Reject relay init commands with totp when totp is not enabled #1435
Comments
|
You're right, I'll implement that. |
mweinelt
added a commit
to mweinelt/nixpkgs
that referenced
this issue
Mar 29, 2020
New features
core: add variable "old_full_name" in buffer, set during buffer renaming (issue weechat/weechat#1428)
core: add debug option "-d" in command /eval (issue weechat/weechat#1434)
api: add functions crypto_hash and crypto_hash_pbkdf2
api: add info "auto_connect" (issue weechat/weechat#1453)
api: add info "weechat_headless" (issue weechat/weechat#1433)
buflist: add pointer "window" in bar item evaluation
irc: add support of fake servers (no I/O, for testing purposes)
relay: accept hash of password in init command of weechat protocol with option "password_hash" (PBKDF2, SHA256, SHA512)
relay: reject client with weechat protocol if password or totp is received in init command but not set in WeeChat (issue weechat/weechat#1435)
Bug fixes
core: fix memory leak in completion
core: flush stdout/stderr before forking in hook_process function (issue weechat/weechat#1441)
core: fix evaluation of condition with nested "if" (issue weechat/weechat#1434)
irc: split AUTHENTICATE message in 400-byte chunks (issue weechat/weechat#1459)
irc: copy temporary server flag in command /server copy
irc: add nick changes in the hotlist (except self nick change)
irc: case-insensitive comparison on incoming CTCP command, force upper case on CTCP replies (issue weechat/weechat#1439)
irc: fix memory leak when the channel topic is changed
logger: fix crash when logging is disabled on a buffer and the log file was deleted in the meanwhile, when option logger.file.info_lines is on (issue weechat/weechat#1444)
php: fix crash when loading script with PHP 7.4 (issue weechat/weechat#1452)
relay: update buffers synchronization when buffers are renamed (issue weechat/weechat#1428)
script: fix memory leak in read of script repository file if it has invalid content
script: fix unexpected display of scripts list in buffer with command /script list -i
xfer: send signal "xfer_ended" after the received file has been renamed (issue weechat/weechat#1438)
Tests
scripts: fix generation of test scripts with Python 3.8
unit: add tests on IRC protocol functions and callbacks
unit: add tests on function secure_derive_key
unit: add tests on functions util_get_time_diff and util_file_get_content
Build
core: fix Cygwin build
guile: add detection of Guile 3.0.0 (issue weechat/weechat#1442)
irc: fix build with GnuTLS < 3.1.0 (issue weechat/weechat#1431)
php: add detection of PHP 7.4
ruby: add detection of Ruby 2.7 (issue weechat/weechat#1455)
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Feature description
Reject relay init commands that have a totp argument when no totp is required by weechat. https://weechat.org/files/doc/stable/weechat_relay_protocol.en.html#command_init
If you don't reject this, the user gets a false sense of security. And the relay client has no way of knowing if totp is required or not.
Also it would probably be even better to first do an init command without totp, and then having weechat send back a request for a totp, but this would be breaking.
The text was updated successfully, but these errors were encountered: