0
0
Fork 0
mirror of https://github.com/matrix-construct/construct synced 2024-11-17 15:30:52 +01:00
construct/libratbox
Keith Buck 784ce5c1cc Remove SSL_OP_NO_COMPRESSION from openssl initialization.
SSL_OP_NO_COMPRESSION was presumably added in an attempt to prevent
information leakage in a manner similar to recent attacks on HTTPS.
However, assuming that IRC is vulnerable to the same class of attacks is
incorrect: the behavior of the IRC protocol (a single long-running
connection) is not the same as that of HTTPS (multiple ephemeral
connections). HTTPS's use of ephemeral connections means that certain
assumptions can be made about the contents of the compression
algorithm's dictionaries and the content exchanged between the client
and server (e.g. the content being nearly the same for each connection),
which is not true for IRC. Additionally, they rely on the attacker being
able to coerce the client into creating many HTTPS connections (and
resending some secret token belonging to the user, along with
attacker-controlled data) each time, none of which is possible with IRC.
Lastly, since compression is no longer performed, this option will
result in leaking the lengths of messages transmitted to and from the
client. This option does reduce CPU utilization on Charybdis servers but
also increases bandwidth consumed.
2014-02-21 09:17:29 +00:00
..
include libratbox: regenerate autotools files 2014-02-08 18:35:24 +00:00
src Remove SSL_OP_NO_COMPRESSION from openssl initialization. 2014-02-21 09:17:29 +00:00
.indent.pro Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
acinclude.m4 Detect a potential infinite loop in ./configure in AC_DEFINE_DIR. 2012-03-02 01:51:30 +00:00
aclocal.m4 libratbox: regenerate autotools files 2014-02-08 18:35:24 +00:00
ChangeLog Update libratbox. 2008-12-22 12:49:01 +03:00
config.guess Copied libratbox and related stuff from shadowircd upstream. 2008-12-03 02:49:39 +03:00
config.sub Copied libratbox and related stuff from shadowircd upstream. 2008-12-03 02:49:39 +03:00
configure libratbox: regenerate autotools files 2014-02-08 18:35:24 +00:00
configure.ac Revert "libratbox: Remove broken gnutls support." 2013-06-10 12:19:02 -04:00
COPYING Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
CREDITS Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
depcomp Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
INSTALL Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
install-sh Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
libratbox.pc.in Add libratbox.pc.in for out-of-tree libratbox build (think: packaging). 2008-06-10 22:02:10 -05:00
ltmain.sh Re-libtoolize. 2012-02-04 04:18:48 -06:00
Makefile.am Add libratbox.pc.in for out-of-tree libratbox build (think: packaging). 2008-06-10 22:02:10 -05:00
Makefile.in libratbox: regenerate autotools files 2014-02-08 18:35:24 +00:00
missing Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00
README Copied libratbox and related stuff from shadowircd upstream. 2008-12-03 02:49:39 +03:00
TODO Pull in libratbox from ircd-ratbox-3.0.0beta1 and integrate into the build system. 2008-04-01 11:52:26 -05:00

This is libircd from ircd-ratbox.  A few notes about this library:

1. Most of this code isn't anywhere near threadsafe at this point.  Don't
   hold your breath on this either.
2. The linebuf code is designed to deal with pretty much 512 bytes per line
   and that is it.  Anything beyond that length unless in raw mode, gets
   discard.  For some non-irc purposes, this can be a problem, but for
   ircd stuff its fine.
3. The helper code when transmitting data between helpers, the same 512 byte
   limit applies there as we recycle the linebuf code for this.