zoneminder

mirror of https://github.com/ZoneMinder/zoneminder.git synced 2026-03-24 16:51:47 -04:00

Author	SHA1	Message	Date
Isaac Connor	7caeedb2be	fix: fix memory leaks in User::find() functions Previously, if zmDbFetch returned a result but mysql_num_rows != 1, the MYSQL_RES was not freed before returning nullptr, causing a memory leak. Now properly frees the result in all code paths. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-03 12:24:07 -05:00
Isaac Connor	914b5b39c1	fix: correct User::Copy() and prevent nullptr dereference in token load 1. User::Copy() was copying monitor_permissions_loaded into group_permissions_loaded, should copy group_permissions_loaded. 2. zmLoadTokenUser() passed getenv() result directly to std::string constructor. If REMOTE_ADDR is not set, getenv() returns nullptr, and constructing std::string from nullptr is undefined behavior. Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>	2026-02-02 21:01:49 -05:00
Isaac Connor	fc17c2d6f1	Add ::find methods and getAuthHash	2025-08-05 14:13:39 -04:00
Aaron Kling	c4683d90a9	Format code using astyle google format Commands used: astyle --style=google --indent=spaces=2 --keep-one-line-blocks src/.cpp astyle --style=google --indent=spaces=2 --keep-one-line-blocks src/.h	2024-03-26 13:43:58 -05:00
Isaac Connor	83cd5200b0	Free user if token is expired.	2024-03-25 09:56:10 -04:00
Isaac Connor	692e1ec745	Only allow loading user by only username if AUTH_RELAY=none. Log successful login as Debug	2024-02-24 07:54:40 -05:00
David Aguilar	2e9379b3f5	zm_user: avoid memory leak when user cannot be authenticated	2024-02-09 22:53:19 -08:00
Isaac Connor	ac2c2225be	Add user we are authentication as to debug	2023-12-12 11:14:29 -05:00
Isaac Connor	edfaaf71ce	Convert username and password to std::string. Fix crash in zmu because we can't convert null to std::string.	2023-11-21 10:49:09 -05:00
Isaac Connor	8d0c25c52a	Change zmLoadAuthUser to use std::string in arguments. Include passing an optional username to allow the SQL to use an index to only compare to that user for efficiency.	2023-11-08 10:54:54 -05:00
Isaac Connor	decf3e307b	Use dbEscapeString on username retrieved from jwt to prevent SQL injection	2023-02-20 12:10:49 -05:00
Isaac Connor	0c41333976	remove extra braces, explicilty handle INHERIT permission and log any other values as a warning	2022-12-02 14:51:53 -05:00
Isaac Connor	fbb9350c58	Remove some extra scope, log group id as well.	2022-11-30 13:00:37 -05:00
Isaac Connor	bfaf8c8b53	Fix logic inversion on testing user Monitors for camera access	2022-11-06 07:46:41 -05:00
Isaac Connor	6265a1ca41	Move from MonitorIds to Monitor_Permissions and Group_Permissions.	2022-11-02 13:25:43 -04:00
Isaac Connor	9db65f5c5f	Remove unneeded = assignments	2022-07-14 12:03:49 -04:00
Peter Keresztes Schmidt	65656de6ce	db: Adjust the query methods to accept std::strings	2021-07-06 10:20:46 +02:00
Peter Keresztes Schmidt	cf9c47149f	db: Add helper for escaping strings and use it	2021-07-06 10:20:45 +02:00
Peter Keresztes Schmidt	d69afc9672	misc: Convert time(nullptr) calls to std::chrono	2021-06-13 23:22:51 +02:00
Peter Keresztes Schmidt	8b87830e3e	Use the new ByteArrayToHexString helper	2021-05-30 22:53:05 +02:00
Peter Keresztes Schmidt	837b32ccff	User: Convert to new hashing API	2021-05-30 22:53:05 +02:00
Peter Keresztes Schmidt	b81689aa3f	Remove libgcrypt as dependency GnuTLS used gcrypt as backend but switched in ~2011 to nettle. Thus we don't need to/shouldn't depend on it.	2021-05-29 21:37:30 +02:00
Peter Keresztes Schmidt	deb12f5613	Restore GnuTLS support after VLA removal `298415fff3` made variables constexpr which led to build failures with GnuTLS.	2021-05-18 00:18:26 +02:00
Peter Keresztes Schmidt	298415fff3	Remove remaining usages of VLAs	2021-05-17 22:12:04 +02:00
Peter Keresztes Schmidt	68bedfe48f	Fix logging format string mismatches * Remove SZFMTD format macro and use %zu instead for size_t. %zu is understood by every compiler nowadays.	2021-04-30 00:26:24 +02:00
Isaac Connor	ccf1599b3a	use better variable names and avoid reusing user	2021-04-20 17:06:29 -04:00
Isaac Connor	de661752ce	pass jwt_token_str by reference	2021-04-20 17:04:45 -04:00
Peter Keresztes Schmidt	e330f8553d	utils: cleanup Split and Join	2021-04-04 00:30:18 +02:00
Peter Keresztes Schmidt	4e8c7d1f7c	Eliminate non-thread-safe calls to localtime localtime uses an internal static storage to which a pointer is given as return value. Due to this it is not safe to call localtime from multiple threads since the same static storage is used. Use localtime_r instead which allows to pass in a tm struct. Fixes: https://github.com/ZoneMinder/zoneminder/security/code-scanning/24 https://github.com/ZoneMinder/zoneminder/security/code-scanning/25 https://github.com/ZoneMinder/zoneminder/security/code-scanning/26 https://github.com/ZoneMinder/zoneminder/security/code-scanning/27 https://github.com/ZoneMinder/zoneminder/security/code-scanning/28 https://github.com/ZoneMinder/zoneminder/security/code-scanning/30 https://github.com/ZoneMinder/zoneminder/security/code-scanning/31 https://github.com/ZoneMinder/zoneminder/security/code-scanning/33 https://github.com/ZoneMinder/zoneminder/security/code-scanning/58 https://github.com/ZoneMinder/zoneminder/security/code-scanning/59 https://github.com/ZoneMinder/zoneminder/security/code-scanning/63 https://github.com/ZoneMinder/zoneminder/security/code-scanning/64 https://github.com/ZoneMinder/zoneminder/security/code-scanning/65	2021-03-21 21:42:02 +01:00
Peter Keresztes Schmidt	9e77324de4	Replace raw mysql_query calls with the zmDb* functions With this we can make sure we have proper locking of our DB connection at all times.	2021-03-06 00:12:18 +01:00
Peter Keresztes Schmidt	0dbc39ee25	Cleanup and reorganize includes With this commit a unified structure for includes is introduced. The general rules: * Only include what you need * Include wherever possible in the cpp and forward-declare in the header The includes are sorted in a local to global fashion. This means for the include order: 0. If cpp file: The corresponding h file and an empty line 1. Includes from the project sorted alphabetically 2. System/library includes sorted alphabetically 3. Conditional includes	2021-02-04 18:02:01 +01:00
Peter Keresztes Schmidt	5a57efdfe2	Replace deprecated C header includes with the C++ ones.	2021-02-04 05:39:03 +01:00
Isaac Connor	4dcce4ac95	Merge branch 'rtsp_server'	2021-01-26 14:22:10 -05:00
Terry Sanders	ef006ca407	Fixed issue where mysql_free_result can get called twice when a vaild username with an incorrect password is used.	2021-01-19 14:47:11 +00:00
Isaac Connor	0a0c99ce7a	fix double free of mysql result	2021-01-15 14:43:31 -05:00
Isaac Connor	a39a656373	Merge branch 'master' into zma_to_thread	2020-09-29 11:02:40 -04:00
Peter Keresztes Schmidt	8f980a1168	Convert NULL/0 to nullptr The 0 -> nullptr changes should definitely improve readability.	2020-08-26 22:03:40 +02:00
Isaac Connor	7575afc8d5	Merge branch 'master' into zma_to_thread	2020-07-21 17:38:32 -04:00
Isaac Connor	4ff341a0f5	Merge branch 'master' into zma_to_thread	2020-05-02 18:03:42 -04:00
Isaac Connor	434f34f027	use delete[] instead of delete.	2020-04-30 11:04:55 -04:00
Isaac Connor	a6ee817bc4	Fix auth by hash	2020-04-28 19:00:42 -04:00
Isaac Connor	e21ffbea7d	Merge branch 'fix_zms'	2020-04-26 18:43:39 -04:00
Isaac Connor	ae9a5766f5	Merge branch 'release-1.34' into fix_zms	2020-04-26 18:19:30 -04:00
Isaac Connor	b0c5abc2c2	Quiet compiler warnings.	2020-04-24 17:51:00 -04:00
Pliable Pixels	9b77f77ac3	better logs	2020-04-23 11:09:39 -04:00
Isaac Connor	8193e4ea4e	replace snprintf with hex table lookup for speed	2020-04-06 11:46:14 -04:00
Isaac Connor	1e38ba871d	Merge branch 'master' into fix_use_of_sprintf	2020-04-06 11:23:12 -04:00
Isaac Connor	c6e0b9be39	Merge branch 'master' into fix_use_of_sprintf	2020-04-06 11:21:43 -04:00
Isaac Connor	98e9355723	snprintf will put the terminator in. We don't have to.	2020-04-06 11:21:02 -04:00
hax0kartik	face73ad7e	Fix compilation	2020-04-05 22:45:47 -04:00

1 2 3

127 Commits