- instead of using /dev/[u]random devices, use
getrandom() and/or getentropy() to make direct
system calls if sys/random.h is available.
- if getrandom() fails, we need to fall back
to "/dev/[u]random" approach.
Signed-off-by: Bayram Çiçek <bayram.cicek@libreoffice.org>
Change-Id: Ied37d72feabf005725b615b02854912809236bbc
Emscripten is very opinionated about sys/poll.h so use poll.h instead.
Signed-off-by: Michael Stahl <michael.stahl@allotropia.de>
Change-Id: I9691519e27a080f03a19f0cc0dd8f796fe323062
We no longer emit a fatal (FTL) log when
forced-exiting successfully.
Also, improved are some other logs to
better reflect the severity of the issue.
Change-Id: I22e79f685825f7ecd47cec76c9be9683deff2d55
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This decodes strings encoded using
encodeURIComponent.
For now, it wraps Poco::URI::decode,
which should be replaced in the future.
Change-Id: I608b327be81aeda37d2afc4dfd29828658e92dc8
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This is compatible with the JavaScript
encodeURIComponent(), which supports
XML embedding.
Change-Id: I38bb64af67789bd5eea3f8f8bdb7f80e313599fb
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Eg. if only the version was changed, config.h was updated, and
everything was recompiled.
New structure, maintain these manually:
config.h.in - for configured variables that are stable if
configuration parameters are unchanged
config_version.h.in - for version/hash related variables
----
config_unused.h.in - still generated by autoheader with all
variables, don't use it
Signed-off-by: Aron Budea <aron.budea@collabora.com>
Change-Id: Id9a50a9f1e798a3b3814778d8683b7d7cb57bb29
This adds support for code-coverage HTML reporting.
To achieve this, we must use file-linking in jails
so that we can update the coverage data (.gcda files)
from the jails. This means that creating jails is
slower than with bind-mounting and we need to
account for that in our timeouts.
We also can't kill child processes with SIGKILL,
which is un-catchable. Instead, we use SIGTERM
and dump the profile data before exiting.
Change-Id: I16fa534f6ed42f7133014d841bb024423315e0a4
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
We need to flush and shutdown logging before exiting,
so we can't use _exit/_Exit directly.
In addition, with profiling (e.g. code-coverage) we
must flush the profile data, lest it's all for naught.
Change-Id: I726c5a2f4e699c17dd0d7d5b1c86d856e0118b3c
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
if host has regex and group has no aliases, when we receive first request from host pattern we considered it as original host and all the host following first request which matches the pattern are considered as aliases
for example:
<group>
<host>https://.*:80</host>
</group>
if we receives first request from asustuf then behaviour will similar to the following config:
<group>
<host>https://asustuf:80</host>
<alias>https://.*:80</alias>
</group>
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: I70fb91a4bb7bf38ed79db9efd9fe4bc46db325e1
We have around ~8k smaps lines for each process, polled regularly.
Change-Id: I7e78b17e52aeaec55fa17c5192a940aa9e44b045
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
In an attempt to reduce the size of Util.{c,h}pp
which has grown to contain all sorts of unrelated
helpers, we move StringVector helpers into
the StringVector.{c,h}pp files.
This makes the code better organized.
Change-Id: I152f341606807ae66253415b951bc9f89b09df57
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
fix: in regex, escaping special character fails to find host of the alias
Signed-off-by: Rash419 <rashesh.padia@collabora.com>
Change-Id: I19bfacc5e45af26832cb8c6a7d249e0c7de56624
The timestamps now helpfully include how
long ago they were.
This also improves the conversion between
chrono clocks by adding generic functions.
Change-Id: I18081330564c8d969b9364cf1b9e33546e241280
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
We cleanup all the relevant objects and instances
before exiting the wsd process, however some libraries
may still misbehave and deadlock during this final
cleanup stage. Notably, Poco has been observed to
deadlock during cleaning up the SSL context static
instance (used for the singleton) by waiting on
its internal mutex indefinitely.
Here we exit forcefully after cleaning up.
Change-Id: I76621c1de7f9a4ff918624b3019b9869c08787c2
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
(cherry picked from commit f776d87cf595bab084e53202777251a38e482147)
Why pass a dozen empty arguments each time: someone bitten
again by the default vector constructor.
Signed-off-by: Michael Meeks <michael.meeks@collabora.com>
Change-Id: I31bc6f23f0b5d7352b85d3df4b7b5298199044a1
Write to the Trace Event JSON file in just one place, protected by a
mutex.
Handle metadata events separately. We want them to propagate to the
output if Event Trace generation is just enabled, regardless whether
it has been turned on or not.
We can send the metadata for the Kit process only after we have opened
the docuemnt as sending a Trace Event to WSD uses the (singleton)
Document object in Kit.
Introduce some new functions for the above and adapt callers
appropriately.
Generate a Complete event for the handling of one image tile, from
setting the src attribute of the Image object to finishing the onload
function.
Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: I5978e0fb2495e0d2dc479bf861eb4ac7da03fa50
Move the generic dummy implementation of
TraceEvent::emitOneRecording() to a source file of its own. (That is
the one which is used in test and tool executables.)
Signed-off-by: Tor Lillqvist <tml@collabora.com>
Change-Id: I81cab07e5a6852b42d278a5446c13c3825cf546e
std::atoi() assumes a null-terminated string and our strings are not
always null-terminated. So add a version that takes a length parameter,
this way we don't have to copy strings around.
Also switch to this in http::StatusLine::parse().
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
Change-Id: I449b356c1b9948c562434618596e8e3b38656088
An anti-feature, Poco's HexBinaryEncoder inserts
gratuitous line breaks (0x0A) every 32 bytes,
which is neither expected nor necessary.
No idea what use line breaks could have in a
hex encoder (unless it assumes it's only
possible use is to dump data for investigation).
We hadn't observed this because we generate
random hex strings of 8 to 16 bytes long.
But having used it for random URLs that
are up to 1024 bytes long, I started getting
invalid URLs.
Another reason to hasten the removal of Poco,
especially when we have our hex converter
anyway (not that it would matter if we didn't).
Change-Id: Ib674e8ed607db1effef476f1f3478da76c4f6464
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
And a couple of const cases.
The removed const is to allow move on return.
Change-Id: I7a81b531e75c39379871f5ffeb82d49ba1110ab1
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Most C and Posix API clobber errno. By failing to save
it immediately after invoking an API we risk simply
reporting the result of an arbitrary subsequent API call.
This adds LOG_SYS_ERRNO to take errno explicitly.
This is necessary because sometimes logging is not done
immediately after calling the function for which we
want to report errno. Similarly, log macros that log
errno need to save errno before calling any functions.
This is necessary as the argements might contain calls
that clobber errno.
This also converts some LOG_SYS entries to LOG_ERR
because there can be no relevant errno in that context
(f.e. in a catch clause).
A couple of LOG_ macros have been folded into others,
reducing redundancy.
Finally, both of these log macros append errno to the
log message, so there is little point in ending the
messages with a period.
Change-Id: Iecc656f67115fec78b65cad4e7c17a17623ecf43
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
The fuzzer ran out of memory, 955443527 bytes (79%) of the used memory
was this map.
Change-Id: I2dd84a094d3dd3d98618667e3c78591e2193bce2
Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
size_t in C and in C++ are not necessarily the same
type. The C++ size_t is in the std namespace. Since
we do include many C headers, and indeed some C++
runtime headers do define size_t for backwards
compatibility, it's easy to mix and match the two
types.
Also, 'using std::size_t;' isn't a great practice,
so removed.
This is not exhaustive, just some low-hanging cases.
Change-Id: I85a36b6fd1acd204274b1869de9bcb94c8b3cf13
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
This replaces Util::getFileTimestamp with
FileUtil::Stat::modifiedTimepoint() and fixes a potential bug:
getFileTimestamp had only 1 second precision (it simply dropped
sub-second data). This could mean that any modifications to a file
within a second could not be detected.
Minor simplifications done where possible and overly long lines
have been reformatted.
This is a non-functional change (except that file modified-time
now supports microsecond precision).
Change-Id: I3606638a86fc3e00c0ad5cb602bdbb2b4651867b
Signed-off-by: Ashod Nakashian <ashod.nakashian@collabora.co.uk>
Our header parses was overly simplistic and
didn't support a number of corner cases that
rfc2616 specifies (folding, for example). The
new approach is to simply normalize the headers by
removing invalid line-breaks and then let the
MessageHeader parser take care of parsing the
headers individually, which we then set on the request.
The new utility setHttpHeaders should be used
whenever we need to set a header in an request
to make sure it are sanitized and valid.
Change-Id: Ifa16fa9364f42183316749276c5d0a4c556cb740
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96371
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ash@collabora.com>
loolmount now works and supports mounting and
unmounting, plus numerous improvements,
refactoring, logging, etc.. When enabled,
binding improves the jail setup time by anywhere
from 2x to orders of magnitude (in docker, f.e.).
A new config entry mount_jail_tree controls
whether mounting is used or the old method of
linking/copying of jail contents. It is set to
true by default and falls back to linking/copying.
A test mount is done when the setting is enabled,
and if mounting fails, it's disabled to avoid noise.
Temporarily disabled for unit-tests until we can
cleanup lingering mounts after Jenkins aborts our
build job. In a future patch we will have mount/jail
cleanup as part of make.
The network/system files in /etc that need frequent
refreshing are now updated in systemplate to make
their most recent version available in the jails.
These files can change during the course of loolwsd
lifetime, and are unlikely to be updated in
systemplate after installation at all. We link to
them in the systemplate/etc directory, and if that
fails, we copy them before forking each kit
instance to have the latest.
This reworks the approach used to bind-mount the
jails and the templates such that the total is
now down to only three mounts: systemplate, lo, tmp.
As now systemplate and lotemplate are shared, they
must be mounted as readonly, this means that user/
must now be moved into tmp/user/ which is writable.
The mount-points must be recursive, because we mount
lo/ within the mount-point of systemplate (which is
the root of the jail). But because we (re)bind
recursively, and because both systemplate and
lotemplate are mounted for each jails, we need to
make them unbindable, so they wouldn't multiply the
mount-points for each jails (an explosive growth!)
Contrarywise, we don't want the mount-points to
be shared, because we don't expect to add/remove
mounts after a jail is created.
The random temp directory is now created and set
correctly, plus many logging and other improvements.
Change-Id: Iae3fda5e876cf47d2cae6669a87b5b826a8748df
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/92829
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Ashod Nakashian <ashnakash@gmail.com>
The access_header can contain a lot of nonsense, like whitespace around
or additional \n's or \r's. We used to sanitize that, but then
regressed in e95413d151 where the
"tokenize by any of \n\r" was by mistake replaced with "tokenize by
string '\n\r'".
Unfortunately the unit test didn't uncover that, and the further
refactorings of the related code have hidden that even more.
Change-Id: Ie2bf950d0426292770b599e40ee2401101162ff2
Reviewed-on: https://gerrit.libreoffice.org/c/online/+/96638
Tested-by: Jenkins
Tested-by: Jenkins CollaboraOffice <jenkinscollaboraoffice@gmail.com>
Reviewed-by: Andras Timar <andras.timar@collabora.com>
