Mercurial > pidgin.yaz
view libpurple/dnssrv.c @ 24425:7cf760f3560e
Don't try to free NULL xmlnodes stolen by jabber-receiving-xmlnode handlers
Handlers get a (xmlnode **) that they're meant to set to NULL if they steal
the node for their own nefarious purposes, signalling to the prpl that it
should forget about that node. But the prpl still tried to free the xmlnode*
even if it had been NULLified, triggering g_return_if_fail warnings.
Fixes the issue discussed by Arne Knig in
http://pidgin.im/pipermail/devel/2008-November/007035.html and the following
messages.
author | Will Thompson <will.thompson@collabora.co.uk> |
---|---|
date | Fri, 21 Nov 2008 12:12:31 +0000 |
parents | fae699fece1f |
children | d1da5c4c1e6b 9ab681f23007 |
line wrap: on
line source
/** * @file dnssrv.c */ /* purple * * Copyright (C) 2005 Thomas Butter <butter@uni-mannheim.de> * * This program is free software; you can redistribute it and/or modify * it under the terms of the GNU General Public License as published by * the Free Software Foundation; either version 2 of the License, or * (at your option) any later version. * * This program is distributed in the hope that it will be useful, * but WITHOUT ANY WARRANTY; without even the implied warranty of * MERCHANTABILITY or FITNESS FOR A PARTICULAR PURPOSE. See the * GNU General Public License for more details. * * You should have received a copy of the GNU General Public License * along with this program; if not, write to the Free Software * Foundation, Inc., 51 Franklin Street, Fifth Floor, Boston, MA 02111-1301 USA */ #include "internal.h" #include "util.h" #ifndef _WIN32 #include <arpa/nameser.h> #include <resolv.h> #ifdef HAVE_ARPA_NAMESER_COMPAT_H #include <arpa/nameser_compat.h> #endif #ifndef T_SRV #define T_SRV 33 #endif #else #include <windns.h> /* Missing from the mingw headers */ #ifndef DNS_TYPE_SRV # define DNS_TYPE_SRV 33 #endif #endif #include "dnssrv.h" #include "eventloop.h" #include "debug.h" #ifndef _WIN32 typedef union { HEADER hdr; u_char buf[1024]; } queryans; #else static DNS_STATUS (WINAPI *MyDnsQuery_UTF8) ( PCSTR lpstrName, WORD wType, DWORD fOptions, PIP4_ARRAY aipServers, PDNS_RECORD* ppQueryResultsSet, PVOID* pReserved) = NULL; static void (WINAPI *MyDnsRecordListFree) (PDNS_RECORD pRecordList, DNS_FREE_TYPE FreeType) = NULL; #endif struct _PurpleSrvQueryData { PurpleSrvCallback cb; gpointer extradata; guint handle; #ifdef _WIN32 GThread *resolver; char *query; char *error_message; GSList *results; #else int fd_in, fd_out; pid_t pid; #endif }; static gint responsecompare(gconstpointer ar, gconstpointer br) { PurpleSrvResponse *a = (PurpleSrvResponse*)ar; PurpleSrvResponse *b = (PurpleSrvResponse*)br; if(a->pref == b->pref) { if(a->weight == b->weight) return 0; if(a->weight < b->weight) return -1; return 1; } if(a->pref < b->pref) return -1; return 1; } #ifndef _WIN32 G_GNUC_NORETURN static void resolve(int in, int out) { GList *ret = NULL; PurpleSrvResponse *srvres; queryans answer; int size; int qdcount; int ancount; guchar *end; guchar *cp; gchar name[256]; guint16 type, dlen, pref, weight, port; gchar query[256]; #ifdef HAVE_SIGNAL_H purple_restore_default_signal_handlers(); #endif if (read(in, query, 256) <= 0) { close(out); close(in); _exit(0); } size = res_query( query, C_IN, T_SRV, (u_char*)&answer, sizeof( answer)); qdcount = ntohs(answer.hdr.qdcount); ancount = ntohs(answer.hdr.ancount); cp = (guchar*)&answer + sizeof(HEADER); end = (guchar*)&answer + size; /* skip over unwanted stuff */ while (qdcount-- > 0 && cp < end) { size = dn_expand( (unsigned char*)&answer, end, cp, name, 256); if(size < 0) goto end; cp += size + QFIXEDSZ; } while (ancount-- > 0 && cp < end) { size = dn_expand((unsigned char*)&answer, end, cp, name, 256); if(size < 0) goto end; cp += size; GETSHORT(type,cp); /* skip ttl and class since we already know it */ cp += 6; GETSHORT(dlen,cp); if (type == T_SRV) { GETSHORT(pref,cp); GETSHORT(weight,cp); GETSHORT(port,cp); size = dn_expand( (unsigned char*)&answer, end, cp, name, 256); if(size < 0 ) goto end; cp += size; srvres = g_new0(PurpleSrvResponse, 1); strcpy(srvres->hostname, name); srvres->pref = pref; srvres->port = port; srvres->weight = weight; ret = g_list_insert_sorted(ret, srvres, responsecompare); } else { cp += dlen; } } end: size = g_list_length(ret); write(out, &size, sizeof(int)); while (ret != NULL) { write(out, ret->data, sizeof(PurpleSrvResponse)); g_free(ret->data); ret = g_list_remove(ret, ret->data); } close(out); close(in); _exit(0); } static void resolved(gpointer data, gint source, PurpleInputCondition cond) { int size; PurpleSrvQueryData *query_data = (PurpleSrvQueryData*)data; PurpleSrvResponse *res; PurpleSrvResponse *tmp; int i; PurpleSrvCallback cb = query_data->cb; int status; if (read(source, &size, sizeof(int)) == sizeof(int)) { ssize_t red; purple_debug_info("dnssrv","found %d SRV entries\n", size); tmp = res = g_new0(PurpleSrvResponse, size); for (i = 0; i < size; i++) { red = read(source, tmp++, sizeof(PurpleSrvResponse)); if (red != sizeof(PurpleSrvResponse)) { purple_debug_error("dnssrv","unable to read srv " "response: %s\n", g_strerror(errno)); size = 0; g_free(res); res = NULL; } } } else { purple_debug_info("dnssrv","found 0 SRV entries; errno is %i\n", errno); size = 0; res = NULL; } cb(res, size, query_data->extradata); waitpid(query_data->pid, &status, 0); purple_srv_cancel(query_data); } #else /* _WIN32 */ /** The Jabber Server code was inspiration for parts of this. */ static gboolean res_main_thread_cb(gpointer data) { PurpleSrvResponse *srvres = NULL; int size = 0; PurpleSrvQueryData *query_data = data; if(query_data->error_message != NULL) purple_debug_error("dnssrv", query_data->error_message); else { PurpleSrvResponse *srvres_tmp = NULL; GSList *lst = query_data->results; size = g_slist_length(lst); if(query_data->cb && size > 0) srvres_tmp = srvres = g_new0(PurpleSrvResponse, size); while (lst) { if(query_data->cb) memcpy(srvres_tmp++, lst->data, sizeof(PurpleSrvResponse)); g_free(lst->data); lst = g_slist_remove(lst, lst->data); } query_data->results = NULL; purple_debug_info("dnssrv", "found %d SRV entries\n", size); } if(query_data->cb) query_data->cb(srvres, size, query_data->extradata); query_data->resolver = NULL; query_data->handle = 0; purple_srv_cancel(query_data); return FALSE; } static gpointer res_thread(gpointer data) { PDNS_RECORD dr = NULL; int type = DNS_TYPE_SRV; DNS_STATUS ds; PurpleSrvQueryData *query_data = data; ds = MyDnsQuery_UTF8(query_data->query, type, DNS_QUERY_STANDARD, NULL, &dr, NULL); if (ds != ERROR_SUCCESS) { gchar *msg = g_win32_error_message(ds); query_data->error_message = g_strdup_printf("Couldn't look up SRV record. %s (%lu).\n", msg, ds); g_free(msg); } else { PDNS_RECORD dr_tmp; GSList *lst = NULL; DNS_SRV_DATA *srv_data; PurpleSrvResponse *srvres; for (dr_tmp = dr; dr_tmp != NULL; dr_tmp = dr_tmp->pNext) { /* Discard any incorrect entries. I'm not sure if this is necessary */ if (dr_tmp->wType != type || strcmp(dr_tmp->pName, query_data->query) != 0) { continue; } srv_data = &dr_tmp->Data.SRV; srvres = g_new0(PurpleSrvResponse, 1); strncpy(srvres->hostname, srv_data->pNameTarget, 255); srvres->hostname[255] = '\0'; srvres->pref = srv_data->wPriority; srvres->port = srv_data->wPort; srvres->weight = srv_data->wWeight; lst = g_slist_insert_sorted(lst, srvres, responsecompare); } MyDnsRecordListFree(dr, DnsFreeRecordList); query_data->results = lst; } /* back to main thread */ /* Note: this should *not* be attached to query_data->handle - it will cause leakage */ purple_timeout_add(0, res_main_thread_cb, query_data); g_thread_exit(NULL); return NULL; } #endif PurpleSrvQueryData * purple_srv_resolve(const char *protocol, const char *transport, const char *domain, PurpleSrvCallback cb, gpointer extradata) { char *query; PurpleSrvQueryData *query_data; #ifndef _WIN32 int in[2], out[2]; int pid; #else GError* err = NULL; static gboolean initialized = FALSE; #endif query = g_strdup_printf("_%s._%s.%s", protocol, transport, domain); purple_debug_info("dnssrv","querying SRV record for %s\n", query); #ifndef _WIN32 if(pipe(in) || pipe(out)) { purple_debug_error("dnssrv", "Could not create pipe\n"); g_free(query); cb(NULL, 0, extradata); return NULL; } pid = fork(); if (pid == -1) { purple_debug_error("dnssrv", "Could not create process!\n"); cb(NULL, 0, extradata); g_free(query); return NULL; } /* Child */ if (pid == 0) { g_free(query); close(out[0]); close(in[1]); resolve(in[0], out[1]); /* resolve() does not return */ } close(out[1]); close(in[0]); if (write(in[1], query, strlen(query)+1) < 0) purple_debug_error("dnssrv", "Could not write to SRV resolver\n"); query_data = g_new0(PurpleSrvQueryData, 1); query_data->cb = cb; query_data->extradata = extradata; query_data->pid = pid; query_data->fd_out = out[0]; query_data->fd_in = in[1]; query_data->handle = purple_input_add(out[0], PURPLE_INPUT_READ, resolved, query_data); g_free(query); return query_data; #else if (!initialized) { MyDnsQuery_UTF8 = (void*) wpurple_find_and_loadproc("dnsapi.dll", "DnsQuery_UTF8"); MyDnsRecordListFree = (void*) wpurple_find_and_loadproc( "dnsapi.dll", "DnsRecordListFree"); initialized = TRUE; } query_data = g_new0(PurpleSrvQueryData, 1); query_data->cb = cb; query_data->query = query; query_data->extradata = extradata; if (!MyDnsQuery_UTF8 || !MyDnsRecordListFree) query_data->error_message = g_strdup("System missing DNS API (Requires W2K+)\n"); else { query_data->resolver = g_thread_create(res_thread, query_data, FALSE, &err); if (query_data->resolver == NULL) { query_data->error_message = g_strdup_printf("SRV thread create failure: %s\n", (err && err->message) ? err->message : ""); g_error_free(err); } } /* The query isn't going to happen, so finish the SRV lookup now. * Asynchronously call the callback since stuff may not expect * the callback to be called before this returns */ if (query_data->error_message != NULL) query_data->handle = purple_timeout_add(0, res_main_thread_cb, query_data); return query_data; #endif } void purple_srv_cancel(PurpleSrvQueryData *query_data) { if (query_data->handle > 0) purple_input_remove(query_data->handle); #ifdef _WIN32 if (query_data->resolver != NULL) { /* * It's not really possible to kill a thread. So instead we * just set the callback to NULL and let the DNS lookup * finish. */ query_data->cb = NULL; return; } g_free(query_data->query); g_free(query_data->error_message); #else close(query_data->fd_out); close(query_data->fd_in); #endif g_free(query_data); }