Commit Graph

20 Commits

Author SHA1 Message Date
Pierre Ossman
fde088ce65 Improved bandwidth monitoring
Now measures over an entire update, which should hopefully give us more
stable values. They are still small values for fast networks though so
increase precision in the values we keep.
2021-03-29 10:52:51 +03:00
Pierre Ossman
a55f142c98 Don't shuffle input buffer unless actually needed 2021-03-29 10:50:16 +03:00
Pierre Ossman
25995e2490 Remove unused bufSize argument from streams 2021-03-29 10:49:25 +03:00
Pierre Ossman
57a3c3bba8 Simplify stream availability handling
Just have a simply number of bytes argument to avoid a lot of
complexity.
2021-03-29 10:48:26 +03:00
Pierre Ossman
92c7695981 Create common base classes for buffered streams
Most streams are backed by a memory buffer. Create common base classes
for this functionality to avoid code duplication.
2021-03-29 10:11:16 +03:00
Pierre Ossman
7f90205cf2 Add stream avail() methods
Makes it more readable to write code that needs to know how much
data/space is available in a stream.
2021-03-29 10:08:40 +03:00
Pierre Ossman
910fd8fa3e Remove unused stream methods
They were accidentally left unused in fbad8a9 so they haven't been used
in some time.
2021-03-29 10:04:04 +03:00
Mark Mielke
80a637c793 Fix division by zero exception in SSecurityPlain.
If using SSecurityPlain and the user specifies an empty username
and password, it will invoke InStream::checkNoWait(0) which will
cause a division by zero when calculating the number of available
items.

Enhance InStream::check() to behave properly when asked for
zero items, or zero sized items.

Add comments to InStream::check(), InStream::checkNoWait(),
and InStream::readBytes() to document expected behaviour
when requested to check or read zero items, or an item with
zero size.
2020-09-21 13:46:38 +03:00
Pierre Ossman
da406d0cac Include error code in getaddrinfo() exceptions 2020-09-21 13:26:51 +03:00
Pierre Ossman
9240f0b85c Avoid using insecure variable length arrays 2020-09-21 13:26:39 +03:00
Alex Tanskanen
03639406dc Throw GAIException() for getaddrinfo errors
Created a new subclass of Exception called GAIException() that will
handle error messages from getaddrinfo() instead of letting Exception()
handle it. GAIException() will make use of gai_strerror() to map the
error code to text. On Windows, gai_strerrorW() must be used if the text
is encoded with UTF-8.
2020-09-21 13:26:15 +03:00
Alex Tanskanen
57427d5d33 Make system error messeges in Windows 10 use UTF-8
The previous error messages did not support Unicode characters. This
commit will use UTF-8 encoding to be able to display error messages in
every language.
2020-09-21 13:25:38 +03:00
Pierre Ossman
f38e474993 Fix error check for zlib calls
There are multiple "okay" return values, not just Z_OK. Make sure we
don't bail out needlessly.
2020-09-21 13:18:11 +03:00
Lauri Kasanen
49f9ce8e5b Remove remnants of the old HTTP server 2020-09-21 13:17:11 +03:00
Pierre Ossman
b7dc4a16fe Handle pending data in TLS buffers
There might be more bytes left in the current TLS record, even if
there is nothing on the underlying stream. Make sure we properly
return this when we aren't being requested to block.
2020-09-21 13:00:41 +03:00
Pierre Ossman
ae6cbd19e9 Be defensive about overflows in stream objects
We use a lot of lengths given to us over the network, so be more
paranoid about them causing an overflow as otherwise an attacker
might trick us in to overwriting other memory.

This primarily affects the client which often gets lengths from the
server, but there are also some scenarios where the server might
theoretically be vulnerable.

Issue found by Pavel Cheremushkin from Kaspersky Lab.
2020-09-21 12:56:23 +03:00
Pierre Ossman
259f1055cb Use size_t for lengths in stream objects
Provides safety against them accidentally becoming negative because
of bugs in the calculations.

Also does the same to CharArray and friends as they were strongly
connection to the stream objects.
2020-09-21 12:55:59 +03:00
Pierre Ossman
346fccb96c Remove unused FixedMemOutStream 2020-09-21 12:48:20 +03:00
Pierre Ossman
3282836baf Make ZlibInStream more robust against failures
Move the checks around to avoid missing cases where we might access
memory that is no longer valid. Also avoid touching the underlying
stream implicitly (e.g. via the destructor) as it might also no
longer be valid.

A malicious server could theoretically use this for remote code
execution in the client.

Issue found by Pavel Cheremushkin from Kaspersky Lab
2020-09-21 12:40:12 +03:00
matt
408c005d3e Initial commit 2020-09-20 12:16:44 +00:00