Commit Graph

163 Commits

Author SHA1 Message Date
467222d0ca fix(ui,db): harden NULL handling, fix CWE-134, optimize iterations
Some checks failed
CI Code / Code Coverage (push) Failing after 10m34s
CI Code / Check spelling (push) Failing after 10m47s
CI Code / Check coding style (push) Failing after 11m4s
CI Code / Linux (ubuntu) (push) Failing after 11m19s
CI Code / Linux (debian) (push) Failing after 11m28s
CI Code / Linux (arch) (push) Failing after 11m38s
security(CWE-134): fix format string injections + add CI check
fix(ui): subwindow lifecycle, newwin/newpad guards, fallback timestamps
fix(db): sqlite cleanup on failures, sqlite3_close_v2
fix(xmpp): queued_messages loop, barejid leak
perf(core): g_hash_table_iter_init instead of g_hash_table_get_keys
refactor(ui): CLAMP macro in _check_subwin_width
test: XEP-0012 and XEP-0045 functional tests

Author: jabber.developer2
Closes #58, #85
2026-02-06 19:27:40 +01:00
Steffen Jaeckel
9b1cb6ab85 If config keyfile does not exist, create it.
All checks were successful
CI / Check spelling (pull_request) Successful in 22s
CI / Check coding style (pull_request) Successful in 36s
CI / Linux (ubuntu) (pull_request) Successful in 14m11s
CI / Linux (debian) (pull_request) Successful in 16m2s
CI / Linux (arch) (pull_request) Successful in 20m21s
CI / Check spelling (push) Successful in 19s
CI / Check coding style (push) Successful in 34s
CI / Linux (debian) (push) Successful in 13m41s
CI / Linux (ubuntu) (push) Successful in 15m3s
CI / Linux (arch) (push) Successful in 20m23s
Fixes #1911
Alternative to #2056

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>

(cherry picked from commit b12521ca21)
2025-09-10 14:20:08 +02:00
0d7a859a20 fix: curl parameter type correction
All checks were successful
CI / Check coding style (pull_request) Successful in 34s
CI / Check spelling (pull_request) Successful in 24s
CI / Linux (ubuntu) (pull_request) Successful in 10m8s
CI / Linux (debian) (pull_request) Successful in 12m7s
CI / Linux (fedora) (pull_request) Successful in 13m44s
CI / Linux (arch) (pull_request) Successful in 16m39s
2025-06-20 14:58:30 +02:00
Michael Vetter
07dfeec816 Release 0.15.0 2025-03-27 20:06:38 +01:00
Michael Vetter
b5f0cc0bd4 Fix more potential leaks in aesgcm_download 2025-03-13 09:48:27 +01:00
Michael Vetter
569e37f018 Update copyright to 2024 2024-01-22 16:03:48 +01:00
Steffen Jaeckel
fdfe3e2ad9 Rework OMEMO handling on disconnect
* Fix missing destruction of `session_store` and mutex
* Replace `glib_hash_table_free()`
  The glib API `g_hash_table_destroy()` does exactly the same.
* Use the default libsignal `destroy_func` instead of doing that manually
* Set internal state to `0` after everything is cleaned up

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
Steffen Jaeckel
835ea397ac Tidy up some code
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:26:21 +01:00
Steffen Jaeckel
ca2df180d8 Introduce a shared implementation for keyfile loading
Instead of copy&pasting the same code over again, use a common
implementation.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-04 09:59:09 +02:00
Steffen Jaeckel
b7f964fe64 Resolve symlinks recursively in get_file_or_linked()
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-04 09:59:09 +02:00
Steffen Jaeckel
d3b6ebb1d7 Less allocations in str_replace()
If `n` is the number of `substr` replace operations, the old
implementation did `n+1` allocations and always first copied start,
then replacement, then the remaining (unsearched) part of the original
string.

Now calculate the number of occurences of `substr` before allocating the
resulting string.
Change the algorithm to parse through the original string and only
copy the parts that must be kept into the resulting string plus the
replacements where they belong at.
Now we also only have to go through the original string twice plus we only
do a single allocation.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-09-01 12:12:44 +02:00
Michael Vetter
22b1d14b67 Add helper function to create version string
And remove all the duplicate code.

Depending on the situation prof_get_version() will return:
* 0.13.1
* 0.13.1dev
* 0.13.1dev.master.69d8c1f9
2023-07-25 20:58:15 +02:00
John Hernandez
09f217d667 Improve documentation 2023-07-13 21:22:42 +02:00
John Hernandez
8304ac86ff g_free() to auto_gfree, introduce auto_guchar
Fix 11 potential mem leaks in theme.c
2023-07-13 17:04:59 +02:00
John Hernandez
e1d137f4e6 Change char->free to auto_char char for autocleanup
Replace `gchar` and `g_free` to `auto_gchar`
Correct certain  `char` functions/variables to `gchar`

Related to #1819.

Edited by @jubalh.
2023-07-11 13:26:37 +02:00
Michael Vetter
6247c28e31 Merge pull request #1842 from H3rnand3zzz/feature/plugins-download
New Feature: Plugins Download
2023-06-06 18:35:18 +02:00
John Hernandez
95e06ad169 Add url support (downloading) to /plugins install
Additional changes include code refactoring.
2023-05-16 15:57:07 +02:00
John Hernandez
7f3fca2bd0 Cleanup: gchar as gchar instead of char
Use gchar instead of char in most of the cases where gchar is intended.

Reason: improve compatibility and stability. Issue #1819

Minor refactoring.
2023-05-04 16:15:09 +02:00
Michael Vetter
e59c401c84 Adapt to g_string_free glib 2.75.3 change
glib 2.75.3 changes warning behaviour of `g_string_free()`.
See:
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3219
* https://gitlab.gnome.org/GNOME/glib/-/merge_requests/3226

Use this opportunity to replace the use of GString with
`g_strdup_printf()` where possible.
Otherwise correctly take the return value of `g_string_free()`
which is nicer anyways.
2023-03-21 10:53:10 +01:00
Steffen Jaeckel
7167760bdd fix #1761 by changing the implementation from recursive
... to an iterative approach

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-03-11 15:05:03 +01:00
Steffen Jaeckel
99ffaf0a00 introduce auto_gcharv
This also fixes memory leaks in `_omemo_autocomplete()`.

Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-19 10:40:25 +01:00
Steffen Jaeckel
698aefa005 fix memory leaks in OMEMO
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 20:11:13 +01:00
Steffen Jaeckel
b1b6c6f62d add /strophe command to modify libstrophe-specific settings
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-01-18 17:04:41 +01:00
Michael Vetter
3adc399da0 Update copyright year 2023-01-10 10:37:25 +01:00
Marouane L
2d11a35ee1 Spawn external programs asynchronously
Drawback is that we can't check the exitcode anymore.
But we were unsure why/when we need this, see:
https://github.com/profanity-im/profanity/pull/1760/files#r980868708

Fixes https://github.com/profanity-im/profanity/issues/1759
2022-10-12 12:25:00 +02:00
nandesu-utils
e1ed012f72 support for formatting in avatar executable
in before it just used the input command line as it was but this fixes
this by adding formatting using `format_call_external_argv` which is
already used in `url open` executable.
2022-09-06 12:51:27 +02:00
nandesu-utils
056b19eb91 refactored call_external code
unluckily here the code neglected the fact that glib will set an error
to a location that was pointed by the error pointer if it is not null.
but it was of an undefined value hence profanity crashed. now it is null
as it must be.

also spawn error is returned when glib could not spawn the task for
some reason like the executable file does not exist but if the exit
status was non-zero it neglected the exit error and tried to output a
spawn error instead. now we check whether the process that we
instantiated has exited successfully

also now code uses `g_spawn_check_wait_status` which
`g_spawn_check_exit_status` has been aliased to.
2022-08-27 16:25:15 +03:00
Michael Vetter
932e7826aa common: dont use GError twice
We need to use a new one or call `g_clear_error()`.

Fix segfault in https://github.com/profanity-im/profanity/issues/1738
2022-08-02 14:13:28 +02:00
Michael Vetter
9df4bd29ea Check for error before trying to append it
Related to https://github.com/profanity-im/profanity/issues/1738
2022-08-02 08:55:18 +02:00
Michael Vetter
1330ad4e1e Update copyright year 2022-05-09 15:43:33 +02:00
Steffen Jaeckel
705b6f7806 use g_mkdir_with_parents() instead of home-baked solution
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2022-03-14 13:17:46 +01:00
Michael Vetter
8e588d6764 Fix random string generation
Our variable `alphabet` contains 62 alphanumeric symbols + '\0'.
When we use sizeof(alphabet) we will get 63 due to that.
But we want to choose a random numbers from the 62 alphanumeric letters only.

This mistake caused us to have strings with a max length of `length`
instead of the exact length.

When doing https://github.com/profanity-im/profanity/issues/1520
this caused our algo for muc reflection to not catch since we expect the
random ID to be exactly 15 symbols long in `message_is_sent_by_us()`.
2021-04-17 22:37:21 +02:00
Michael Vetter
1ec606540e Get rid of asprintf and _GNU_SOURCE define
_GNU_SOURCE was even in some files where it was not needed at all
(http*).

Let's replace asprintf() with g_strdup_printf().
2021-03-30 17:38:13 +02:00
Maximilian Wuttke
1576ac11cb Remove "file://" from file names
Rationale: When copying an image in some application, a URL instead of a
path is copied to the clipboard.
2021-03-09 20:45:29 +01:00
Michael Vetter
8c08e64f37 Update copyright 2021-01-08 16:36:30 +01:00
William Wennerström
0437fae1a8 Do not inherit stdin of main process
I see no reason to inherit the stdin, so let's have it disabled.
2020-12-15 15:48:51 +01:00
William Wennerström
32cfea4bd2 Refactor call_external 2020-12-11 15:51:01 +01:00
William Wennerström
073412b845 Remove stray +2 for path string in get_expanded_path 2020-12-09 19:24:15 +01:00
Michael Vetter
b525befe67 Allocate memory for realpath in both cases
Forgot about that :(
2020-12-09 16:22:06 +01:00
Michael Vetter
a2291b36c4 Expand ~ in unique_filename_from_url()
unique_filename_from_url() is used for `/url save`.
It doesn't recognize ~ by itself, we need to expand it first.

Mentioned in
https://github.com/profanity-im/profanity/pull/1375#pullrequestreview-547892462
2020-12-09 08:44:26 +01:00
William Wennerström
ac03037847 Rework url to filename 2020-12-06 17:02:09 +01:00
William Wennerström
1d2c0a8836 Move unique_filename_from_url functions to common 2020-12-04 16:13:13 +01:00
William Wennerström
3a6597ee29 Refactor for threaded external executable for built-in download methods 2020-12-03 16:54:06 +01:00
Michael Vetter
35aecd425f Declare counter var inside loop
We require c99/gnu99 anyways.
2020-11-09 11:33:33 +01:00
Michael Vetter
3d307fe341 Get rid of str_contains()
We can use strchr() here.
2020-11-02 18:52:25 +01:00
nia
52e9be4abc Basic support for building on NetBSD.
- Add NetBSD as a recognized platform without -ldl.
- Allow building with NetBSD libcurses instead of ncurses.
- Portability to NetBSD sh - use POSIX '=' instead of '=='.
2020-09-04 12:55:20 +02:00
Michael Vetter
a2726b6a7d Apply coding style 2020-07-07 14:18:57 +02:00
Michael Vetter
a4cadf78fa Revert "Apply coding style"
This reverts commit 9b55f2dec0.

Sorting the includes creates some problems.
2020-07-07 13:53:30 +02:00
Michael Vetter
9b55f2dec0 Apply coding style
Regards https://github.com/profanity-im/profanity/issues/1396
2020-07-07 09:43:28 +02:00
Michael Vetter
f4159d8168 get_mentions() Use gchar instead of char 2020-07-02 12:17:23 +02:00