From 330149b9b6e997412a203f36bd0f5f9253652c3b Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?S=C3=A9bastien=20Helleu?= <flashcode@flashtux.org>
Date: Sat, 21 Dec 2019 10:47:35 +0100
Subject: [PATCH] relay: reject client with weechat protocol if password or
 totp is received in init command but not set in WeeChat (closes #1435)

---
 ChangeLog.adoc                                |  1 +
 .../relay/weechat/relay-weechat-protocol.c    | 47 ++++++++++-----
 src/plugins/relay/weechat/relay-weechat.c     | 60 +++++++------------
 3 files changed, 55 insertions(+), 53 deletions(-)

diff --git a/ChangeLog.adoc b/ChangeLog.adoc
index 01ba63999..2f5cb1eeb 100644
--- a/ChangeLog.adoc
+++ b/ChangeLog.adoc
@@ -22,6 +22,7 @@ New features::
 
   * core: add debug option "-d" in command /eval (issue #1434)
   * api: add info "weechat_headless" (issue #1433)
+  * relay: reject client with weechat protocol if password or totp is received in init command but not set in WeeChat (issue #1435)
 
 Bug fixes::
 
diff --git a/src/plugins/relay/weechat/relay-weechat-protocol.c b/src/plugins/relay/weechat/relay-weechat-protocol.c
index 8d50c5d17..ffeff9357 100644
--- a/src/plugins/relay/weechat/relay-weechat-protocol.c
+++ b/src/plugins/relay/weechat/relay-weechat-protocol.c
@@ -170,11 +170,22 @@ relay_weechat_protocol_is_sync (struct t_relay_client *ptr_client,
 RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
 {
     char **options, *pos, *password, *totp_secret, *info_totp_args, *info_totp;
-    int i, compression, length;
+    int i, compression, length, password_received, totp_received;
 
-    RELAY_WEECHAT_PROTOCOL_MIN_ARGS(1);
+    RELAY_WEECHAT_PROTOCOL_MIN_ARGS(0);
 
-    options = weechat_string_split_command (argv_eol[0], ',');
+    password = weechat_string_eval_expression (
+        weechat_config_string (relay_config_network_password),
+        NULL, NULL, NULL);
+    totp_secret = weechat_string_eval_expression (
+        weechat_config_string (relay_config_network_totp_secret),
+        NULL, NULL, NULL);
+
+    password_received = 0;
+    totp_received = 0;
+
+    options = (argc > 0) ?
+        weechat_string_split_command (argv_eol[0], ',') : NULL;
     if (options)
     {
         for (i = 0; options[i]; i++)
@@ -186,21 +197,13 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
                 pos++;
                 if (strcmp (options[i], "password") == 0)
                 {
-                    password = weechat_string_eval_expression (
-                        weechat_config_string (relay_config_network_password),
-                        NULL, NULL, NULL);
-                    if (password)
-                    {
-                        if (strcmp (password, pos) == 0)
-                            RELAY_WEECHAT_DATA(client, password_ok) = 1;
-                        free (password);
-                    }
+                    password_received = 1;
+                    if (password && (strcmp (password, pos) == 0))
+                        RELAY_WEECHAT_DATA(client, password_ok) = 1;
                 }
                 else if (strcmp (options[i], "totp") == 0)
                 {
-                    totp_secret = weechat_string_eval_expression (
-                        weechat_config_string (relay_config_network_totp_secret),
-                        NULL, NULL, NULL);
+                    totp_received = 1;
                     if (totp_secret)
                     {
                         length = strlen (totp_secret) + strlen (pos) + 16 + 1;
@@ -220,7 +223,6 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
                                 free (info_totp);
                             free (info_totp_args);
                         }
-                        free (totp_secret);
                     }
                 }
                 else if (strcmp (options[i], "compression") == 0)
@@ -234,6 +236,14 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
         weechat_string_free_split_command (options);
     }
 
+    /* if no password received and password is empty, it's OK */
+    if (!password_received && (!password || !password[0]))
+        RELAY_WEECHAT_DATA(client, password_ok) = 1;
+
+    /* if no TOTP received and totp_secret is empty, it's OK */
+    if (!totp_received && (!totp_secret || !totp_secret[0]))
+        RELAY_WEECHAT_DATA(client, totp_ok) = 1;
+
     if (RELAY_WEECHAT_DATA(client, password_ok)
         && RELAY_WEECHAT_DATA(client, totp_ok))
     {
@@ -246,6 +256,11 @@ RELAY_WEECHAT_PROTOCOL_CALLBACK(init)
         relay_client_set_status (client, RELAY_STATUS_AUTH_FAILED);
     }
 
+    if (password)
+        free (password);
+    if (totp_secret)
+        free (totp_secret);
+
     return WEECHAT_RC_OK;
 }
 
diff --git a/src/plugins/relay/weechat/relay-weechat.c b/src/plugins/relay/weechat/relay-weechat.c
index 928fc8f3e..8c7052bb7 100644
--- a/src/plugins/relay/weechat/relay-weechat.c
+++ b/src/plugins/relay/weechat/relay-weechat.c
@@ -166,46 +166,32 @@ relay_weechat_free_buffers_nicklist (struct t_hashtable *hashtable,
 void
 relay_weechat_alloc (struct t_relay_client *client)
 {
-    char *password, *totp_secret;
-
-    password = weechat_string_eval_expression (
-        weechat_config_string (relay_config_network_password),
-        NULL, NULL, NULL);
-    totp_secret = weechat_string_eval_expression (
-        weechat_config_string (relay_config_network_totp_secret),
-        NULL, NULL, NULL);
-
     client->protocol_data = malloc (sizeof (struct t_relay_weechat_data));
-    if (client->protocol_data)
-    {
-        RELAY_WEECHAT_DATA(client, password_ok) = (password && password[0]) ? 0 : 1;
-        RELAY_WEECHAT_DATA(client, totp_ok) = (totp_secret && totp_secret[0]) ? 0 : 1;
-        RELAY_WEECHAT_DATA(client, compression) = RELAY_WEECHAT_COMPRESSION_ZLIB;
-        RELAY_WEECHAT_DATA(client, buffers_sync) =
-            weechat_hashtable_new (32,
-                                   WEECHAT_HASHTABLE_STRING,
-                                   WEECHAT_HASHTABLE_INTEGER,
-                                   NULL, NULL);
-        RELAY_WEECHAT_DATA(client, hook_signal_buffer) = NULL;
-        RELAY_WEECHAT_DATA(client, hook_hsignal_nicklist) = NULL;
-        RELAY_WEECHAT_DATA(client, hook_signal_upgrade) = NULL;
-        RELAY_WEECHAT_DATA(client, buffers_nicklist) =
-            weechat_hashtable_new (32,
-                                   WEECHAT_HASHTABLE_POINTER,
-                                   WEECHAT_HASHTABLE_POINTER,
-                                   NULL, NULL);
-        weechat_hashtable_set_pointer (RELAY_WEECHAT_DATA(client, buffers_nicklist),
-                                       "callback_free_value",
-                                       &relay_weechat_free_buffers_nicklist);
-        RELAY_WEECHAT_DATA(client, hook_timer_nicklist) = NULL;
+    if (!client->protocol_data)
+        return;
 
-        relay_weechat_hook_signals (client);
-    }
+    RELAY_WEECHAT_DATA(client, password_ok) = 0;
+    RELAY_WEECHAT_DATA(client, totp_ok) = 0;
+    RELAY_WEECHAT_DATA(client, compression) = RELAY_WEECHAT_COMPRESSION_ZLIB;
+    RELAY_WEECHAT_DATA(client, buffers_sync) =
+        weechat_hashtable_new (32,
+                               WEECHAT_HASHTABLE_STRING,
+                               WEECHAT_HASHTABLE_INTEGER,
+                               NULL, NULL);
+    RELAY_WEECHAT_DATA(client, hook_signal_buffer) = NULL;
+    RELAY_WEECHAT_DATA(client, hook_hsignal_nicklist) = NULL;
+    RELAY_WEECHAT_DATA(client, hook_signal_upgrade) = NULL;
+    RELAY_WEECHAT_DATA(client, buffers_nicklist) =
+        weechat_hashtable_new (32,
+                               WEECHAT_HASHTABLE_POINTER,
+                               WEECHAT_HASHTABLE_POINTER,
+                               NULL, NULL);
+    weechat_hashtable_set_pointer (RELAY_WEECHAT_DATA(client, buffers_nicklist),
+                                   "callback_free_value",
+                                   &relay_weechat_free_buffers_nicklist);
+    RELAY_WEECHAT_DATA(client, hook_timer_nicklist) = NULL;
 
-    if (password)
-        free (password);
-    if (totp_secret)
-        free (totp_secret);
+    relay_weechat_hook_signals (client);
 }
 
 /*