The second return value is (not insensibly) assumed to be an error. Instead of
returning a value there in the success case, copy the positional arguments
into the existing opts table.
This is the same as the input table (which is mutated during processing), but
if that table was created on the fly, such as by packing `...` it's convenient
if it also gets returned from the parse function.
util.crand can be configured at compile time to use the Linux
getrandom() system call, available from Linux 3.17, but it is still
possible to load it with an older kernel lacking that system call, where
attempting to use it throws an ENOSYS error.
By testing for this on load we can fall back to /dev/urandom in this
case.
The "socket.unix" module exported only a function before
aa1b8cc9bc
when datagram support was added.
Fixes#1717
Thanks rsc and lucas for reporting and testing
Some NATs don't preserve port numbers, which can cause the TURN server's
reported relay address to be incorrect (the TURN server has no way to predict
what the external port is, so it can't be corrected in config like an IP
mismatch can).
It is very common to get the "unknown address" warning with this command, but
people do not always understand it, or know how to debug it. Now we clearly
show the addresses that prosodyctl discovered.
LuaExpat uses a registry reference to track handlers, which makes
it so that an upvalue like this creates a reference loop that keeps the
parser and its handlers from being garbage collected. The same issue has
affected util.xmppstream in the past.
Code for checking:
local xml_parse = require"util.xml".parse;
for i = 1, 10000 do xml_parse("<root/>") end
collectgarbage(); collectgarbage();
print(collectgarbage("count"), "KiB");
A future release of LuaExpat may fix the underlying issue there.
Yes. This is as bad as it sounds. CVE pending.
In Prosody itself, this only affects mod_websocket, which uses util.xml
to parse the <open/> frame, thus allowing unauthenticated remote DoS
using Billion Laughs. However, third-party modules using util.xml may
also be affected by this.
This commit installs handlers which disallow the use of doctype
declarations and processing instructions without any escape hatch. It,
by default, also introduces such a handler for comments, however, there
is a way to enable comments nontheless.
This is because util.xml is used to parse human-facing data, where
comments are generally a desirable feature, and also because comments
are generally harmless.
This may have mistakenly caused link-local addresses to be considered
global. May have caused mod_s2s and prosodyctl check dns to behave
incorrectly on networks using link-local IPv4 addresses. By my
guesstimate, these are extremely rare. Probably minimal impact beyond
a bit longer to establish s2s and some possible confusion from
prosodyctl check dns results.
Ref RFC 3927
