Set default char * setting pointers to NULL and g_strdup the default

values from static memory, as they will be g_free()'d later if changed
at runtime or from parsing the config.  "Special" settings (struct
special) do not need this as they use their own set functions.

This also fixes a bad bug where default_script pointed to "" somewhere
in static memory instead of an array of PATH_MAX size.  This fixes a
crash when compiled with clang where changing this setting would try
to write a string possibly as large as PATH_MAX and overwrite other
static data.

Finally, make ssl_ca_file static to match all the other strings that
represent files or directories.  Make it a special setting so static
memory is never freed.  As an added bonus, ssl_ca_file is now tilde
expanded.

3 files changed, 52 insertions, 33 deletions

diff --git a/settings.c b/settings.c
index e158ba5..9cd3ff9 100644
--- a/settings.c
+++ b/settings.c
@@ -29,8 +29,13 @@ PangoFontDescription	*oops_font;
 PangoFontDescription	*statusbar_font;
 PangoFontDescription	*tabbar_font;
 
-/* settings that require restart */
+/* non-settings */
 int		tabless = 0;	/* allow only 1 tab */
+char		search_file[PATH_MAX];
+char		command_file[PATH_MAX];
+char		runtime_settings[PATH_MAX]; /* override of settings */
+
+/* settings that require restart */
 int		enable_socket = 0;
 int		single_instance = 0; /* only allow one xombrero to run */
 int		fancy_bar = 1;	/* fancy toolbar */
@@ -50,9 +55,8 @@ int		save_rejected_cookies = 0;
 gint		max_connections = 25;
 gint		max_host_connections = 5;
 int		history_autosave = 0;
-char		search_file[PATH_MAX];
-char		command_file[PATH_MAX];
 int		edit_mode = XT_EM_HYBRID;
+char		*include_config = NULL;
 
 /* runtime settings */
 int		show_tabs = XT_DS_SHOW_TABS;	/* show tabs on notebook */
@@ -65,7 +69,7 @@ int		read_only_cookies = XT_DS_READ_ONLY_COOKIES; /* enable to not write cookies
 int		enable_scripts = XT_DS_ENABLE_SCRIPTS;
 int		enable_plugins = XT_DS_ENABLE_PLUGINS;
 gfloat		default_zoom_level = XT_DS_DEFAULT_ZOOM_LEVEL;
-char		default_script[PATH_MAX] = XT_DS_DEFAULT_SCRIPT;
+char		default_script[PATH_MAX];	/* special setting - is never g_free'd */
 int		refresh_interval = XT_DS_REFRESH_INTERVAL; /* download refresh interval */
 int		enable_plugin_whitelist = XT_DS_ENABLE_PLUGIN_WHITELIST;
 int		enable_cookie_whitelist = XT_DS_ENABLE_COOKIE_WHITELIST;
@@ -73,23 +77,22 @@ int		enable_js_whitelist = XT_DS_ENABLE_JS_WHITELIST;
 int		enable_localstorage = XT_DS_ENABLE_LOCALSTORAGE;
 int		session_timeout = XT_DS_SESSION_TIMEOUT; /* cookie session timeout */
 int		cookie_policy = XT_DS_COOKIE_POLICY;
-char		*ssl_ca_file = NULL;
+char		ssl_ca_file[PATH_MAX];		/* special setting - is never g_free'd */
 gboolean	ssl_strict_certs = XT_DS_SSL_STRICT_CERTS;
 gboolean	enable_strict_transport = XT_DS_ENABLE_STRICT_TRANSPORT;
 int		append_next = XT_DS_APPEND_NEXT; /* append tab after current tab */
-char		*home = NULL;	/* allocated and set at startup */
-char		*search_string = NULL;
-char		*http_proxy = XT_DS_HTTP_PROXY;
+char		*home = NULL;			/* allocated/set at startup */
+char		*search_string = NULL;		/* allocated/set at startup */
+char		*http_proxy = NULL;
 int		download_mode = XT_DM_START;
-char		runtime_settings[PATH_MAX]; /* override of settings */
 int		color_visited_uris = XT_DS_COLOR_VISITED_URIS;
 int		session_autosave = XT_DS_SESSION_AUTOSAVE;
 int		guess_search = XT_DS_GUESS_SEARCH;
 gint		enable_spell_checking = XT_DS_ENABLE_SPELL_CHECKING;
-char		*spell_check_languages = XT_DS_SPELL_CHECK_LANGUAGES;
+char		*spell_check_languages = NULL;	/* allocated/set at startup */
 int		xterm_workaround = XT_DS_XTERM_WORKAROUND;
-char		*url_regex = NULL;	/* allocated/set at startup */
-char		*encoding = NULL;	/* allocated/set at startup */
+char		*url_regex = NULL;		/* allocated/set at startup */
+char		*encoding = NULL;		/* allocated/set at startup */
 int		autofocus_onload = XT_DS_AUTOFOCUS_ONLOAD;
 int		enable_js_autorun = XT_DS_ENABLE_JS_AUTORUN;
 int		userstyle_global = XT_DS_USERSTYLE_GLOBAL;
@@ -97,11 +100,10 @@ int		auto_load_images = XT_DS_AUTO_LOAD_IMAGES;
 int		enable_autoscroll = XT_DS_ENABLE_AUTOSCROLL;
 int		enable_favicon_entry = XT_DS_ENABLE_FAVICON_ENTRY;
 int		enable_favicon_tabs = XT_DS_ENABLE_FAVICON_TABS;
-char		*external_editor = NULL;	/* set/allocated at startup */
+char		*external_editor = NULL;
 int		referer_mode = XT_DS_REFERER_MODE;
 char		*referer_custom = NULL;
 int		download_notifications = XT_DS_DOWNLOAD_NOTIFICATIONS;
-char		*include_config = NULL;
 
 char		*cmd_font_name = NULL;	/* these are all set at startup */
 char		*oops_font_name = NULL;
@@ -116,6 +118,7 @@ char		*get_edit_mode(struct settings *);
 char		*get_download_mode(struct settings *);
 char		*get_work_dir(struct settings *);
 char		*get_referer(struct settings *);
+char		*get_ssl_ca_file(struct settings *);
 
 int		add_cookie_wl(struct settings *, char *);
 int		add_js_wl(struct settings *, char *);
@@ -209,7 +212,7 @@ set_http_proxy(char *proxy)
 
 	/* see if we need to clear it */
 	if (proxy == NULL || strlen(proxy) == 0) {
-		setup_proxy(XT_DS_HTTP_PROXY);
+		setup_proxy(NULL);
 		return (0);
 	}
 
@@ -304,6 +307,12 @@ struct special		s_default_script = {
 	NULL
 };
 
+struct special		s_ssl_ca_file = {
+	set_ssl_ca_file,
+	get_ssl_ca_file,
+	NULL
+};
+
 struct special		s_download_dir = {
 	set_download_dir,
 	get_download_dir,
@@ -391,7 +400,7 @@ struct settings		rs[] = {
 	{ "show_url",			XT_S_INT, 0,		&show_url, NULL, NULL, NULL, set_show_url },
 	{ "show_statusbar",		XT_S_INT, 0,		&show_statusbar, NULL, NULL, NULL, set_show_statusbar },
 	{ "spell_check_languages",	XT_S_STR, 0, NULL,	&spell_check_languages, NULL, NULL, set_spell_check_languages },
-	{ "ssl_ca_file",		XT_S_STR, 0, NULL,	&ssl_ca_file, NULL, NULL, set_ssl_ca_file_rt },
+	{ "ssl_ca_file",		XT_S_STR, 0, NULL, NULL,&s_ssl_ca_file, NULL, set_ssl_ca_file_rt },
 	{ "ssl_strict_certs",		XT_S_INT, 0,		&ssl_strict_certs, NULL, NULL, NULL, set_ssl_strict_certs },
 	{ "enable_strict_transport",	XT_S_INT, 0,		&enable_strict_transport, NULL, NULL, NULL, set_enable_strict_transport },
 	{ "statusbar_elems",		XT_S_STR, 0, NULL,	&statusbar_elems, NULL, NULL, NULL },
@@ -1834,6 +1843,14 @@ set_referer_rt(char *value)
 	return (set_referer(NULL, value));
 }
 
+char *
+get_ssl_ca_file(struct settings *s)
+{
+	if (strlen(ssl_ca_file) == 0)
+		return (NULL);
+	return (g_strdup(ssl_ca_file));
+}
+
 int
 set_refresh_interval(char *value)
 {
@@ -1972,13 +1989,11 @@ int
 set_ssl_ca_file_rt(char *value)
 {
 	if (value == NULL || strlen(value) == 0) {
-		if (ssl_ca_file != NULL)
-			g_free(ssl_ca_file);
-		ssl_ca_file = NULL;
+		strlcpy(ssl_ca_file, XT_DS_SSL_CA_FILE, sizeof ssl_ca_file);
 		g_object_set(session, SOUP_SESSION_SSL_CA_FILE, "", NULL);
 		return (0);
 	} else
-		return (set_ssl_ca_file(value));
+		return (set_ssl_ca_file(NULL, value));
 }
 
 int
diff --git a/xombrero.c b/xombrero.c
index 3dcae0f..1d63855 100644
--- a/xombrero.c
+++ b/xombrero.c
@@ -455,7 +455,7 @@ get_current_tab(void)
 }
 
 int
-set_ssl_ca_file(char *file)
+set_ssl_ca_file(struct settings *s, char *file)
 {
 	struct stat		sb;
 
@@ -465,9 +465,7 @@ set_ssl_ca_file(char *file)
 		warnx("no CA file: %s", file);
 		return (-1);
 	}
-	if (ssl_ca_file)
-		g_free(ssl_ca_file);
-	ssl_ca_file = g_strdup(file);
+	expand_tilde(ssl_ca_file, sizeof ssl_ca_file, file);
 	g_object_set(session,
 	    SOUP_SESSION_SSL_CA_FILE, ssl_ca_file,
 	    SOUP_SESSION_SSL_STRICT, ssl_strict_certs,
@@ -1937,6 +1935,7 @@ done:
 int
 cert_cmd(struct tab *t, struct karg *args)
 {
+	struct stat		sb;
 	const gchar		*uri, *error_str = NULL;
 	char			domain[8182];
 	int			s = -1;
@@ -1948,7 +1947,7 @@ cert_cmd(struct tab *t, struct karg *args)
 	if (t == NULL)
 		return (1);
 
-	if (ssl_ca_file == NULL) {
+	if (stat(ssl_ca_file, &sb)) {
 		show_oops(t, "Can't open CA file: %s", ssl_ca_file);
 		return (1);
 	}
@@ -3611,6 +3610,7 @@ void
 show_ca_status(struct tab *t, const char *uri)
 {
 	GdkColor		color;
+	struct stat		sb;
 	gchar			*col_str = XT_COLOR_WHITE, *text, *base;
 
 	DNPRINTF(XT_D_URL, "show_ca_status: %d %s %s\n",
@@ -3621,7 +3621,7 @@ show_ca_status(struct tab *t, const char *uri)
 
 	if (uri == NULL)
 		goto done;
-	if (ssl_ca_file == NULL) {
+	if (stat(ssl_ca_file, &sb)) {
 		if (g_str_has_prefix(uri, "http://"))
 			goto done;
 		if (g_str_has_prefix(uri, "https://")) {
@@ -7932,7 +7932,7 @@ main(int argc, char **argv)
 	/* compile buffer command regexes */
 	buffercmd_init();
 
-	/* set default string settings */
+	/* set default dynamic string settings */
 	home = g_strdup(XT_DS_HOME);
 	search_string = g_strdup(XT_DS_SEARCH_STRING);
 	resource_dir = g_strdup("/usr/local/share/xombrero/");
@@ -7944,6 +7944,13 @@ main(int argc, char **argv)
 	statusbar_elems = g_strdup("BP");
 	spell_check_languages = g_strdup(XT_DS_SPELL_CHECK_LANGUAGES);
 	encoding = g_strdup(XT_DS_ENCODING);
+	spell_check_languages = g_strdup(XT_DS_SPELL_CHECK_LANGUAGES);
+
+	/* set statically allocated (struct special) settings */
+	expand_tilde(default_script, sizeof default_script,
+	    XT_DS_DEFAULT_SCRIPT);
+	expand_tilde(ssl_ca_file, sizeof ssl_ca_file,
+	    XT_DS_SSL_CA_FILE);
 
 	/* read config file */
 	if (strlen(conf) == 0)
@@ -8071,9 +8078,6 @@ main(int argc, char **argv)
 	session = webkit_get_default_session();
 	setup_cookies();
 
-	/* certs */
-	set_ssl_ca_file(ssl_ca_file);
-
 	/* guess_search regex */
 	if (url_regex == NULL)
 		url_regex = g_strdup(XT_URL_REGEX);
diff --git a/xombrero.h b/xombrero.h
index 78812ed..cac8ca8 100644
--- a/xombrero.h
+++ b/xombrero.h
@@ -566,11 +566,11 @@ int		fork_exec(struct tab *, char *, const gchar *, char *, int);
 #define XT_DS_SESSION_TIMEOUT	(3600)
 #define XT_DS_COOKIE_POLICY	SOUP_COOKIE_JAR_ACCEPT_ALWAYS
 #define XT_DS_SSL_STRICT_CERTS	FALSE
+#define XT_DS_SSL_CA_FILE	("")
 #define XT_DS_ENABLE_STRICT_TRANSPORT	TRUE
 #define XT_DS_APPEND_NEXT	(1)
 #define XT_DS_HOME		("https://www.cyphertite.com/")
 #define XT_DS_SEARCH_STRING	("about:search")
-#define XT_DS_HTTP_PROXY	NULL
 #define XT_DS_COLOR_VISITED_URIS	(1)
 #define XT_DS_SESSION_AUTOSAVE	(0)
 #define XT_DS_GUESS_SEARCH	(0)
@@ -673,7 +673,7 @@ int		set_encoding(struct tab *, struct karg *);
 int		set_gui_mode(struct settings *, char *);
 int		set_cookie_policy(struct settings *, char *);
 int		set_search_string(char *);
-int		set_ssl_ca_file(char *);
+int		set_ssl_ca_file(struct settings *, char *);
 char		*get_browser_mode(struct settings *);
 char		*get_gui_mode(struct settings *);
 char		*get_cookie_policy(struct settings *);
@@ -720,7 +720,7 @@ extern int	enable_cookie_whitelist;
 extern int	enable_js_whitelist;
 extern int	session_timeout;
 extern int	cookie_policy;
-extern char	*ssl_ca_file;
+extern char	ssl_ca_file[PATH_MAX];
 extern char	*resource_dir;
 extern gboolean	ssl_strict_certs;
 extern gboolean	enable_strict_transport;