Merge branch 'main' into coverity

baresip · May 22, 2024 · d8b161b · d8b161b
2 parents 201873a + 24671f1
commit d8b161b
Show file tree

Hide file tree

Showing 12 changed files with 54 additions and 38 deletions.
diff --git a/.github/workflows/abi.yml b/.github/workflows/abi.yml
@@ -15,7 +15,7 @@ jobs:
     steps:
     - uses: actions/checkout@v4
       with:
-          ref: 'v3.10.0'
+          ref: 'v3.11.0'
           path: old
 
     - uses: actions/checkout@v4

diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -6,6 +6,31 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/),
 and this project adheres to [Semantic Versioning](https://semver.org/spec/v2.0.0.html).
 
 
+## [v3.12.0] - 2024-05-15
+
+## What's Changed
+* cmake: fix static library build (vcpkg) by @alfredh in https://github.com/baresip/re/pull/1096
+* h264: add STAP-A decode with long startcodes by @alfredh in https://github.com/baresip/re/pull/1101
+* sess,request: deref request and ctrans immediately by @maximilianfridrich in https://github.com/baresip/re/pull/1099
+* ua: enforce magic cookie in Via branch by @maximilianfridrich in https://github.com/baresip/re/pull/1102
+* sip/auth: SHA-256 digest algorithm support by @sreimers in https://github.com/baresip/re/pull/1103
+* ci/coverage: increase min. coverage by @sreimers in https://github.com/baresip/re/pull/1106
+* rtp: fix correct logging text by @alfredh in https://github.com/baresip/re/pull/1109
+* types: fix RE_ARG_SIZE gcc bit fields by @sreimers in https://github.com/baresip/re/pull/1110
+* fmt: use re_fprintf instead of DEBUG_WARNING to avoid deadlock by @alfredh in https://github.com/baresip/re/pull/1112
+* dbg: remove support for logfile by @alfredh in https://github.com/baresip/re/pull/1111
+* test: add usage of rtcp_msg_print() by @alfredh in https://github.com/baresip/re/pull/1105
+* http/client: add setter to disable tls server verification by @maximilianfridrich in https://github.com/baresip/re/pull/1114
+* dbg: mutex should be unlocked while calling print handler by @alfredh in https://github.com/baresip/re/pull/1113
+* Update README.md by @alfredh in https://github.com/baresip/re/pull/1115
+* http/request: reset body mbuf pos on re-sending by @maximilianfridrich in https://github.com/baresip/re/pull/1116
+* bump version by @alfredh in https://github.com/baresip/re/pull/1118
+* cmake: bump soversion by @alfredh in https://github.com/baresip/re/pull/1119
+
+
+**Full Changelog**: https://github.com/baresip/re/compare/v3.11.0...v3.12.0
+
+
 ## [v3.11.0] - 2024-04-09
 
 ### What's Changed

diff --git a/CMakeLists.txt b/CMakeLists.txt
@@ -14,13 +14,13 @@
 cmake_minimum_required(VERSION 3.14)
 
 project(re
-  VERSION 3.11.0
+  VERSION 3.12.0
   LANGUAGES C
   HOMEPAGE_URL https://github.com/baresip/re
   DESCRIPTION "Generic library for real-time communications"
 )
 
-set(PROJECT_SOVERSION 23) # bump if ABI breaks
+set(PROJECT_SOVERSION 24) # bump if ABI breaks
 
 # Pre-release identifier, comment out on a release
 # Increment for breaking changes (dev2, dev3...)

diff --git a/cmake/re-config.cmake b/cmake/re-config.cmake
@@ -163,7 +163,6 @@ if(USE_OPENSSL)
     USE_OPENSSL
     USE_OPENSSL_AES
     USE_OPENSSL_HMAC
-    USE_OPENSSL_SRTP
     USE_TLS
   )
 endif()

diff --git a/mk/Doxyfile b/mk/Doxyfile
@@ -4,7 +4,7 @@
 # Project related configuration options
 #---------------------------------------------------------------------------
 PROJECT_NAME           = libre
-PROJECT_NUMBER         = 3.11.0
+PROJECT_NUMBER         = 3.12.0
 OUTPUT_DIRECTORY       = ../re-dox
 CREATE_SUBDIRS         = NO
 OUTPUT_LANGUAGE        = English

diff --git a/src/http/client.c b/src/http/client.c
@@ -28,8 +28,6 @@
 #define DEBUG_LEVEL 5
 #include <re_dbg.h>
 
-#define PEMBUF_SIZE 512
-
 enum {
 	CONN_TIMEOUT = 30000,
 	RECV_TIMEOUT = 60000,
@@ -1108,8 +1106,9 @@ int http_client_set_cert(struct http_cli *cli, const char *path)
 
 /**
  * Set client certificate in PEM format
+ *
  * @param cli    HTTP Client
- * @param pem    Client certificate in PEM format
+ * @param pem    Client certificate as 0-terminated string in PEM format
  *
  * @return 0 for success, error code otherwise.
  */
@@ -1120,11 +1119,19 @@ int http_client_set_certpem(struct http_cli *cli, const char *pem)
 		return EINVAL;
 
 	cli->cert = mem_deref(cli->cert);
-	cli->cert = mbuf_alloc(PEMBUF_SIZE);
+	cli->cert = mbuf_alloc(strlen(pem));
 	return mbuf_write_str(cli->cert, pem);
 }
 
 
+/**
+ * Set client key
+ *
+ * @param cli   HTTP Client
+ * @param path  File path to client key
+ *
+ * @return 0 for success, error code otherwise.
+ */
 int http_client_set_key(struct http_cli *cli, const char *path)
 {
 	int err = 0;
@@ -1143,14 +1150,22 @@ int http_client_set_key(struct http_cli *cli, const char *path)
 }
 
 
+/**
+ * Set client key in PEM format
+ *
+ * @param cli    HTTP Client
+ * @param pem    Client key as 0-terminated string in PEM format
+ *
+ * @return 0 for success, error code otherwise.
+ */
 int http_client_set_keypem(struct http_cli *cli, const char *pem)
 {
 	if (!cli || !str_isset(pem))
 		return EINVAL;
 
 	cli->key = mem_deref(cli->key);
 
-	cli->key = mbuf_alloc(PEMBUF_SIZE);
+	cli->key = mbuf_alloc(strlen(pem));
 	return mbuf_write_str(cli->key, pem);
 }
 

diff --git a/src/http/request.c b/src/http/request.c
@@ -235,6 +235,7 @@ static void resp_handler(int err, const struct http_msg *msg, void *arg)
 	}
 
 	pl_set_mbuf(&auth, abuf);
+	mbuf_set_pos(conn->body, 0);
 	err = send_req(conn, &auth);
 	if (err)
 		goto disconnect;

diff --git a/src/main/openssl.c b/src/main/openssl.c
@@ -6,7 +6,6 @@
 #ifdef HAVE_SIGNAL
 #include <signal.h>
 #endif
-#include <openssl/ssl.h>
 #include <re_types.h>
 #include "main.h"
 
@@ -22,15 +21,9 @@ static void sigpipe_handler(int x)
 
 int openssl_init(void)
 {
-	int err;
-
 #ifdef SIGPIPE
 	(void)signal(SIGPIPE, sigpipe_handler);
 #endif
 
-	err = OPENSSL_init_ssl(OPENSSL_INIT_SSL_DEFAULT, NULL);
-	if (!err)
-		return ENOSYS;
-
 	return 0;
 }
diff --git a/src/sip/transp.c b/src/sip/transp.c
@@ -314,7 +314,8 @@ static bool have_essential_fields(const struct sip_msg *msg)
 		pl_isset(&(msg->from.auri)) &&
 		pl_isset(&(msg->cseq.met)) &&
 		pl_isset(&(msg->callid)) &&
-		pl_isset(&(msg->maxfwd)) &&
+		(pl_isset(&(msg->maxfwd)) ||
+		 !pl_strncmp(&msg->met, "ACK", 3)) &&
 		pl_isset(&(msg->via.branch)))
 		return true;
 

diff --git a/src/tls/openssl/tls.c b/src/tls/openssl/tls.c
@@ -1089,7 +1089,6 @@ int tls_set_verify_client_handler(struct tls_conn *tc, int depth,
  */
 int tls_set_srtp(struct tls *tls, const char *suites)
 {
-#ifdef USE_OPENSSL_SRTP
 	if (!tls || !suites)
 		return EINVAL;
 
@@ -1099,12 +1098,6 @@ int tls_set_srtp(struct tls *tls, const char *suites)
 	}
 
 	return 0;
-#else
-	(void)tls;
-	(void)suites;
-
-	return ENOSYS;
-#endif
 }
 
 
@@ -1265,7 +1258,6 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
 		     uint8_t *cli_key, size_t cli_key_size,
 		     uint8_t *srv_key, size_t srv_key_size)
 {
-#ifdef USE_OPENSSL_SRTP
 	static const char *label = "EXTRACTOR-dtls_srtp";
 	size_t key_size, salt_size, size;
 	SRTP_PROTECTION_PROFILE *sel;
@@ -1336,16 +1328,6 @@ int tls_srtp_keyinfo(const struct tls_conn *tc, enum srtp_suite *suite,
 	mem_secclean(keymat, sizeof(keymat));
 
 	return 0;
-#else
-	(void)tc;
-	(void)suite;
-	(void)cli_key;
-	(void)cli_key_size;
-	(void)srv_key;
-	(void)srv_key_size;
-
-	return ENOSYS;
-#endif
 }
 
 

diff --git a/src/tls/openssl/tls_tcp.c b/src/tls/openssl/tls_tcp.c
@@ -230,7 +230,7 @@ static bool recv_handler(int *err, struct mbuf *mb, bool *estab, void *arg)
 
 	if (SSL_state(tc->ssl) != SSL_ST_OK) {
 
-		if (tc->up) {
+		if (tc->up && !SSL_get_secure_renegotiation_support(tc->ssl)) {
 			*err = EPROTO;
 			return true;
 		}

diff --git a/src/tls/openssl/tls_udp.c b/src/tls/openssl/tls_udp.c
@@ -353,7 +353,7 @@ static void conn_recv(struct tls_conn *tc, struct mbuf *mb)
 
 	if (SSL_state(tc->ssl) != SSL_ST_OK) {
 
-		if (tc->up) {
+		if (tc->up && !SSL_get_secure_renegotiation_support(tc->ssl)) {
 			conn_close(tc, EPROTO);
 			return;
 		}