| Commit message (Collapse) | Author | Age | Files | Lines |
|
|
|
|
|
| |
Current compilers gcc-12 and clang-15 warn about an implicit function
declaration in gresolv.c, and this turns into a fatal error in clang-16
and eventually in future gcc.
|
|
|
|
|
|
|
|
|
|
| |
There is a mismatch of handling binary vs. C-string data with memchr
and strlen, resulting in pos, count, and bytes_read to become out of
sync and result in a heap overflow. Instead, do not treat the buffer
as an ASCII C-string. We calculate the count based on the return value
of memchr, instead of strlen.
Fixes: CVE-2022-32292
|
|
|
|
|
|
| |
../git/gweb/gresolv.c:331:7: runtime error: left shift of 169 by 24
places cannot be represented in type 'int'
connmand2[3417]: eth0 {add} route 192.168.2.0 gw 0.0.0.0 scope 253 <LINK>
|
|
|
|
|
| |
In musl > 1.1.21 freeaddrinfo() implementation changed and
was causing a segmentation fault.
|
|
|
|
|
|
|
|
|
| |
Newer version of gcc are very pendantic:
gweb/giognutls.c: In function ‘g_io_gnutls_dispatch’:
gweb/giognutls.c:307:17: error: cast between incompatible function types from ‘GSourceFunc’ {aka ‘int (*)$
Reported by Ross Burton
|
|
|
|
| |
gresolv.c uses snprintf() so include stdio.h.
|
|
|
|
|
|
|
|
|
|
|
|
| |
A dns response may return NOERROR status code with no answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3924
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1
It means one or more resource records exist for this domain but
there isn’t a record matching the resource record type.
In this case, a G_RESOLV_RESULT_STATUS_SUCCESS was returned with an
empty results array.
|
|
|
|
|
|
|
|
|
|
|
|
| |
When gnutls_channel is instantiated, the gnutls_channel->established
has to be initiated as FALSE. Otherwise, check_handshake function
won't work. A random initial value 1 of gnutls_channel->established
will make check_handshake return G_IO_STATUS_NORMAL, when the channel
is actually not ready to be used. The observed behaviours are,
- wispr is getting random errors in wispr_portal_web_result
- ConnMan crashes on exit after those random errors
- when wispr is luckly working, ConnMan doesn't crash on exit
|
|
|
|
|
|
| |
Passing 0 as timeout to g_timeout_add()/g_timeout_add_seconds() is equivalent
to g_idle_add(). According to glib documentation "the first call of the timer
may not be precise for timeouts of one second."
|
|
|
|
|
|
|
|
|
|
| |
If an http response has a line starting with whitespace before the first
valid header field, g_hash_table_lookup() is called with a NULL key,
which is invalid. Fix this by checking for a valid last_key before
attempting to process continuation lines.
Based on a patch by Tomasz Bursztyka for an issue originally reported by
Marcel Mulder.
|
|
|
|
|
| |
As per code logic, 'begin' and 'end' will never be NULL.
So, NULL check for g_strdup() call is redundant.
|
|
|
|
|
| |
Description: This patch removes the multiple return and close()
statements instead to use single line of code, as per connman coding style
|
|
|
|
|
|
|
| |
since g_io_channel_set_close_on_unref() is called on the channel, no need
to close socket manually beforehand, this fixes
(connmand:14087): GLib-WARNING **: Invalid file descriptor.
|
| |
|
|
|
|
|
|
|
|
|
|
|
|
| |
It seems the proxy handling code was initially written to only handle
proxies in the form of IPv4 addresses. 38b75abddb5b changed that
implicitly by always doing a hostname lookup for the proxy address,
which fixes proxies given by hostname but breaks IP based proxy
configuration (as sending an A query to most DNS server for an IP
address gets you a result with no answers).
Fix this issue by short-circuiting the resolving step in case the proxy
address is in the form of either an IPv4 or an IPv6 IP literal.
|
| |
|
|
|
|
|
| |
Session address might already be set by parse_url() (called by
do_request() function). Because of this free old address.
|
|
|
|
|
|
|
|
|
|
|
| |
This fixes a logical bug in gweb, as for a given host: if a proxy
address is provided it should resolv its DNS through g_resolv and not
getaddrinfo: g_resolv will then use the nameservers that have been set
to the g_web session.
Indirectly, this fixes a bug when ConnMan was always staying at ready
when service was proxied, even though such proxy would allow to go on
internet.
|
|
|
|
|
|
|
|
| |
Fixup after the automated coccinelle
"Do not compare expression against NULL"
patch.
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch generate via coccinelle with:
@ disable is_null,isnt_null1 @
expression E;
@@
(
- E == NULL
+ !E
|
- E != NULL
+ E
)
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
This patch is completely generated by set of coccille rules and
containts zero manual changes. The rule set is not really beautiful
but it does the job. We might miss a few conversions but there should
be none accidently wrong converted bool here.
The rules are as following:
//// Do not compare boolean expressions
@@
expression E;
symbol TRUE;
symbol FALSE;
@@
(
E
- == TRUE
|
- TRUE == E
+ E
|
- E != TRUE
+ !E
|
- TRUE != E
+ !E
|
- E == FALSE
+ !E
|
- FALSE == E
+ !E
|
E
- != FALSE
|
- FALSE != E
+ E
)
//// Convert connman_bool_t to stdbool
@@
connman_bool_t x;
@@
x =
(
- TRUE
+ true
|
- FALSE
+ false
)
@@
identifier f;
@@
connman_bool_t f(...) {
<...
- return TRUE;
+ return true;
...>
}
@@
identifier f;
@@
connman_bool_t f(...) {
<...
- return FALSE;
+ return false;
...>
}
@r@
identifier f;
parameter list[n] ps;
identifier i;
@@
f(ps, connman_bool_t i, ...) { ... }
@@
identifier r.f;
expression list [r.n] es;
@@
f(es,
(
- FALSE
+ false
|
- TRUE
+ true
)
,...)
@r2@
type T;
identifier f;
parameter list[n] ps;
identifier i;
@@
T f(ps, connman_bool_t i, ...);
@@
identifier r2.f;
expression list [r.n] es;
@@
f(es,
(
- FALSE
+ false
|
- TRUE
+ true
)
,...)
@@
typedef bool;
@@
- connman_bool_t
+ bool
//// Convert gboolean to stdbool
@@
gboolean x;
@@
x =
(
- TRUE
+ true
|
- FALSE
+ false
)
// Figure out which function signature will to be fixed...
// when we have the defitition
@r@
identifier f;
parameter list[n] ps;
identifier i;
@@
f(ps, gboolean i, ...) { ... }
// ... and now convert all call sites
@@
identifier r.f;
expression list [r.n] es;
@@
f(es,
(
- FALSE
+ false
|
- TRUE
+ true
)
,...)
// Figure out which function signature will to be fixed...
// when we have the declaration only
@r2@
type T;
identifier f;
parameter list[n] ps;
identifier i;
@@
T f(ps, gboolean i, ...);
// ... and now convert all call sites
@@
identifier r2.f;
expression list [r.n] es;
@@
f(es,
(
- FALSE
+ false
|
- TRUE
+ true
)
,...)
// A handfull of the GLib hooks we can't change. Let's remember
// all ther positions.
// 1. timeouts
@k1@
identifier f;
position p;
typedef gpointer;
identifier ptr;
@@
static gboolean@p f(gpointer ptr);
@k2@
identifier f;
position p;
identifier ptr;
@@
static gboolean@p f(gpointer ptr) { ... }
// hash map iterator functions
@k3@
identifier f;
position p;
identifier p1, p2, p3;
@@
static gboolean@p f(gpointer p1, gpointer p2, gpointer p3) { ... }
// 2. GIOChannel
@k4@
identifier f;
position p;
typedef GIOChannel, GIOCondition;
identifier ptr;
identifier ch, cn;
@@
static gboolean@p f(GIOChannel *ch, GIOCondition cn, gpointer ptr);
@k5@
identifier f;
position p;
identifier ptr;
identifier ch, cn;
@@
static gboolean@p f(GIOChannel *ch, GIOCondition cn, gpointer ptr) { ... }
// 3. GSourceFuncs
@k6@
identifier f;
position p;
typedef GSource;
identifier src;
@@
static gboolean@p f(GSource *src, ...) { ... }
// gdbus functions
@k7@
identifier f;
position p;
typedef DBusConnection;
identifier con;
@@
static gboolean@p f(DBusConnection *con, ...) { ... }
// Now convert all gboolean which are are not used for interactin
// with GLib
// Note here happens the magic!
@@
typedef bool;
position p != {k1.p,k2.p,k3.p,k4.p,k5.p,k6.p,k7.p};
@@
- gboolean@p
+ bool
// Update all return types
@@
identifier f;
@@
bool f(...) {
<...
- return TRUE;
+ return true;
...>
}
@@
identifier f;
@@
bool f(...) {
<...
- return FALSE;
+ return false;
...>
}
//// Last last rule is to fixup all missed call sites. In theory we should
//// fixed them with some rules above but somehow coccinelle does not
//// match.
@@
identifier f =~ "^(__)?connman_.*" ;
@@
f(...,
(
- FALSE
+ false
|
- TRUE
+ true
)
,...)
|
|
|
|
|
| |
In preparation with conversion from connman_bool_t and gboolean to
stdbool.
|
|
|
|
|
| |
It will check first if the response belongs to a query,
before interpreting any of its content (rcode, count...).
|
|
|
|
|
|
|
|
|
| |
Fixes BMC#25973
In the case one of the resolving failed, the query is removed and
destroyed from the queue. So the responses of the requests sent to
the other namerservers - which might be successful - will thus be
lost since they cannot be matched anymore to their initial request.
|
|
|
|
|
|
|
|
|
|
|
|
| |
parse_response() will eventually call sort_and_return_results() which in turn
will call the result function. But the result function might cancel the gresolv.
At that point all queries belonging to this gresolv are destroyed. Returning back
to parse_response(), it calls again destroy_query() on an already destroyed one.
Thus leading to a crash.
Same issue with query_timeout()
Reported by Daniel Wagner
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
Program received signal SIGSEGV, Segmentation fault.
Backtrace:
0 0x00000000004219fe in _debug (resolv=0x75f9a0, file=0x497267 "gweb/gresolv.c",
caller=0x497598 "destroy_lookup",
format=0x497278 "lookup %p id %d ipv4 %p ipv6 %p") at gweb/gresolv.c:136
1 0x0000000000421ac5 in destroy_lookup (lookup=0x760e40) at gweb/gresolv.c:154
2 0x00000000004224ce in sort_and_return_results (lookup=0x760e40) at gweb/gresolv.c:520
3 0x0000000000422597 in query_timeout (user_data=0x760510) at gweb/gresolv.c:542
4 0x00007ffff7b1b26b in g_timeout_dispatch (source=0x760ea0, callback=<optimized out>,
user_data=<optimized out>) at gmain.c:4095
5 0x00007ffff7b1a643 in g_main_dispatch (context=0x6f5110) at gmain.c:2784
6 g_main_context_dispatch (context=0x6f5110) at gmain.c:3288
7 0x00007ffff7b1a988 in g_main_context_iterate (dispatch=1, block=<optimized out>,
context=0x6f5110, self=<optimized out>) at gmain.c:3359
8 g_main_context_iterate (context=0x6f5110, block=<optimized out>, dispatch=1,
self=<optimized out>) at gmain.c:3296
9 0x00007ffff7b1ade5 in g_main_loop_run (loop=0x6f4fe0) at gmain.c:3553
10 0x0000000000442a5f in main (argc=1, argv=0x7fffffffdea8) at src/main.c:705
Reported by Daniel Wagner
|
|
|
|
|
| |
Use for all memory allocation/dealocation operation the glib
functions. This allows us to use g_mem_profile().
|
| |
|
|
|
|
| |
The file and function name are printed in debug prints.
|
|
|
|
| |
The order of actions is important here.
|
|
|
|
|
|
|
|
| |
We must close the channel when freeing the resolver object,
otherwise we might still receive data when the resolver has been
freed already.
Fixes BMC#25757
|
| |
|
|
|
|
| |
The file and function names are printed in debug prints.
|
|
|
|
|
|
|
| |
The call to g_resolv_cancel_lookup() will do nothing
because we just removed the lookup from the queue.
The fix is to remove the lookup directly and not call
the cancel function.
|
|
|
|
| |
Remove all lookups found in queue when GResolv object is removed.
|
|
|
|
|
|
|
|
|
|
| |
We must remove the lookup from lookup queue and query from query queue
before calling user callback. The callback might unref the GResolv which in
turn would remove the lookup/query what we are trying to access after
the callback is returned.
So it is enough to remove the lookup or query entry from queue before
cb is called and then manually remove it after the callback has returned.
|
|
|
|
|
|
|
|
|
| |
The lookup must be removed from lookup queue and not from query
queue when cancelling the lookup. Otherwise it is possible that
we might access an already removed lookup that is still found in
lookup queue.
Fixes BMC#25728
|
|
|
|
|
| |
When the callback has been called, the whole structure might be
freed. Thus don't call the debug function tied to the structure.
|
|
|
|
|
| |
Use predefined mnemonics from arpa/nameserv.h for the return value from
ns_msg_getflag rather than magic numbers.
|
|
|
|
|
|
|
|
|
|
|
|
|
| |
When performing a resolver lookup from timeserver or wpad, both perform
queries with an unspecified address family. This means that both A and
AAAA record queries are issued. In cases where a valid, successful A
response comes back but where the AAAA query results in a timeout, do
not smash the successful A status with the time out AAAA status;
otherwise, the timeserver or wpad will appear to fail to them when, in
fact, the A query was successful and more than satisfies its unspecified
address family requirement.
Partial fix for BMC#25486.
|
|
|
|
|
|
|
|
| |
In both parse_response and query_timeout there exists logic that checks
to ensure that both an A and AAAA lookups have either been responded to
or timed out before processing and returning results to the caller. In
query_timeout, there was a typo in the condition check such that it did
not match those conditions tested in parse_response.
|
| |
|
| |
|
| |
|
| |
|
|
|
|
|
| |
Define GWebRouteFunc that will be called when a route to the
intended destination may need to be set up.
|
|
|
|
|
| |
According to gnutls/compat.h, gnutls_session typedef was deprecated
since 2.x in favor of gnutls_session_t. Use the new typedef then.
|
|
|
|
|
| |
These prints are useful when checking why network
connection failed.
|
|
|
|
| |
Setting socket option BINDTODEVICE requires CAP_NET_RAW capability.
|
| |
|