| Commit message (Collapse) | Author | Age | Lines |
|---|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
CID 18634: 'Logically dead code' in jabber_get_info
CID 18638: 'Dereference after null check' in oauth2_access_token_done
CID 18691: 'Copy into fixed size buffer' in bee_irc_user_new
CID 20274: Leak in bee_irc_chat_invite
CID 20297, CID 20283: Leaks in crypt_main
Some the base64 leaks there weren't detected, needs modeling.
|
| | |
|
| |
|
|
|
|
|
| |
Third time's the charm.
Previous attempt fixed something and broke something else. Whatever.
Definitely valgrind clean this time.
|
| | |
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
- irc_im.c:
- bee_irc_user_msg: strdup leaks when otr swallows messages
- bee_irc_user_action_response: GString leak in all ctcp replies
- otr.c:
- call g_slist_free() on the list of the otr_policy setting
- otr_filter_msg_in: call otrl_tlv_free() if "tlvs" are returned
- otr_filter_msg_out: don't g_strdup() if the message should be ignored
- log_otr_message: g_strdup_vprintf() leaks always
- nogaim.c:
- imcb_ask_auth/imcb_ask_add: leaks in g_strdup_printf()
- imcb_ask_add leaks imcb_ask_cb_data if the user already exists
- add imcb_ask_cb_free() to correctly free its data
- msn_util.c: add msn_buddy_ask_free(), ditto
- storage_xml.c: pass_cr/password if base64_decode or arc_decode fail
- ssl_gnutls.c: conn->hostname leak in error conditions, like invalid certs
- jabber_util.c: jabber_buddy_by_ext_jid() leaks jid if it's not an ext jid
|
| |
|
|
|
|
|
| |
Yeah ok that was dumb.
This is essentially just using a 'data' variable instead of 'l->data',
but i went ahead and cleaned up the function.
|
| |
|
|
|
|
|
| |
These were passing a pointer to a variable right after it was g_free()'d
They are most likely harmless as g_slist_remove() probably just needs
the pointer location, but fixing it anyway.
|
| |
|
|
|
|
|
| |
Used uncrustify, with the configuration file in ./doc/uncrustify.cfg
Commit author set to "Indent <please@skip.me>" so that it's easier to
skip while doing git blame.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This changes behavior slightly:
- md5_init()/sha1_init() allocate a GChecksum
- md5_finish()/sha1_finish() close and free() it
- md5_digest_keep() was added (no sha1 equivalent needed)
And yes, glib has this concept of "closing" the GChecksum, which means
it can't be used anymore after g_checksum_get_digest().
jabber_cache_add() actually seems to need to do that to generate some
random-ish values, so i kept that working by adding a md5_digest_keep()
function that copies the GChecksum before it gets closed
GChecksum was introduced in glib 2.16, so the configure script version
was bumped. We were already depending on glib 2.16 accidentally
(some post-3.2.2 code uses GHashTableIter)
|
| |
|
|
|
|
| |
Also abort() if there's no /dev/urandom
See http://www.2uo.de/myths-about-urandom/ for details.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
When nicks exceeded the length limit, they were cut at 24 bytes and that
sometimes left invalid utf8 at the end, which made the nick_ok()
validation fail and often broke those nicks completely.
This adds a truncate_utf8 function to cut the string at a safe place
Also, the method to deduplicate nicks when there's no more place to add
underscores was changed to add "_XX" at the end, where XX are two random
hex chars. The previous method in those cases was increasing the value
of the first character of the nick... which leads to silly and confusing
results (i.e. FacebookUser -> GacebookUser)
|
| |
|
|
|
| |
It was checking for "Connection established" and some proxies use a
different string, such as "Tunnel established" in polipo
|
| |
|
|
| |
Both in gaim_io_connected(), visible when using an http proxy
|
| |
|
|
|
|
|
|
| |
* Don't use PIE/PIC on Cygwin/Darwin unless specified as these
platforms don't support it.
* Cleanup warnings for 'make check' build.
* Fix the type issue for getsockopt calls.
* Fix enum warnings in Yahoo libs on Mac OS X.
|
| |
|
|
|
|
|
|
|
|
|
| |
This fixes warnings about passing signed chars to them (apparently they
are implemented as macros that do array lookups without checks in some
platforms, yay)
Specifically:
functions=isalnum|isalpha|isdigit|isspace|isxdigit|tolower|toupper
sed -ir "s/$functions/g_ascii_&/g" **/*.c
|
| | |
|
| |
|
|
|
|
|
|
|
|
|
|
| |
This fixes several coverity warnings about 'tainted data index sink' and
a fixme about thread safety in the old base64_decode implementation.
Had to adapt the code that used base64_encode_real:
- oauth.c: different character set order, but it's for the nonce so it
doesn't matter
- libyahoo2.c: used as part of the auth, changes "+/=" into "._-".
Fixed by encoding first the usual way through glib, then replacing.
|
| |
|
|
| |
ASAN <3
|
| |
|
|
|
| |
- http_incoming_data calling itself
- jabber_bs_free_transfer calling jabber_si_free_transfer
|
| |\ |
|
| | |
| |
| |
| |
| |
| |
| |
| | |
Very similar to XEP-0091 which is already supported, but was marked as
obsolete, replaced by XEP-0203. The main differences are the tag name
and the timestamp format.
Due to the similarities, both XEPs are still supported.
|
| |/
|
|
|
|
| |
Replaced them with GPL headers where possible. OSCAR and Twitter modules
can't be relicenced though, so add an LGPL blurb to debian/copyright.
|
| |
|
|
| |
It has been broken for a very long time and nobody cared about it.
|
| |
|
|
|
|
|
| |
These appear in glib 2.40, and, well, are pretty much useless. But
people complain about them anyway.
Probably fixes trac ticket 1151, at least partially.
|
| | |
|
| |
|
|
|
|
|
|
|
|
| |
srv_lookup works on cygwin and openbsd now.
Provide ns_initparse, friends, and types where they aren't provided by
platform.
Use dn_expandname instead of custom parser so compressed DNS responses
are handled correctly.
|
| |
|
|
| |
Only took me a few months to write. I even added a test case.
|
| | |
|
| |
|
|
|
|
|
| |
(used to encode >16-bit chars). Added code to parse those *and* the ability
to encode >16-bit Unicode in UTF-8. Also sending this upstream. This should
fix #1121.
|
| |
|
|
|
|
| |
Few BitlBee-specific diffs now. Annoyingly need to link to libm now for the
use of the function pow() since the lib now does its own number parsing...
|
| | |
|
| |\
| |
| |
| |
| |
| |
| | |
Little benefit as I'm not burning my fingers on keepalive connecitons for
now, but eventually the Twitter streaming API is going to drop 1.0 support:
https://dev.twitter.com/blog/deprecating-http-1.0-streaming-api
|
| | |
| |
| |
| |
| | |
used protocol version when internally handling redirects.
|
| |/
|
|
|
|
| |
let me close #641, and more importantly, prepares the Twitter module for
an upcoming API change. https://dev.twitter.com/blog/deprecating-http-1.0-streaming-api
|
| | |
|
| | |
|
| | |
|
| |\
| |
| |
| |
| |
| | |
XML-formatted user configs from disk I/O so we can try to start using other
mechanisms to store them (a REST API or something, for example).
|
| | |
| |
| |
| |
| |
| | |
Also, use it in xt_print() instead of replicating most of xt_to_string()
in it. This changed four-space indents into tabs but oh well, we'll live.
|
| | |
| |
| |
| |
| |
| |
| | |
my copyright mentions since some were getting pretty stale. Left files not
touched since before 2012 alone so that this change doesn't touch almost
EVERY source file.
|
| | |
| |
| |
| |
| |
| |
| | |
json.c: In function ‘json_parse_ex’:
json.c:260:30: warning: ‘string_length’ may be used uninitialized in this function [-Wmaybe-uninitialized]
json.c:358:16: warning: ‘string’ may be used uninitialized in this function [-Wmaybe-uninitialized]
|
| | | |
|
| | |
| |
| |
| |
| | |
Twitter webservers seem to do successful session resumes only sporadically.
|
| | |
| |
| |
| |
| | |
one for every connection.
|
| | | |
|
| |\ \ |
|
| | | |
| | |
| | |
| | |
| | |
| | |
| | |
| | | |
strto(d|l) fix because I can just use GLib instead of reinventing the wheel.
This should fix corruption issues with tweets in Cyrillic. I've double-
checked this code against http://en.wikipedia.org/wiki/UTF-8 now and it looks
correct to me.
|
| | | |
| | |
| | |
| | |
| | |
| | | |
type to long long, the parser was still using strtol to convert numbers,
truncating large numbers to LONG_MAX. Bug found by Artem Savkov, thanks!
|
