Comments (15)
In an attempt to summarize the mentioned discussions, I believe this is about: Double check if "auto-generated" TLVs (padding, and maybe the SMP-related - see #83) can work together with user's TLVs.
I believe the concern here is memory management. Double check how the API can be used to send a message with no user's TLVs (using NULL
should be enough), and review append_padding_tlv
thinking about memory ownership.
from libotr-ng.
OK, I'll take a look at the points and places you mentioned. But as you say, some of this work is also part of the other two issues. I'll see what I can do, and then declare this issue finished. =)
from libotr-ng.
Well, the function is set_tlv_type. So, if we don't assign anything, the TLV will end up having type PADDING - which is not correct. So the alternative is that set_tlv_type returns a boolean or error type. It's generally not very common for "setters" to have a result like that, but sure, that's possible.
However, the real problem comes later. set_tlv_type is called from parse_tlv, which returns the newly created TLV. I assume your proposal is that we return an error or NULL from that function - if we the current code doesn't have a specific error type, instead, NULL is returned to mark problems with allocation, so NULL actually is an error. But getting an unknown type is not an error, so this function has to change to return both a potential TLV, and an error, and any consumers of that dealing with those alternatives.
Does that sound like what you think should be done?
from libotr-ng.
@claucece - could you please expand on "Some TLVs that don't have the 'value' type are been putted like so, for example." - I'm not sure I understand what you mean here.
from libotr-ng.
OK, the only thing left on this one is the final point needing clarification from @claucece - and then a once over of all the TLV usage in the code base. But it looks pretty good right now.
from libotr-ng.
@olabini This is part of a very big question. First the SMP tlvs are not really tested from an API level. See this test: https://github.com/otrv4/libotr-ng/blob/master/src/test/test_smp.c#L25 that returns prior to be executed. On tests that should test the API (and functions from there, for example, the ones used for a state machine), we are using tlv unit functions. See: https://github.com/otrv4/libotr-ng/blob/master/src/test/test_api.c#L171. Here otrng_tlv_new
is being used, when something like otrng_smp_start
or similar should be used. The way otrng_tlv_new
does not even represent a real TLV: the value is completely arbitrary. Should be used something like this: https://github.com/otrv4/libotr-ng/blob/master/src/test/test_api.c#L1230 (not ideal, but that actually tests the API, not the unit TLV functions). This perhaps is part of issue #101 or #83
On a side note, do you think we still need a OTRNG_TLV_NONE
?
from libotr-ng.
About OTRNG_TLV_NONE - the only place it can happen is when we receive a TLV type that we don't recognize. Since that is something that can happen, and we're using an enum type for the TLV type, I do think we need to keep it.
from libotr-ng.
OK, I have now fixed up some of the tests too. I think most of the stuff around TLVs have been fixed. The problems with the API tests are wider than can be covered in this issue, but I've sorted out the issues @claucece pointed out in the above comment.
from libotr-ng.
Great! Ok, I'll add some further test checking to #101 .
@olabini I vote for removing OTRNG_TLV_NONE
.
from libotr-ng.
OK. So about OTRNG_TLV_NONE, what should we do when we receive an unknown TLV?
from libotr-ng.
So about OTRNG_TLV_NONE, what should we do when we receive an unknown TLV?
For me, error (return NULL, or bool or whatever is been used). Right now, it seems like we are creating a tlv with type OTRNG_TLV_NONE
, which shouldn't even exist.
from libotr-ng.
Yeah. We have one or two other places that ignore that TLV, just as we ignore Padding TLVs.
But remember, receiving an unknown TLV is not an error. It's completely allowed by the spec, and we should allow it and treat it by ignoring it.
from libotr-ng.
from libotr-ng.
Mmm...
It's completely allowed by the spec, and we should allow it and treat it by ignoring it.
Yeah. That is why for me, when an unknown type comes, we should not assign anything to it (not a type) and just ignore it (by returning or similar).
Maybe rename
OTRNG_TLV_NONE
toOTRNG_TLV_UNKNOWN
or
OTRNG_TLV_UNSUPPORTED
, if theNONE
is the source of confusion.
No. It is more about assigning something to something that shouldn't, I guess. ;)
from libotr-ng.
@olabini Then I guess we should keep OTRNG_TLV_NONE
. Thanks.
from libotr-ng.
Related Issues (20)
- Fingerprints - v4 - ensure the other keylist buttons work HOT 1
- Fingerprints - v3 - support the connect button
- Fingerprints - v3 - support the disconnect button
- Fingerprints - v3 - support the forget fingerprint button
- Fingerprints - v3 - support the verify fingerprint button HOT 1
- The verify fingerprints dialog should support v3 fingerprints HOT 3
- How are timers going to work? (related to session expiration) HOT 9
- Correct fingerprint generation HOT 4
- Ensure that forging keys are used in the Ring Signature HOT 1
- Correct phi generation HOT 1
- Remove inner hash when calculating the authenticator for the data message HOT 1
- Change size of MKenc to 64 byte and use only the first 32 to the encryption function
- Fix the usage ID
- Change the enc algorithm to RFC7538 Chacha20 and set the nonce to zero
- Git master build broken on Arch Linux HOT 2
- Persistence APIs for private keys that use a buffer, not a FILE. HOT 7
- Small snprintf error in otrng_fingerprint_hash_to_human HOT 2
- otrng_serialize_ec_point return value interpreted incorrectly HOT 1
- potential memory leak in otrng_smp_initiate (currently not actually leaking) HOT 2
- Fix the CI HOT 1
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from libotr-ng.