_fn (cmd.c:120) by 0x40667A: process_request (cgit.c:544) by 0x404078: cache_process (cache.c:322) This happens when tail - head == -1 here: (parsing.c) char *substr(const char *head, const char *tail) { char *buf; buf = xmalloc(tail - head + 1); strncpy(buf, head, tail - head); buf[tail - head] = '\0'; return buf; } char *parse_user(char *t, char **name, char **email, unsigned long *date) { char *p = t; int mode = 1; while (p && *p) { if (mode == 1 && *p == '<') { *name = substr(t, p - 1); t = p; mode++; } else if (mode == 1 && *p == '\n') { The fix is to handle the case of (tail < head) before calling xmalloc, thus avoiding passing an invalid value to xmalloc. And here's the reproducer: It was tricky to reproduce, because git prohibits use of an empty "name" in a commit ID. To construct the offending commit, I had to resort to using "git hash-object". git init -q foo && ( cd foo && echo a > j && git add . && git ci -q --author='au <T at h.or>' -m. . && h=$(git cat-file commit HEAD|sed 's/au //' \ |git hash-object -t commit -w --stdin) && git co -q -b test $h && git br -q -D master && git br -q -m test master) git clone -q --bare foo foo.git cat <<EOF > in repo.url=foo.git repo.path=foo.git EOF CGIT_CONFIG=in QUERY_STRING=url=foo.git valgrind ./cgit The valgrind output is what you see above. AFAICS, this is not exploitable thanks (ironically) to the use of strncpy. Since that -1 translates to SIZE_MAX and this is strncpy, not only does it copy whatever is in "head" (up to first NUL), but it also writes SIZE_MAX - strlen(head) NUL bytes into the destination buffer, and that latter is guaranteed to evoke a segfault. Since cgit is single-threaded, AFAICS, there is no way that the buffer clobbering can be turned into an exploit. * ui-snapshot: pass -n to gzip, to suppress timestampJason A. Donenfeld2012-09-27 | | | | | | | | | | Since cgit snapshots of tags are often used for releases, we don't want the rarely used feature of the gzip compressor that includes an embedded timestamp into the archive, since this makes each tarball of the same (potentially signed) tag different. This commit refactors the archive handling code a bit so that each different format is able to run with an arbitrary argv for the filter. * Update copyright headers to have latest dates.Jason A. Donenfeld2012-07-12 | * ui-repolist: Case insensitive sorting and age sortJason A. Donenfeld2012-07-12 | | | | | | Add two options, one for doing the ordinary name sorts in a case-insensitive manner, and another for choosing to sort repos in each section by age instead of by name. * scan-tree: Support gitweb.category.Jason A. Donenfeld2012-07-12 | | | | | Use gitweb.category from git config to determine repo's section, if option is enabled. * scan-tree: Support gitweb.description.