ChatGPT fixes #27
Open
ChatGPT fixes #27
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
Sec-WebSocket-Key. Prefer gnutls_rnd when GNUTLS is enabled, otherwise read from /dev/urandom and only fall back to rand() as a last resort. This avoids predictable keys and aligns with RFC 6455 requirements. Fix the previous change to use std::array correctly: - Use rnd.data() instead of casting the whole array - Use rnd.size() for length Also add necessary includes. This ensures C++11 builds and avoids invalid reinterpret_cast. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
an ALLOW_BROKEN_TLS macro (disabled by default). This avoids accepting broken certificate chains in normal builds. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
- Set FD_CLOEXEC on created sockets. - Apply O_CLOEXEC on both ends of socketpair. This reduces risk of fd leaks across exec. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
in the child branch prior to execvp, using /proc/self/fd on Linux or a getrlimit(RLIMIT_NOFILE) fallback elsewhere. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
<sys/resource.h> for getrlimit, and <cstdlib> for atoi. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
- Providing NO_EXTERNAL_CMD build-time switch to disable execution. - Rejecting dangerous shell metacharacters before calling popen. Note: For highest safety, prefer execvp with argv instead of shell. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
- Include <cstdint> to define uint8_t. - Add bounds checks before accessing value[i+1] and value[i+2]. - Cast to unsigned in snprintf when emitting \u escapes. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
- Prefer gnutls_rnd when GNUTLS is enabled - Otherwise read from /dev/urandom with a final rand() fallback Add required headers so this compiles under C++11. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
queries so Fedora (and other distros) link correctly out of the box. These changes were discovered by using ChatGPT and I take no credit for the contributions. It builds and works under Red Hat Fedora 42.
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Hi there.
I couldn't build the latest version 1.2.2 on Fedora 42 and I asked ChatGPT for help and also asked to fix possible security issues and other enhancements. I guess we should have requested a CVE and agreed on an embargoe but this software isn't crucial like for example bash, sudo and those ones.
These changes needs to be reviewed by a software developer to verify if it's legit and valid or not.
It works for me on Fedora 42.
Cheers,