`xmpp_run_once()` uses `FD_SET()` to determine which sockets to `select()`
on. The socket gets initialized to `INVALID_SOCKET = -1` inside
`xmpp_conn_new()` which leads to a buffer overflow once `FD_SET()` is
called.
This is only exposed when enabling a higher optimization level, which
was only done in the `release-test` CI job.
* Fix this testcase by initializing the socket to a possible value.
* Build the Valgrind CI jobs with `-O2`.
* Make the output of the `release-test` more verbose.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
* Refactor `xmpp_sm_state_restore()`
Add new internal functions to load u32 and string values. This also brings
length checks in order to verify we don't read more sm_state than there
potentially is and type checks to ensure we have the correct CBOR types.
Each element is added to the queue right after creation, so it won't leak
in case creating its content fails.
* Refactor `sm_state_serialize()`
* Store & restore ints as/from big endian, CBOR requires that
* Bring API names in line with the usual naming
* Auto-format sources
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
It is useful in some applications to get a snapshot of the stream
management state for storage outside the process, in order to recover
from crashes and other things. The get_sm_state already present is not
suitable for this because it returns a live object tied in to the
current context and such, and containing much unneeded internal-api
data.
Introduce xmpp_sm_state_set_callback which is called every time the
state changes with a serialized state, and a dual xmpp_sm_state_restore
which takes in this serialized state and sets up a new sm_state based on
that.
The serialization is considered opaque from the PoV of the API, but is
based on CBOR to facilitate easy debugging.
* Be more verbose in which argument is `should` and which is `is`.
* Fix the order in the `ENSURE_EQ()` macro.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
It has been pointed out that the wording of the license of this library is
not entirely clear.
The term "dual licensing" usually refers to a licence choice of two
licenses "LICENSE1 _or_ LICENSE2.
Instead the license of this library claimed "LICENSE1 _and_ LICENSE2".
After an internal discussion with @metajack and @pasis it was made clear
that the initial idea was to dual license the library in the usual way.
This was also made clear by jack on the ML in the past [0].
As of jack, these licensing terms originated from jquery, which also used
the 'and' version in the past and has since been corrected [1].
This patch changes the license terms to 'MIT or GPLv3' and also adds SPDX
headers [2].
[0] https://groups.google.com/g/libstrophe/c/JkFgr601JQc
[1] https://stackoverflow.com/q/2758409
[2] https://spdx.org
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Fedora patches OpenSSL and disables usage of the ECC curve we used
in the old certificate.
This patch changes the ECC curve to a supported one.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
If Valgrind complains in this testcase we found a bug in the internal
resolver implementation, but as we didn't have the broken message we also
couldn't reproduce the failure.
Now we can reproduce it if it happens again.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Before this change the user had to provide a password callback, even if the
PKCS#12 encoded file has no or an empty password.
This changes the behavior, so we first try to open the file without a
password and only then ask the user to provide one.
This fixes#204.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
The cache is stored per connection object and is cleared on
* entry of wrong password
* release of connection object
* successful connection
It can be configured that libstrophe retries the password entry in case
the user entered a wrong password.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
In order to be able to load password-protected key files a password
callback was added.
This also adds support for PKCS#12 containers instead of certificate+key.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
Instead of using the internal DRBG-based RNG, use the `getrandom()` system
call where available.
Keep the existing version as fall-back for other systems that don't provide
that system call.
... and for cases where auto-detection fails or the user simply wants to
use the internal RNG a new configure-switch is provided.
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
... to provide an easier way to find long paths.
After looking at some code in profanity-im/profanity#1605 I thought this
could help to make libstrophe-user code easier to write (and read).
Initially it started off as `xmpp_stanza_get_child_by_xpath()` but then
I was annoyed when it came to handling all those potential corner cases
like e.g. escaping URL's in the ns ... so here we go with a
vararg approach :)
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
If parser has an unfinished stanza with depth > 1, it can happen that
parser->stanza points to a child. Releasing the child doesn't free the
parent stanza.
Instead of releasing parser->stanza in parser_reset() and parser_free(),
find the top most parent and release the whole tree. Also add a test
case for this memory leak.
Const variables in prototypes don't add much value, but make the code
larger and redundant. Remove these const keywords.
Note, this doesn't apply to pointers to const memory.
This function creates a stanza object from a string. The string must
contain a single complete stanza. Multiple stanzas will lead to memory
leak and this is not handled in the patch.
Introduced UNUSED macro with cast to void in commoh.h for internal
use. Used cast to void directly in those files which do not
include common.h. Although this change doesn't fix semantic issues
with unused function parameters, it does explicitly mark all those
places, which might require attention in future.
@sjaeckel integrated clang-format with formal coding style. Run his
script and commit changes.
There are pros and cons of this commit.
Mixed coding style is a "broken window". A good single style simplifies
reading and writing code.
On the other hand, this is a big change which will lead to conflicts.