The plugins tend to exit right away after receiving the "quit" signal,
which may come before the ConnectInteractive() response went out.
This may make NM miss the response, and the error details it contains.
Let's make sure we flush the pending traffic out.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/2045
We expect to read NUL terminated strings. Upon NUL, we should do
something. Treat it as a line break.
Fixes: 8ae9cf4698 ('Revert "libnm: buffer reads in nm_vpn_service_plugin_read_vpn_details()"')
This partially reverts commit 4a9fcb0fc3, which replaced one-byte
reads with buffered ones in the VPN service plugin.
Unfortunately the buffering means that commands coming after the magic
"DONE" string were being pulled into the buffer. Secrets agents expect
a "QUIT" to come after the "DONE", and since with buffering "QUIT" was
in the buffer, this led to a twenty-second delay on every VPN
connection using a secrets manager.
https://gitlab.freedesktop.org/NetworkManager/NetworkManager/-/merge_requests/1164
Fixes: 4a9fcb0fc3 ('libnm: buffer reads in nm_vpn_service_plugin_read_vpn_details()')
We use clang-format for automatic formatting of our source files.
Since clang-format is actively maintained software, the actual
formatting depends on the used version of clang-format. That is
unfortunate and painful, but really unavoidable unless clang-format
would be strictly bug-compatible.
So the version that we must use is from the current Fedora release, which
is also tested by our gitlab-ci. Previously, we were using Fedora 34 with
clang-tools-extra-12.0.1-1.fc34.x86_64.
As Fedora 35 comes along, we need to update our formatting as Fedora 35
comes with version "13.0.0~rc1-1.fc35".
An alternative would be to freeze on version 12, but that has different
problems (like, it's cumbersome to rebuild clang 12 on Fedora 35 and it
would be cumbersome for our developers which are on Fedora 35 to use a
clang that they cannot easily install).
The (differently painful) solution is to reformat from time to time, as we
switch to a new Fedora (and thus clang) version.
Usually we would expect that such a reformatting brings minor changes.
But this time, the changes are huge. That is mentioned in the release
notes [1] as
Makes PointerAligment: Right working with AlignConsecutiveDeclarations. (Fixes https://llvm.org/PR27353)
[1] https://releases.llvm.org/13.0.0/tools/clang/docs/ReleaseNotes.html#clang-format
It seems very ugly to read one byte at a time. Use a naive buffered
reader, so that we can read multiple bytes at a time, and return them
one by one.
Also, this now keeps state of any error/EOF. Once we reach EOF, we won't
read again. The previous code did that too, but I think this code is
easier to read.
g_warning() and printing to stdout/stderr are not suitable actions
for a library. If there is something important, find a way to report the
condition to the caller. If it's not important, stay quiet.
"val" and "key" are now marked as nm_auto. They are freed at the end,
and we should not free them before breaking the loop (at least not,
without also clearing the variables).
Fixes: 02dbba49d6 ('libnm: fix leak in nm_vpn_service_plugin_read_vpn_details()')
Found by Coverity:
Error: RESOURCE_LEAK (CWE-772):
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:814: alloc_fn: Storage is returned from allocation function "g_string_new".
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:814: var_assign: Assigning: "key" = storage returned from "g_string_new(line->str + strlen("DATA_KEY="))".
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:815: var_assign: Assigning: "str" = "key".
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:855: leaked_storage: Variable "str" going out of scope leaks the storage it points to.
NetworkManager-1.31.3/src/libnm-client-impl/nm-vpn-service-plugin.c:855: leaked_storage: Variable "key" going out of scope leaks the storage it points to.
# 853| NM_SET_OUT(out_secrets, g_steal_pointer(&secrets));
# 854| }
# 855|-> return success;
# 856| }
# 857|
Fixes: 3dfb72b926 ('service-plugin: allow continuations in the auth-dialog protocol')
