GNU bug report logs - #59858
29.0.60; Preserve a nil erc-session-password when reconnecting

Previous Next

To add a comment to this bug, you must first unarchive it, by sending
a message to control AT debbugs.gnu.org, with unarchive 59858 in the body.
You can then email your comments to 59858 AT debbugs.gnu.org in the normal way.

Toggle the display of automated, internal messages from the tracker.

Message #5 received at submit <at> debbugs.gnu.org (full text, mbox):

From: "J.P." <jp <at> neverwas.me>
To: bug-gnu-emacs <at> gnu.org
Subject: 29.0.60; Preserve a nil erc-session-password when reconnecting
Date: Tue, 06 Dec 2022 06:21:06 -0800

[Message part 1 (text/plain, inline)]

Hi people,

When reconnecting, `erc-determine-parameters' prefers reusing existing
session parameters, mainly by way of the various "compute" functions,
like `erc-compute-server'. But this isn't true if a parameter is nil.
The "danger" here is that, once exposed to new details, like the network
name, a custom auth-source-search function, for example, could reach a
different conclusion than it did initially, which could then lead to the
unwanted transmission of a non-server password via the PASS command.

One solution would be to just bypass `erc-determine-parameters' when
reconnecting and instead copy over all session vars verbatim while
leaving them unset in target buffers. However, there may be third-party
code expecting these vars to be recomputed whenever `erc-open' runs. So,
for the sake of compatibility, it's probably prudent to just focus on
`erc-session-password' for now because it's the likeliest offender (and
because passwords).

For this, we're mainly concerned with `erc-auth-source-server-function',
which always runs when reconnecting if the existing session password is
nil (and the opt itself is non-nil). One way to partially address this
might be to hide an existing "derived" `erc-network--id' from
`erc-auth-source-server-function' when reconnecting or opening a target
buffer. But this assumes a lot. Alternatively, we could just inhibit
`erc-auth-source-server-function' from running whenever
`erc--server-reconnecting' is non-nil and `erc-open' was called with a
nil session password, which is what this patch does.

(Better ideas welcome, as always.)

Thanks,
J.P.


In GNU Emacs 29.0.60 (build 2, x86_64-pc-linux-gnu, GTK+ Version
 3.24.35, cairo version 1.17.6) of 2022-12-04 built on localhost
Repository revision: 4bcdb1cc65bf779b6479f99a7aa767ab83b3bae1
Repository branch: emacs-29
Windowing system distributor 'The X.Org Foundation', version 11.0.12014000
System Description: Fedora Linux 36 (Workstation Edition)

Configured using:
 'configure --enable-check-lisp-object-type --enable-checking=yes,glyphs
 'CFLAGS=-O0 -g3'
 PKG_CONFIG_PATH=:/usr/lib64/pkgconfig:/usr/share/pkgconfig'

Configured features:
ACL CAIRO DBUS FREETYPE GIF GLIB GMP GNUTLS GPM GSETTINGS HARFBUZZ JPEG
JSON LCMS2 LIBOTF LIBSELINUX LIBSYSTEMD LIBXML2 M17N_FLT MODULES NOTIFY
INOTIFY PDUMPER PNG RSVG SECCOMP SOUND SQLITE3 THREADS TIFF
TOOLKIT_SCROLL_BARS WEBP X11 XDBE XIM XINPUT2 XPM GTK3 ZLIB

Important settings:
  value of $LANG: en_US.UTF-8
  value of $XMODIFIERS: @im=ibus
  locale-coding-system: utf-8-unix

Major mode: Lisp Interaction

Minor modes in effect:
  tooltip-mode: t
  global-eldoc-mode: t
  eldoc-mode: t
  show-paren-mode: t
  electric-indent-mode: t
  mouse-wheel-mode: t
  tool-bar-mode: t
  menu-bar-mode: t
  file-name-shadow-mode: t
  global-font-lock-mode: t
  font-lock-mode: t
  blink-cursor-mode: t
  line-number-mode: t
  indent-tabs-mode: t
  transient-mark-mode: t
  auto-composition-mode: t
  auto-encryption-mode: t
  auto-compression-mode: t

Load-path shadows:
None found.

Features:
(shadow sort mail-extr emacsbug message mailcap yank-media puny dired
dired-loaddefs rfc822 mml mml-sec epa derived epg rfc6068 epg-config
gnus-util text-property-search mm-decode mm-bodies mm-encode mail-parse
rfc2231 mailabbrev gmm-utils mailheader sendmail rfc2047 rfc2045
ietf-drums mm-util mail-prsvr mail-utils erc iso8601 time-date
auth-source cl-seq eieio eieio-core cl-macs password-cache json subr-x
map thingatpt pp format-spec cl-loaddefs cl-lib erc-backend erc-goodies
erc-networks byte-opt gv bytecomp byte-compile erc-common erc-compat
erc-loaddefs rmc iso-transl tooltip cconv eldoc paren electric uniquify
ediff-hook vc-hooks lisp-float-type elisp-mode mwheel term/x-win x-win
term/common-win x-dnd tool-bar dnd fontset image regexp-opt fringe
tabulated-list replace newcomment text-mode lisp-mode prog-mode register
page tab-bar menu-bar rfn-eshadow isearch easymenu timer select
scroll-bar mouse jit-lock font-lock syntax font-core term/tty-colors
frame minibuffer nadvice seq simple cl-generic indonesian philippine
cham georgian utf-8-lang misc-lang vietnamese tibetan thai tai-viet lao
korean japanese eucjp-ms cp51932 hebrew greek romanian slovak czech
european ethiopic indian cyrillic chinese composite emoji-zwj charscript
charprop case-table epa-hook jka-cmpr-hook help abbrev obarray oclosure
cl-preloaded button loaddefs theme-loaddefs faces cus-face macroexp
files window text-properties overlay sha1 md5 base64 format env
code-pages mule custom widget keymap hashtable-print-readable backquote
threads dbusbind inotify lcms2 dynamic-setting system-font-setting
font-render-setting cairo move-toolbar gtk x-toolkit xinput2 x multi-tty
make-network-process emacs)

Memory information:
((conses 16 64335 6194)
 (symbols 48 8606 0)
 (strings 32 23623 2014)
 (string-bytes 1 683188)
 (vectors 16 15217)
 (vector-slots 8 208663 8804)
 (floats 8 24 28)
 (intervals 56 227 0)
 (buffers 984 11))

[0001-Respect-a-nil-erc-session-password-when-reconnecting.patch (text/x-patch, attachment)]

Previous Next

GNU bug tracking system
Copyright (C) 1999 Darren O. Benham, 1997,2003 nCipher Corporation Ltd, 1994-97 Ian Jackson.