Many hyperlinks are disabled.
Use anonymous login
to enable hyperlinks.
Overview
Comment: | Fix (minor) memory leak in login_gen_user_cookie_value(). Consistantly use "x" as unknown project code, not "unknown" somtimes. |
---|---|
Downloads: | Tarball | ZIP archive |
Timelines: | family | ancestors | descendants | both | trunk |
Files: | files | file ages | folders |
SHA1: |
270b80dbf561dc2dbdb4a804364bd8e5 |
User & Date: | jan.nijtmans 2015-05-18 15:01:16.873 |
References
2015-05-18
| ||
22:17 | The previous check-in [270b80db] is incorrect and causes memory allocation and use-after-free errors. Back it out. ... (check-in: f7ce03e3 user: drh tags: trunk) | |
Context
2015-05-18
| ||
22:17 | The previous check-in [270b80db] is incorrect and causes memory allocation and use-after-free errors. Back it out. ... (check-in: f7ce03e3 user: drh tags: trunk) | |
17:53 | Catch up with recent changes on trunk. ... (check-in: 991f4b98 user: drh tags: andygoth-user-reports) | |
15:01 | Fix (minor) memory leak in login_gen_user_cookie_value(). Consistantly use "x" as unknown project code, not "unknown" somtimes. ... (check-in: 270b80db user: jan.nijtmans tags: trunk) | |
14:49 | A few more harmless compiler warnings (discovered using -Wall in latest gcc) ... (check-in: ab5b8d36 user: jan.nijtmans tags: trunk) | |
Changes
Changes to src/login.c.
︙ | ︙ | |||
132 133 134 135 136 137 138 | } } return mprintf("%.*s", i, zIP); } /* ** Return an abbreviated project code. The abbreviation is the first | | | | 132 133 134 135 136 137 138 139 140 141 142 143 144 145 146 147 148 149 150 151 | } } return mprintf("%.*s", i, zIP); } /* ** Return an abbreviated project code. The abbreviation is the first ** 16 characters of the project code, or "x" if there is no project-code. ** ** Memory is obtained from malloc. */ static char *abbreviated_project_code(const char *zFullCode){ return mprintf("%.16s", zFullCode ? zFullCode : "x"); } /* ** Check to see if the anonymous login is valid. If it is valid, return ** the userid of the anonymous user. ** |
︙ | ︙ | |||
230 231 232 233 234 235 236 | ** ** The zHash parameter must be a random value which must be ** subsequently stored in user.cookie for later validation. ** ** The returned memory should be free()d after use. */ char *login_gen_user_cookie_value(const char *zUsername, const char *zHash){ | < | > | | > > | 230 231 232 233 234 235 236 237 238 239 240 241 242 243 244 245 246 247 248 249 250 | ** ** The zHash parameter must be a random value which must be ** subsequently stored in user.cookie for later validation. ** ** The returned memory should be free()d after use. */ char *login_gen_user_cookie_value(const char *zUsername, const char *zHash){ char *zCode = abbreviated_project_code(db_get("project-code", 0)); char *zCookie; assert((zUsername && *zUsername) && "Invalid user data."); zCookie = mprintf("%s/%z/%s", zHash, zCode, zUsername); free(zCode); return zCookie; } /* ** Generates a login cookie for NON-ANONYMOUS users. Note that this ** function "could" figure out the uid by itself but it currently ** doesn't because the code which calls this already has the uid. ** |
︙ | ︙ | |||
1453 1454 1455 1456 1457 1458 1459 | char *zSelfCode; /* Project code for ourself */ Blob err; /* Accumulate errors here */ Stmt q; /* Query of all peer-* entries in CONFIG */ if( zPrefix==0 ) zPrefix = ""; if( zSuffix==0 ) zSuffix = ""; if( pzErrorMsg ) *pzErrorMsg = 0; | | | 1455 1456 1457 1458 1459 1460 1461 1462 1463 1464 1465 1466 1467 1468 1469 | char *zSelfCode; /* Project code for ourself */ Blob err; /* Accumulate errors here */ Stmt q; /* Query of all peer-* entries in CONFIG */ if( zPrefix==0 ) zPrefix = ""; if( zSuffix==0 ) zSuffix = ""; if( pzErrorMsg ) *pzErrorMsg = 0; zSelfCode = abbreviated_project_code(db_get("project-code", 0)); blob_zero(&err); db_prepare(&q, "SELECT name, value FROM config" " WHERE name GLOB 'peer-repo-*'" " AND name <> 'peer-repo-%q'" " ORDER BY +value", zSelfCode |
︙ | ︙ | |||
1547 1548 1549 1550 1551 1552 1553 | blob_reset(&fullName); /* Get the full pathname for our repository. Also the project code ** and project name for ourself. */ file_canonical_name(g.zRepositoryName, &fullName, 0); zSelfRepo = fossil_strdup(blob_str(&fullName)); blob_reset(&fullName); | | | 1549 1550 1551 1552 1553 1554 1555 1556 1557 1558 1559 1560 1561 1562 1563 | blob_reset(&fullName); /* Get the full pathname for our repository. Also the project code ** and project name for ourself. */ file_canonical_name(g.zRepositoryName, &fullName, 0); zSelfRepo = fossil_strdup(blob_str(&fullName)); blob_reset(&fullName); zSelfProjCode = abbreviated_project_code(db_get("project-code", 0)); zSelfLabel = db_get("project-name", 0); if( zSelfLabel==0 ){ zSelfLabel = zSelfProjCode; } /* Make sure we are not trying to join ourselves */ if( fossil_strcmp(zRepo, zSelfRepo)==0 ){ |
︙ | ︙ | |||
1599 1600 1601 1602 1603 1604 1605 | " user Setup permission on the other repository."; return; } /* Create all the necessary CONFIG table entries on both the ** other repository and on our own repository. */ | < | 1601 1602 1603 1604 1605 1606 1607 1608 1609 1610 1611 1612 1613 1614 | " user Setup permission on the other repository."; return; } /* Create all the necessary CONFIG table entries on both the ** other repository and on our own repository. */ zOtherProjCode = abbreviated_project_code(zOtherProjCode); db_begin_transaction(); db_multi_exec( "DELETE FROM \"%w\".config WHERE name GLOB 'peer-*';" "INSERT INTO \"%w\".config(name,value) VALUES('peer-repo-%q',%Q);" "INSERT INTO \"%w\".config(name,value) " " SELECT 'peer-name-%q', value FROM other.config" |
︙ | ︙ | |||
1648 1649 1650 1651 1652 1653 1654 | ** Leave the login group that we are currently part of. */ void login_group_leave(char **pzErrMsg){ char *zProjCode; char *zSql; *pzErrMsg = 0; | | | 1649 1650 1651 1652 1653 1654 1655 1656 1657 1658 1659 1660 1661 1662 1663 | ** Leave the login group that we are currently part of. */ void login_group_leave(char **pzErrMsg){ char *zProjCode; char *zSql; *pzErrMsg = 0; zProjCode = abbreviated_project_code(db_get("project-code", 0)); zSql = mprintf( "DELETE FROM config WHERE name GLOB 'peer-*-%q';" "DELETE FROM config" " WHERE name='login-group-name'" " AND (SELECT count(*) FROM config WHERE name GLOB 'peer-*')==0;", zProjCode ); |
︙ | ︙ |