If parser has an unfinished stanza with depth > 1, it can happen that
parser->stanza points to a child. Releasing the child doesn't free the
parent stanza.
Instead of releasing parser->stanza in parser_reset() and parser_free(),
find the top most parent and release the whole tree. Also add a test
case for this memory leak.
RFC6120 states that client SHOULD send the "from" attribute in <stream>.
Because of privacy concerns attribute "from" should be sent only after
TLS negotiation. This step ensures that the server is verified by its
certificate and protects JID from MITM attack.
Fixes#163.
Also should be helpful for #162.
Const variables in prototypes don't add much value, but make the code
larger and redundant. Remove these const keywords.
Note, this doesn't apply to pointers to const memory.
Make it possible to reset password to NULL. It is not required for
ANONYMOUS authentication. Also, report an error and disconnect if
password is not set and libstrophe should try authentication mechanisms
other than ANONYMOUS.
ctx.c contains a workaround for systems without va_copy() support.
Improve this workaround in the way which is described in the autoconf
manual.
Also check for va_copy declaration in configure time.
Fixes#160.
Compilers remove dead assignments in optimization phase. But SHA1 code
uses them for wiping of sensitive data. Fix this with the trick used
by openssl.
This function creates a stanza object from a string. The string must
contain a single complete stanza. Multiple stanzas will lead to memory
leak and this is not handled in the patch.
There are situations when applications need more predictable timed
handlers that don't depend on connection status. Other usecase of
the global handlers is to manage offline connections, for example,
reconnect after a disconnection.
Introduced UNUSED macro with cast to void in commoh.h for internal
use. Used cast to void directly in those files which do not
include common.h. Although this change doesn't fix semantic issues
with unused function parameters, it does explicitly mark all those
places, which might require attention in future.
HMAC was originally implemented for SHA1 digest according to RFC2104.
The RFC defined blocksize for all digests as 64 bytes. But RFC4868
requires blocksize for SHA384/SHA512 to be 128 bytes.
Extend HMAC implementation to support variable blocksize and fix it for
SHA384/SHA512.
* Add SCRAM_DIGEST_SIZE macro for maximum possible digest size. It will
avoid new buffer overflow errors when new digests are added.
* Fix buffer overflow in sasl_scram(). Buffers were allocated for SHA1
digest size.
* Fix bug with handler re-registration when a SASL SCRAM mechanism
fails.
@sjaeckel integrated clang-format with formal coding style. Run his
script and commit changes.
There are pros and cons of this commit.
Mixed coding style is a "broken window". A good single style simplifies
reading and writing code.
On the other hand, this is a big change which will lead to conflicts.
Libstrophe doesn't override memory allocation functions in XML libraries
and default allocators are used as result.
Current patch solves this issue partially for expat module. The module
caches 1st strophe context and overrides expat's allocator for parsers
within this context. For all other contexts, fallback to default
allocator.
This is modified version of solution from UnrealEngine project.