The C standard does not allow constructing pointers beyond one past the end
of an array. Therefore, if size is an unsigned type (size_t), then
buf + size is never less than buf.
Clang on 32-bit took advantage of the undefined behaviour, causing
segfaults.
(cherry picked from commit fab79c5d25423884fc4f5e0a56d97cb59b618196)
Merge: 6fb5e9636fa1fffc62e86561e7dcd734fa2ee53f
Add defer_accept option to enable TCP_DEFER_ACCEPT
Charybdis commits referenced:
atheme/charybdis@77cb59b
libratbox: add support for TCP_DEFER_ACCEPT on linux
atheme/charybdis@aa4737a
libratbox: make defer_accept optional.
atheme/charybdis@02270e9
Add listen::defer_accept option for controlling usage
of TCP_DEFER_ACCEPT option.
atheme/charybdis@797a29f
libratbox: Allow defer_accept on FreeBSD.
Work around a bug in GCC's loop optimization.
Or maybe it's undefined behavior in our C. Or maybe both. Either way,
it wasn't broken before, and now it is. So this fixes it.
Add two mechanism for avoiding name-collisions in a system-wide installation of charybdis. The ssld and bandb daemons, intended to be directly used by ircd and not the user, install into libexec when --enable-fhs-paths is set. For binaries which are meant to be in PATH (bindir), such as ircd and viconf, there is now an option --with-program-prefix=progprefix inspired by automake. If the user specifies --with-program-prefix=charybdis, the ircd binary is named charybdisircd when installed. Add support for saving the pidfile to a rundir and storing the ban database in localstatedir instead of in sysconfdir. This is, again, conditional on --enable-fhs-paths. Fix(?) genssl.sh to always write created SSL key/certificate/dh parameters to the sysconfdir specified during ./configure. The previous behavior was to assume that the user ran genssl.sh after ensuring that his current working directory was either sysconfdir or a sibling directory of sysconfdir.
ERR_error_string() is just broken, as it returns at most 119 chars
which means error messages are frequently truncated.
Allow for 511 chars using ERR_error_string_n().
This lets a user connect with a client certificate, and
passes the certificate's fingerprint to ircd, which
currently just notices it to the user.
A new ssld->ircd message 'F' is used to pass on the
fingerprint.
This is only for OpenSSL for now, not GNUTLS.