Commit Graph

1704 Commits

Author SHA1 Message Date
Michael Vetter
156b78adfa cleanup: fix potential NULL dereference and leaks in cmd_sendfile
* Add NULL checks for malloc and strdup calls in cmd_sendfile
* Ensure file handles and descriptors are closed on all error paths
2026-02-27 00:02:59 +01:00
Michael Vetter
5711671c99 refactor: roster export uses GString and g_file_set_contents now
Modernize the /export command implementation by adopting GLib-based
patterns for string manipulation and file handling.

* Replace _writecsv with _append_csv_escaped to efficiently handle CSV
  quote doubling directly within a GString buffer
* Refactor cmd_export to build the CSV content in memory using GString,
  minimizing system calls
* Use g_file_set_contents for atomic writing
2026-02-27 00:02:59 +01:00
Michael Vetter
9f3d78a994 refactor: Make _writecsv safer and with better performance
* Cache strlen() result
* Check for malloc() failure to prevent null pointer dereference
* Ensure the output buffer is null-terminated for safe use with cons_show()
* Simplify the quote escaping logic for better readability.
2026-02-27 00:02:52 +01:00
Michael Vetter
3d2a82ad4a cleanup: Fix potential NULL dereference in cmd_omemo_(un)trust
Replace malloc() with g_malloc() to handle allocation failure and
ensure enough memory is allocated for the null terminator.
2026-02-26 19:47:13 +01:00
Michael Vetter
f98e33be81 refactor: make Jid use glib functions 2026-02-26 19:06:44 +01:00
Michael Vetter
e1fd2a1cf6 refactor: replace calloc with g_new0 for struct allocations
Migrate structure allocations from calloc to glibs g_new0 macro to
improve type safety and memory robustness.

* Type Safety: The macro takes the type name directly, ensuring the
  allocated size always matches the pointer type.
* Static Analysis: It guarantees a non-NULL return by aborting on
  failure, which silences -fanalyzer warnings regarding potential NULL
  pointer dereferences.
* Readability: Removes redundant sizeof() calls and is the glib way
2026-02-26 19:06:39 +01:00
Michael Vetter
657de5f22f Merge pull request #2089 from profanity-im/cleanup
Cleanup
2026-02-23 11:10:38 +01:00
Michael Vetter
7eb64b2779 cleanup: Cast g_hash_table_lookup return to function pointer
Explicitly cast the void pointer returned by g_hash_table_lookup
to the expected function pointer signature.

Make `-Wpedantic` happy.
2026-02-20 16:49:58 +01:00
Michael Vetter
1d0e6580d1 cleanup: Move loop var from int to size_t in cmd_funcs.c 2026-02-20 16:45:01 +01:00
Michael Vetter
f1acf702a9 chore: Update copyright year 2026-02-20 16:13:31 +01:00
Michael Vetter
6e61383e97 cleanup: Adapt loop counter to proper type
Fixing a couple of -Wsign-compare warnings.
2026-02-20 16:02:27 +01:00
Steffen Jaeckel
54fea4afcf Minor improvements.
* Add new TLS policy `direct` as a replacement for `legacy`.
* Document that `/[command]?` prints the help of a command.
* Add option to get help via `/command help`.
* Fix `my-prof.supp` generation and tests for out-of-source builds.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
62fd40c510 Use gboolean consistently.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:39 +01:00
Steffen Jaeckel
a07cff8a99 Use the stronger certificate fingerprint.
If a cert has a SHA256 use that one and only use SHA1 as fallback.

Closes: https://github.com/profanity-im/profanity/issues/2068
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:47:06 +01:00
Steffen Jaeckel
4dcaa839fa Prepare to use SHA256 fingerprints of certs.
First let's make clear we're currently using SHA1 & untangle the tlscerts
API from fingerprint specific details.

Related-to: https://github.com/profanity-im/profanity/issues/2068
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-23 12:46:29 +01:00
Steffen Jaeckel
24c3b5d531 Add new command /changes
With that command one can see the modifications of the runtime
configuration vs. the saved configuration.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
48ac88de08 Fix GError handling
Several users have reported segfaults when starting up profanity which
has OMEMO support, but OMEMO is not set up yet.

@StefanKropp has been able to reproduce this and tracked it down to
`_load_identity()` calling `omemo_known_devices_keyfile_save()`.
The latter then calls `save_keyfile()` which calls
`g_key_file_save_to_file()`. This can then fail if one of the first two
strings is NULL and won't set the `error` on return. In its error handling
`save_keyfile()` unconditionally dereferences `error` which leads to the
segfault.

Fix this and also go through the entire codebase and verify that the usage
of `GError` is done correctly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-11-18 12:16:29 +01:00
Steffen Jaeckel
9d335729a0 Tidy up some code
* less allocations
* less duplicate code

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Steffen Jaeckel
e0f107f75e Fix memory leak.
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-08-06 12:45:13 +02:00
Martin Dosch
5696bf77c7 Fix typo in examples. 2025-08-03 23:17:42 +02:00
Steffen Jaeckel
4eaa291f70 Re-factor cmd_presence()
Similar to 9c2b3f6579, but no bugs were fixed. Maybe some were introduced
but only time will tell.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-28 16:40:05 +02:00
Steffen Jaeckel
29129bf888 Return error on /time <invalid-section>
Fixes: 9c2b3f6579 ("Re-factor `cmd_time()`")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-28 16:40:05 +02:00
Michael Vetter
5385cc28be Add note about xep0454 to /sendfile
Fix https://github.com/profanity-im/profanity/issues/2040
2025-04-22 15:07:33 +02:00
Steffen Jaeckel
3bf72210e1 Add iso8601 when setting a time format
Instead of manually typing the format-string, one can now simply use
`iso8601`.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-02 13:07:47 +02:00
Steffen Jaeckel
9c2b3f6579 Re-factor cmd_time()
Instead of c&p'ing the same code again and again, put everything in a
struct and loop over it.

This also fixes `vcard` not being in included in `all`.

Fixes: f934c5b59f ("Add vCard support")

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-04-02 13:07:47 +02:00
Michael Vetter
07dfeec816 Release 0.15.0 2025-03-27 20:06:38 +01:00
Steffen Jaeckel
422f5fa6f9 Slightly improve http_download related allocations.
* use `calloc()` to allocate zero-initialized structs.
* order the allocation of members by their declaration.
* order the freeing of members in reverse order.
* move init of `silent` flag in plugin case.
* fix double free of `tmpname` in `aesgcm_file_get()`.
* make some functions static.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-18 17:00:58 +01:00
Michael Vetter
5b9516b483 Merge pull request #2022 from profanity-im/fixes
Memory fixes
2025-03-13 09:58:09 +01:00
Steffen Jaeckel
c0da36c48d Rage-cleanup.
While trying to get the unit tests working again I stumbled over all those
things that I thought could be better^TM.

Now we also know "TODO: why does this make the test fail?" - because
the unit tests are brittle AF ... and we have to init the subsystems
we use in the test, otherwise the cleanup will fail...

BTW. you can now also only run a single test ... or a pattern or so ...
you'd have to read how `cmocka_set_test_filter()` works exactly.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
b55bf6e4bd Fix some more memory leaks + an invalid read.
`ProfMessage` was not completely initialized, fix this by using `calloc()`
for the allocation.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-10 11:45:15 +01:00
Steffen Jaeckel
c5a131ee46 Introduce our own shutdown callback mechanism.
Instead of adding stuff to `_shutdown()`, we can now register a shutdown
routine from the respective `init()` function of our modules.

This also has the advantage, that we're sure they're called in reverse
order from how the initialization happened.

I didn't simply use `atexit()` because POSIX says that the number of
possible callbacks is limited (min 32) and I was not sure whether
we will maybe extend this number at one point.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-03-07 21:09:16 +01:00
Michael Vetter
55a8a26a24 Attempt to open file later to prevent potential resource leak 2025-03-06 11:19:00 +01:00
Steffen Jaeckel
8151dfa3b4 /quit now exits from the event loop
Before this change issuing `/quit` directly called `exit(0)` and did not
invoke all the graceful shutdown routines. Now we first try to exit from
the event loop, which includes cleaning up everything.
In case the event loop is stuck for some reason, you could try to issue a
second `/quit`, which will then directly call `exit(0)`.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Steffen Jaeckel
2696989ce5 Fix a bunch of obvious memory leaks at termination
Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Steffen Jaeckel
80193ca41f cmd_ac: Refactor alloc, reset & free
Add all elements to an array, in order to easily be able to run operations
in bulk.

Signed-off-by: Steffen Jaeckel <s@jaeckel.eu>
2025-01-28 16:43:13 +01:00
Hanspeter Portner
cb395b7c09 Make muc_nick return a const char* const
In the documentation of the `muc_nick` function we can read:

> The nickname is owned by the chat room and should not be modified or freed

We should reflect that in the return type and `strdup` the value for the
plugin API.

Fixes: https://github.com/profanity-im/profanity/issues/2013
2025-01-26 18:16:14 +01:00
Michael Vetter
69301503ce Add missing space to description 2024-09-19 08:34:21 +02:00
Michael Vetter
996a1fdf35 Fix build on some compilers regardind switch statement
Fix the famous `error: a label can only be part of a statement and a
declaration is not a statement`.
2024-06-20 18:04:12 +02:00
Michael Vetter
f147a5ca27 Change default download location
`/url save $someurl` will now download to
`~/.local/share/profanity/downloads/from_jid/date/filename` instead of
`~/.local/share/profanity/downloads`.

Like this the downloaded files should be better ordered.

This will only happen for MUC and 1:1 chat windows.
Private windows might have only a nick or jid. Lets not distinguish
between those two ways. And since the nick option is unreliable to be
the same person lets just put them in the general downloads folder.
As is done with downloads from all other windows as well.

I also had the idea to make this configurable but this suits my needs
and time limits right now.
2024-06-20 13:35:14 +02:00
Michael Vetter
5765edbe1b Reset autoconnect account when the account gets removed
When a user added an account, set it as autoconnect and then removed
that account. It still was set as the autoconnect account.

```
    /account add test
    /autoconnect set test
    /account remove test
    /save
    /quit
    Start profanity
```

Fix https://github.com/profanity-im/profanity/issues/1976
2024-06-20 11:04:20 +02:00
Michael Vetter
87935b744d Merge pull request #1979 from profanity-im/fix/leaks
Fix memleaks
2024-06-20 10:51:12 +02:00
Steffen Jaeckel
848acdd1fa Improve const correctness
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2024-06-19 16:01:46 +02:00
Michael Vetter
b04650fb1c Fix memleak in cmd_omemo_gen() 2024-06-19 11:40:23 +02:00
Michael Vetter
8a62d8e88b Fix typo in OMEMO message 2024-06-19 11:37:34 +02:00
Michael Vetter
cfd4207d93 Merge pull request #1973 from profanity-im/fix/omemo-muc-twice
Check whether we are already in an omemo session for MUCs as well
2024-06-14 13:51:56 +02:00
Michael Vetter
1dd65bca6b Check whether we are already in an omemo session for MUCs as well
We do this for regular chatwins already.
2024-06-02 19:07:58 +02:00
Michael Vetter
694680d69e Remove subscription when reporting spam/abuse
When users receive a message and a subscription request from a new
contact, and they use `/blocked report-abse JID` or `/blocked
report-spam JID` they most likely want the subscription request to
vanish as well.

According to mdosch Conversations is behaving like this too.

Fix: https://github.com/profanity-im/profanity/issues/1970
2024-06-02 18:48:39 +02:00
ike08
23fa4750ff Fix unable to download item twice
## Summary

Partial fix for https://github.com/profanity-im/profanity/issues/1939  

> When doing the same in an unencrypted (no e2ee) chat there is no Downloading… message at all but the file is downloaded.  

Download a file twice with `/url save`, the second download will not print download progress to the window.  

The cause is `HTTPDownload`'s `silent` variable is not initialized; so, `silent` points to a second-hand stack memory address with old data. `silent` references data, so the `if` statement will fail in **src/tools/http_download.c:206** and download progress will not print to the window.  

The fix is to initialize `silent` in both encrypted and unencrypted file download scenarios.  

## Testing

Valgrind: Yes  

- `/url save` without OMEMO  
  **SUCCESS**: Try three times with the same URL and download status will display every time.  

- `/url save` with OMEMO  
  **SUCCESS**: Try three times with the same URL and download status will display every time.  

- `/plugins install https://raw.githubusercontent.com/profanity-im/profanity-plugins/master/stable/sounds.py`  
  **SUCCESS**: Try once and download progress is hidden.
2024-02-28 07:23:59 -07:00
Michael Vetter
569e37f018 Update copyright to 2024 2024-01-22 16:03:48 +01:00
Steffen Jaeckel
3c939264b3 Less GString usage
Signed-off-by: Steffen Jaeckel <jaeckel-floss@eyet-services.de>
2023-12-12 18:27:11 +01:00