11 Commits

Author SHA1 Message Date
Luca Boccassi
38349198a6 Problem: MSAN complains about uninitialised buffers in CURVE greetings
Solution: memset some of the CURVE greetings buffers. Most likely false
positives, but easier to fix here than convince Clang of being wrong.
2020-05-24 14:26:14 +01:00
Simon Giesecke
78961eeab7 Problem: non-modifying member functions not marked as const/static
Solution: add const/static
2020-01-27 10:38:00 +01:00
Simon Giesecke
41e3f14d6a Problem: ptr/ref parameters and local variables are non-const but never modified
Solution: add const
2020-01-27 10:38:00 +01:00
Simon Giesecke
1781cff37b Problem: plaintext secrets placed in insecure memory
Solution: Use secure_allocator_t for plaintext secrets
2019-07-14 17:12:39 +02:00
Simon Giesecke
1de4cf6ffa Problem: use of malloc is error-prone
Solution: use std::vector instead, simplify control-flow
2019-07-10 18:26:58 +02:00
Simon Giesecke
c581f43c97 Problem: parameter naming style inconsistent
Solution: define and apply parameter naming style: lower_case_
2018-05-26 09:34:44 +02:00
Simon Giesecke
4e616f30dd Problem: C-style casts used
Solution: replace by C++-style casts
2018-05-18 17:04:01 +02:00
sigiesec
41f459e1dc Problem: formatting inconsistent
Solution: applied clang-format
2018-02-02 15:47:43 +01:00
sigiesec
301f3c70c2 Problem: code duplication between curve_client_t and curve_server_t decode and encode
Solution: extracted common base class curve_mechanism_base_t
2017-08-18 11:34:22 +02:00
Simon Giesecke
4a18f6204c Problem: Possible buffer overruns related to metadata in various mechanisms (#2683)
* Problem: no test case with CURVE encryption and large identity

Solution: added test case (currently crashing)

* Problem: possible buffer overflow in mechanism_t::add_property

Solution: add target buffer length parameter and check the buffer is sufficiently large

* Problem: test cases accidentally excluded from build

Solution: remove #if/#endif

* Problem: possible buffer overruns related to metadata at various locations

Solution: allocate buffer large enough for actual metadata, reduce code duplication

* Problem: syntax error related to pointer type conversion

Solution: change argument type of make_command_with_basic_properties to const char *

* Problem: large metadata may cause an assertion in produce_initiate

Solution: Allow metadata of arbitrary size in produce_initiate
2017-08-15 18:42:31 +01:00
Simon Giesecke
d5e4319edc [WIP, do not merge] Problem: insufficient tests for ZMTP-CURVE protocol errors (#2680)
* Extracted connect_vanilla_socket function

* Problem: no tests for ZMTP-CURVE protocol errors

Solution: added two test cases with erroneous HELLO commands

* Problem: insufficient tests for ZMTP-CURVE protocol errors

Solution: added two test cases with erroneous HELLO command version

* Problem: test HELLO message is invalid apart from deliberate errors

Solution: create cryptographically correct HELLO message
add tweetnacl.c to test_security_curve

* Problem: nonce is incorrect, build fails with GCC

Solution: use correct non prefix

* Problem: make builds are failing

Solution: transfer CMake changes to (auto)make files

* Problem: nonce is incorrect, build fails with GCC

Solution: use correct non prefix

* Problem: make builds are failing

Solution: transfer CMake changes to (auto)make files

* Problem: no test with INITIATE command with invalid length

Solution: added test case

* Problem: code duplication between test_security_curve.cpp and curve_client.cpp

Solution: extracted parts of zmq::curve_client_t::produce_hello into reusable function

* Problem: code duplication between test_security_curve.cpp and curve_client.cpp

Solution: extracted further parts of zmq::curve_client_t into reusable functions
added missing file

* Problem: mechanism_t::add_property can be declared static

Solution: declare mechanism_t::add_property static

* Problem: intermediate crypto data needs to be passed between static function calls to curve_client_tools_t

Solution: add non-static member functions

* Problem: msg_t instance may be closed twice

Solution: remove offending close

* Problem: prepare_hello uses static curve_client_tools_t::produce_hello

Solution: Use non-static curve_client_tools_t::produce_hello

* Problem: no test with invalid command name where INITIATE command is expected

Solution: added test case

* Problem: make builds are failing due to curve_client_tools.hpp not being found

Solution: add curve_client_tools.hpp to list of source files

* Problem: wrong initializer order in zmq::curve_client_t

Solution: reorder

* Problem: under non-Windows systems, test fails because random_open was not called

Solution: call random_open/random_close within test

* Problem: conflict between custom function htonll and macro definition on Darwin

Solution: define htonll function only if not defined as a macro

* Problem: nullptr not defined on all platforms

Solution: replace nullptr by NULL

* Problem: libsodium builds not working

Solution: adapt compile and link file sets for libsodium builds

* Problem: Makefile.am broken

Solution: Fix syntax

* Problem: no tests for garbage encrypted cookie or content in INITIATE

Solution: added test cases

* Problem: test cases accidentally excluded from build

Solution: remove #if/#endif

* Solution: some error cases are unreachable

Problem: for the time being, added some comments without changing the code

* Added comments on hard-to-test cases
2017-08-15 15:28:24 +01:00