From 47c8ec523871d4902bb2cd79da8eb2851362df30 Mon Sep 17 00:00:00 2001
From: Simon Ser <contact@emersion.fr>
Date: Wed, 17 Nov 2021 12:10:40 +0100
Subject: [PATCH] Add context arg to sanityCheckServer

As a bonus, the timeout now applies to the whole TLS dial
operation. Before the timeout only applied to the net dial
operation, making it possible for a bad server to stall the request
by making the TLS handshake extremely slow.
---
 downstream.go | 11 +++++++----
 1 file changed, 7 insertions(+), 4 deletions(-)

diff --git a/downstream.go b/downstream.go
index d2e3b35..f6eb519 100644
--- a/downstream.go
+++ b/downstream.go
@@ -1030,12 +1030,15 @@ func (dc *downstreamConn) updateRealname() {
 	}
 }
 
-func sanityCheckServer(addr string) error {
-	dialer := net.Dialer{Timeout: 30 * time.Second}
-	conn, err := tls.DialWithDialer(&dialer, "tcp", addr, nil)
+func sanityCheckServer(ctx context.Context, addr string) error {
+	ctx, cancel := context.WithTimeout(ctx, 30*time.Second)
+	defer cancel()
+
+	conn, err := new(tls.Dialer).DialContext(ctx, "tcp", addr)
 	if err != nil {
 		return err
 	}
+
 	return conn.Close()
 }
 
@@ -1130,7 +1133,7 @@ func (dc *downstreamConn) loadNetwork() error {
 		}
 
 		dc.logger.Printf("trying to connect to new network %q", addr)
-		if err := sanityCheckServer(addr); err != nil {
+		if err := sanityCheckServer(context.TODO(), addr); err != nil {
 			dc.logger.Printf("failed to connect to %q: %v", addr, err)
 			return ircError{&irc.Message{
 				Command: irc.ERR_PASSWDMISMATCH,