Filter out control characters (U+0000 to U+001F) from outgoing
messages, as they are illegal in XML 1.0 (except for \t, \n, and \r).
This prevents XMPP servers from closing the connection when such
characters are accidentally or intentionally included in a message.
Fixes: https://github.com/profanity-im/profanity/issues/1437
Instead of repeating the same pattern over and over, introduce a helper
function that either outputs a formatted timestamp if one is given as
argument or returns the current time if no argument is given.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
Make get_random_string() return a gchar*.
This is part of the effort to migrate string declarations and
allocations from char to gchar, replacing standard C allocators
(malloc/calloc/strdup) with their glib equivalents
(g_malloc/g_new0/g_strdup).
The primary goal is to prevent mismatched allocator bugs. While char and
gchar are binary compatible, mixing their respective deallocators is
dangerous:
* Freeing malloc'd memory with g_free() (or vice versa) can lead to
memory corruption, double-frees, or crashes.
* This is seems to be the case especiall on non Linux platforms or when
using hardened memory allocators where the GLib slice allocator or
wrappers may differ from the system heap.
By standardizing on gchar, we ensure that our automatic cleanup macros
(like auto_gchar) always invoke the correct deallocator (g_free).
Also refactor the function so we pass it the current version
and don't rely on the define inside of it.
This function only allows version format in the style of "x.y.z".
Optimize prof_occurrences by using pointer arithmetic and
g_utf8_next_char instead of calls to g_utf8_offset_to_pointer.
Improve list construction efficiency in prof_occurrences by
using g_slist_prepend and g_slist_reverse instead of appends.
Also fix a slight oversight that could lead to trouble:
When empty search strings (e.g. empty nicks) are passed
it caused matches at every position.
Update the test case to test for empty nicks.
* Add new TLS policy `direct` as a replacement for `legacy`.
* Document that `/[command]?` prints the help of a command.
* Add option to get help via `/command help`.
* Fix `my-prof.supp` generation and tests for out-of-source builds.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
Several users have reported segfaults when starting up profanity which
has OMEMO support, but OMEMO is not set up yet.
@StefanKropp has been able to reproduce this and tracked it down to
`_load_identity()` calling `omemo_known_devices_keyfile_save()`.
The latter then calls `save_keyfile()` which calls
`g_key_file_save_to_file()`. This can then fail if one of the first two
strings is NULL and won't set the `error` on return. In its error handling
`save_keyfile()` unconditionally dereferences `error` which leads to the
segfault.
Fix this and also go through the entire codebase and verify that the usage
of `GError` is done correctly.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
* Fix missing destruction of `session_store` and mutex
* Replace `glib_hash_table_free()`
The glib API `g_hash_table_destroy()` does exactly the same.
* Use the default libsignal `destroy_func` instead of doing that manually
* Set internal state to `0` after everything is cleaned up
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
If `n` is the number of `substr` replace operations, the old
implementation did `n+1` allocations and always first copied start,
then replacement, then the remaining (unsearched) part of the original
string.
Now calculate the number of occurences of `substr` before allocating the
resulting string.
Change the algorithm to parse through the original string and only
copy the parts that must be kept into the resulting string plus the
replacements where they belong at.
Now we also only have to go through the original string twice plus we only
do a single allocation.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
in before it just used the input command line as it was but this fixes
this by adding formatting using `format_call_external_argv` which is
already used in `url open` executable.
unluckily here the code neglected the fact that glib will set an error
to a location that was pointed by the error pointer if it is not null.
but it was of an undefined value hence profanity crashed. now it is null
as it must be.
also spawn error is returned when glib could not spawn the task for
some reason like the executable file does not exist but if the exit
status was non-zero it neglected the exit error and tried to output a
spawn error instead. now we check whether the process that we
instantiated has exited successfully
also now code uses `g_spawn_check_wait_status` which
`g_spawn_check_exit_status` has been aliased to.
Our variable `alphabet` contains 62 alphanumeric symbols + '\0'.
When we use sizeof(alphabet) we will get 63 due to that.
But we want to choose a random numbers from the 62 alphanumeric letters only.
This mistake caused us to have strings with a max length of `length`
instead of the exact length.
When doing https://github.com/profanity-im/profanity/issues/1520
this caused our algo for muc reflection to not catch since we expect the
random ID to be exactly 15 symbols long in `message_is_sent_by_us()`.