Commit graph

14 commits

Author SHA1 Message Date
Dirk Hohndel
0129192958 Try to capture some more potential buffer overflows caused by localization
A couple of these could clearly cause a crash just like the one fixed by
commit 00865f5a1e1a ("equipment.c: Fix potential buffer overflow in
size_data_funct()").

One would append user input to fixed length buffer without checking.

We were hardcoding the (correct) max path length in macos.c - replaced by
the actual OS constant.

But the vast majority are just extremely generous guesses how long
localized strings could possibly be.

Yes, this commit is likely leaning towards overkill. But we have now been
bitten by buffer overflow crashes twice that were caused by localization,
so I tried to go through all of the code and identify every possible
buffer that could be affected by this.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-03-03 20:18:23 -08:00
Dirk Hohndel
950436eba9 Don't duplicate gpsfixes if downloading them multiple times
Simply clear out the table (and free the "dives" that were created).

Reported-by: Sergey Starosek <sergey.starosek@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-03-02 14:09:53 -08:00
Dirk Hohndel
0ddc77ed9d Recognize another name for auto created fixes from companion app
We need to have this be one well defined string -> this requires a change
to the companion app as well.

This commit also hides the (untranslated) debug message if no dives in the
dive table match a gpsfix downloaded from the webservice.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-03-02 14:00:10 -08:00
Dirk Hohndel
d85b4e6462 Webservice: only mark divelist changed if we actually modified it
If no new gps fixes or new location names were obtained from the
webservice there is no need to save the datafile on exit.

Reported-by: Sergey Starosek <sergey.starosek@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-03-02 13:28:15 -08:00
Dirk Hohndel
31b2a6ffa8 Fix uninitialized memory access in webservice download
In download_dialog_release_xml() we check if state->xmldata is non-NULL
and free it. But we don't set it to NULL anywhere, so if the user hits
cancel the variable is undefined.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-02-25 13:38:18 -08:00
Lubomir I. Ivanov
04ad50cb75 Improvements to the "Download from Webservice" dialog
- Added a help button that links to the online API page and should provide
a sufficient start to the new user.
- Use download_dialog_response_cb as a callback for most dialog reponses
instead of waiting for gtk_dialog_run() and using goto e.g. in the case
of GTK_RESPONSE_HELP.
- Fixed some integer signedness warnings in download_dialog_traverse_xml()

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-02-25 12:56:59 -08:00
Lubomir I. Ivanov
3848cac30f Fixed a memory leak in webservice.c
webservice.c:webservice_download_dialog()
If a value for previous UID is returned from the user config
via subsurface_get_conf("webservice_uid"), make sure to
free the string near the function return.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-02-09 11:39:42 -08:00
Dirk Hohndel
635c28923d Better algorithm to merge gps locations & locations names from webservice
This no longer abuses the dive merging code (which would leave stray
"dives" behind if a gps fix couldn't be merged with any of the dives) and
instead parses the gps fixes into a second table and then walks that table
and tries to find matching dives.

The code tries to be reasonably smart about this. If we have
auto-generated GPS fixes at regular intervals, we look for a fix that is
during a dive (that's likely when the boat where the phone is staying dry
is more or less above the diver having fun). And if we have named entries
(so the user typed in a location name) we try to match them in order to
the dives that happened "that day" (where "that day" is about 6h before
and after the timestamp of the gps fix).

This commit also renames dive_has_location() to dive_has_gps_location() as
the difference between if(!dive->location) and if(dives_has_location) is a
bit too subtle...

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-31 14:29:02 +11:00
Dirk Hohndel
8843ee6156 Allow using two different tables to hold dives and gps locations
This only changes the infrastructure and actually loses functionality as
it no longer does the simplistic "just treat the locations as dives and
merge them".

The new code that does something "smart" with the gps_location_table is
yet to be written. But now we can use the XML parser to put the gps
locations downloaded from the webservice into their own data structure.

In the process I noticed that we never used the two delete functions in
parse-xml.c and removed them.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-31 12:01:03 +11:00
Lubomir I. Ivanov
3aa41635f0 Support the webservice API update
Also make sure to pass the "Accept" request header
set to "text/xml", so that XML is retrieved.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-29 20:34:05 +11:00
Lubomir I. Ivanov
9acb52b9ee Store/Retrieve last entered webservice UID to/from config.
We use subsurface_set_conf() subsurface_get_conf() to store
and recall the prefered UID for the download.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-24 12:07:45 -08:00
Dirk Hohndel
c521aec884 Import and merge GPS data from the webservice
Dive locations marked (and named) via the companion app are downloaded
from the webservice, parsed and merged with the existing dives.

Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-23 11:53:42 -08:00
Lubomir I. Ivanov
9fa6b224f7 Fixed some small issues in webservice.c
1) download_dialog_status_text() had some statements with no effect
due to missing return keywords. This fixes incorrect error reporting.

2) Optimize the traversion of the response XML. Assuming that the
status tag should be always under the root tag. We check if the
root tag has children and enter a loop until we find a the
"download" or "error" node names. If there are no children
we return a parser error.

3) Clamp the number of input characters to 30 in the user id
GtkEntry field.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-18 10:07:17 -08:00
Lubomir I. Ivanov
a5ee2b66e1 Added client side communication to the Subsurface Web Service
A couple of new files webservice.c and webservice.h are added.

webservice.h exposes two methods at the moment:
- webservice_download_dialog():
this function creates the user interface for the download dialog
from the web service.
- webservice_request_user_xml()
this function is a direct call to retrieve XML for a specific
user identifier. the actual data, data length and error codes
are stored in passed pointers.

A menu entry is added in the Log menu:
"Download From Web Service"

The used backend for communication at the moment is provided
by libsoup.

Signed-off-by: Lubomir I. Ivanov <neolit123@gmail.com>
Signed-off-by: Dirk Hohndel <dirk@hohndel.org>
2013-01-17 22:29:24 -08:00