|  | Commit message (Collapse) | Author | Age | Lines | 
|---|
| |\ |  | 
| | | 
| | 
| | 
| | | Defaults to disabled to maintain the status quo. | 
| | | |  | 
| | | |  | 
| |/  
|   
|   
|   
| | reverse lookup. (Code copied from OpenSSH instead of redoing it
poorly.) | 
| | 
| 
| 
| 
| 
| 
| | This constant is always available and meant to be used with
getnameinfo().
This fixes the build on Debian GNU/kFreeBSD. | 
| | 
| 
| 
| | Nothing interesting. | 
| | |  | 
| | 
| 
| 
| | Useful for tables. See following commit. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Another victim of SSLv23_client_method's terrible name. At least we
weren't forcing ssl 3.0.
Thanks kl3 for pointing this out.
Despite what this commit might suggest, using openssl is not recommended
at all. Potential GPL incompatibility aside, that module doesn't have
certificate verification code. Don't use it unless you have a good
reason to do so. | 
| | 
| 
| 
| 
| 
| 
| | These only reflect on what arch/cpu bitlbee was built, not on which
it is running. This makes the Debian package unreproducible.
See e.g.
https://tests.reproducible-builds.org/rb-pkg/testing/i386/bitlbee.html | 
| | 
| 
| 
| 
| 
| 
| 
| | That's what the gnutls code itself uses, in all platforms.
There's a newer method that does this in a cleaner way, but it's not
supported in all the gnutls versions that bitlbee works with, so this is
simpler. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Fixes trac ticket #1248
proxy_connected() calls phb->func(), then tries to do phb_free() directly
afterwards, but that might have been freed by a proxy_disconnect() call
during the execution of that callback.
This one happened to several different people because some AIM server
broke recently.
This commit fixes it by implementing a phb_connected() function that
removes the PHB from the hash table before calling phb->func(), which
ensures that any proxy_disconnect() calls just close the fd and nothing
else. | 
| | 
| 
| 
| 
| | The test suite does this. It's harmless in practice but open() is
declared as nonnull. Thanks to clang's ubsan. | 
| | 
| 
| 
| 
| 
| | Coverity says it could be an out of bounds read, but the value is set
internally, so not really. Still, good point about the condition being
wrong. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | Twitter and MSN are all HTTP/SSL, so they don't need it either.
The out of tree facebook and steam plugins are also covered by the
HTTP/SSL changes.
Yahoo is written in a weird way and doesn't seem to need it (it seems it
doesn't immediately stop connections when you tell it to logout) | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | Fixes trac ticket 1198, https://bugs.bitlbee.org/bitlbee/ticket/1198
This function can be used as a safe drop-in replacement to closesocket()
If a proxy connection is pending (connected callback still not called),
it looks up the PHB in a hash table indexed by fd. If it is there, it
closes, frees the phb and avoids further calls to the callback.
If it is not in there, it just does closesocket() | 
| | 
| 
| 
| | More cleanup. | 
| | 
| 
| 
| | Just cleanup. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Fixes trac ticket 995 https://bugs.bitlbee.org/bitlbee/ticket/995
This is slightly pointless for the suggested use case (tor), since with
socks5 we already send a hostname instead of an IP address.
Either way, it was easy to implement, so I hope it helps. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| | Check callback function supplied to http_dorequest and only run it if it is
not NULL.
While it is not the usual case there are some times when there is no need to
check the results of a http request. Using a NULL pointer is much more
convenient than creating noop functions. | 
| | |  | 
| | |  | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| | CID 18634: 'Logically dead code' in jabber_get_info
CID 18638: 'Dereference after null check' in oauth2_access_token_done
CID 18691: 'Copy into fixed size buffer' in bee_irc_user_new
CID 20274: Leak in bee_irc_chat_invite
CID 20297, CID 20283: Leaks in crypt_main
Some the base64 leaks there weren't detected, needs modeling. | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| | Third time's the charm.
Previous attempt fixed something and broke something else. Whatever.
Definitely valgrind clean this time. | 
| | |  | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | - irc_im.c:
    - bee_irc_user_msg: strdup leaks when otr swallows messages
    - bee_irc_user_action_response: GString leak in all ctcp replies
- otr.c:
    - call g_slist_free() on the list of the otr_policy setting
    - otr_filter_msg_in: call otrl_tlv_free() if "tlvs" are returned
    - otr_filter_msg_out: don't g_strdup() if the message should be ignored
    - log_otr_message: g_strdup_vprintf() leaks always
- nogaim.c:
    - imcb_ask_auth/imcb_ask_add: leaks in g_strdup_printf()
    - imcb_ask_add leaks imcb_ask_cb_data if the user already exists
    - add imcb_ask_cb_free() to correctly free its data
- msn_util.c: add msn_buddy_ask_free(), ditto
- storage_xml.c: pass_cr/password if base64_decode or arc_decode fail
- ssl_gnutls.c: conn->hostname leak in error conditions, like invalid certs
- jabber_util.c: jabber_buddy_by_ext_jid() leaks jid if it's not an ext jid | 
| | 
| 
| 
| 
| 
| 
| | Yeah ok that was dumb.
This is essentially just using a 'data' variable instead of 'l->data',
but i went ahead and cleaned up the function. | 
| | 
| 
| 
| 
| 
| 
| | These were passing a pointer to a variable right after it was g_free()'d
They are most likely harmless as g_slist_remove() probably just needs
the pointer location, but fixing it anyway. | 
| | 
| 
| 
| 
| 
| 
| | Used uncrustify, with the configuration file in ./doc/uncrustify.cfg
Commit author set to "Indent <please@skip.me>" so that it's easier to
skip while doing git blame. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This changes behavior slightly:
 - md5_init()/sha1_init() allocate a GChecksum
 - md5_finish()/sha1_finish() close and free() it
 - md5_digest_keep() was added (no sha1 equivalent needed)
And yes, glib has this concept of "closing" the GChecksum, which means
it can't be used anymore after g_checksum_get_digest().
jabber_cache_add() actually seems to need to do that to generate some
random-ish values, so i kept that working by adding a md5_digest_keep()
function that copies the GChecksum before it gets closed
GChecksum was introduced in glib 2.16, so the configure script version
was bumped. We were already depending on glib 2.16 accidentally
(some post-3.2.2 code uses GHashTableIter) | 
| | 
| 
| 
| 
| 
| | Also abort() if there's no /dev/urandom
See http://www.2uo.de/myths-about-urandom/ for details. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | When nicks exceeded the length limit, they were cut at 24 bytes and that
sometimes left invalid utf8 at the end, which made the nick_ok()
validation fail and often broke those nicks completely.
This adds a truncate_utf8 function to cut the string at a safe place
Also, the method to deduplicate nicks when there's no more place to add
underscores was changed to add "_XX" at the end, where XX are two random
hex chars. The previous method in those cases was increasing the value
of the first character of the nick... which leads to silly and confusing
results (i.e. FacebookUser -> GacebookUser) | 
| | 
| 
| 
| 
| | It was checking for "Connection established" and some proxies use a
different string, such as "Tunnel established" in polipo | 
| | 
| 
| 
| | Both in gaim_io_connected(), visible when using an http proxy | 
| | 
| 
| 
| 
| 
| 
| 
| | * Don't use PIE/PIC on Cygwin/Darwin unless specified as these
  platforms don't support it.
* Cleanup warnings for 'make check' build.
* Fix the type issue for getsockopt calls.
* Fix enum warnings in Yahoo libs on Mac OS X. | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This fixes warnings about passing signed chars to them (apparently they
are implemented as macros that do array lookups without checks in some
platforms, yay)
Specifically:
    functions=isalnum|isalpha|isdigit|isspace|isxdigit|tolower|toupper
    sed -ir "s/$functions/g_ascii_&/g" **/*.c | 
| | |  | 
| | 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| 
| | This fixes several coverity warnings about 'tainted data index sink' and
a fixme about thread safety in the old base64_decode implementation.
Had to adapt the code that used base64_encode_real:
 - oauth.c: different character set order, but it's for the nonce so it
   doesn't matter
 - libyahoo2.c: used as part of the auth, changes "+/=" into "._-".
   Fixed by encoding first the usual way through glib, then replacing. | 
| | 
| 
| 
| | ASAN <3 | 
| | 
| 
| 
| 
| | - http_incoming_data calling itself
- jabber_bs_free_transfer calling jabber_si_free_transfer | 
| |\ |  | 
| | | 
| | 
| | 
| | 
| | 
| | 
| | 
| | | Very similar to XEP-0091 which is already supported, but was marked as
obsolete, replaced by XEP-0203. The main differences are the tag name
and the timestamp format.
Due to the similarities, both XEPs are still supported. | 
| |/  
|   
|   
|   
|   
| | Replaced them with GPL headers where possible. OSCAR and Twitter modules
can't be relicenced though, so add an LGPL blurb to debian/copyright. |