From dc3624945fc22551d9478f59aae26debb2f34ec1 Mon Sep 17 00:00:00 2001 From: csoler Date: Mon, 23 Dec 2019 11:52:32 +0100 Subject: [PATCH 1/2] fixed uninitialized memory read and inconsistent initialization of mReputationScore in GxsReputation --- libretroshare/src/services/p3gxsreputation.h | 12 +++++++----- 1 file changed, 7 insertions(+), 5 deletions(-) diff --git a/libretroshare/src/services/p3gxsreputation.h b/libretroshare/src/services/p3gxsreputation.h index e9a14d4e7..2045e6f05 100644 --- a/libretroshare/src/services/p3gxsreputation.h +++ b/libretroshare/src/services/p3gxsreputation.h @@ -65,12 +65,14 @@ class Reputation { public: Reputation() : - mOwnOpinion(static_cast(RsOpinion::NEUTRAL)), mOwnOpinionTs(0), + mOwnOpinion(static_cast(RsOpinion::NEUTRAL)), + mOwnOpinionTs(0), mFriendAverage(1.0f), - /* G10h4ck: TODO shouln't this be initialized with - * RsReputation::NEUTRAL or UNKOWN? */ - mReputationScore(static_cast(RsOpinion::NEUTRAL)), - mIdentityFlags(0) {} + mFriendsPositive(0), + mFriendsNegative(0), + mReputationScore(1.0f), + mIdentityFlags(0), + mLastUsedTS(0) {} void updateReputation(); From f45a04b3d5b83a90cf3d2fb5e0eacef6bef6c062 Mon Sep 17 00:00:00 2001 From: csoler Date: Tue, 24 Dec 2019 11:48:50 +0100 Subject: [PATCH 2/2] fixed key list not properly updating when importing new key in GenCertDialog, and improved tooltips --- retroshare-gui/src/gui/GenCertDialog.cpp | 15 ++++++++++++--- retroshare-gui/src/gui/connect/ConfCertDialog.cpp | 10 +++++++--- retroshare-gui/src/gui/settings/CryptoPage.ui | 12 +++++++++--- 3 files changed, 28 insertions(+), 9 deletions(-) diff --git a/retroshare-gui/src/gui/GenCertDialog.cpp b/retroshare-gui/src/gui/GenCertDialog.cpp index e81c3794d..4fdb9f714 100644 --- a/retroshare-gui/src/gui/GenCertDialog.cpp +++ b/retroshare-gui/src/gui/GenCertDialog.cpp @@ -242,7 +242,7 @@ void GenCertDialog::initKeyList() RsAccounts::GetPGPLoginDetails(*it, name, email); std::cerr << "Adding PGPUser: " << name << " id: " << *it << std::endl; QString gid = QString::fromStdString( (*it).toStdString()).right(8) ; - ui.genPGPuser->addItem(QString::fromUtf8(name.c_str()) + " <" + QString::fromUtf8(email.c_str()) + "> (" + gid + ")", userData); + ui.genPGPuser->addItem(QString::fromUtf8(name.c_str()) + " (" + gid + ")", userData); haveGPGKeys = true; } } @@ -294,7 +294,8 @@ void GenCertDialog::setupState() ui.reuse_existing_node_CB->setEnabled(adv_state) ; ui.importIdentity_PB->setVisible(adv_state && !generate_new) ; - ui.exportIdentity_PB->setVisible(adv_state && !generate_new) ; + //ui.exportIdentity_PB->setVisible(adv_state && !generate_new) ; + ui.exportIdentity_PB->setVisible(false); // not useful, and probably confusing ui.genPGPuser->setVisible(adv_state && haveGPGKeys && !generate_new) ; @@ -317,6 +318,11 @@ void GenCertDialog::setupState() ui.password_input->setVisible(true); ui.password_label->setVisible(true); + if(generate_new) + ui.password_input->setToolTip(tr("

Put a strong password here. This password will be required to start your Retroshare node and protects all your data.

")); + else + ui.password_input->setToolTip(tr("

Please supply the existing password for the selected profile above.

")); + ui.password2_check_LB->setVisible(generate_new); ui.password2_input->setVisible(generate_new); ui.password2_label->setVisible(generate_new); @@ -468,7 +474,10 @@ bool GenCertDialog::importIdentity() RsAccounts::GetPGPLoginDetails(gpg_id, name, email); std::cerr << "Adding PGPUser: " << name << " id: " << gpg_id << std::endl; - QMessageBox::information(this,tr("New profile imported"),tr("Your profile was imported successfully:")+" \n"+"\nName :"+QString::fromStdString(name)+"\nemail: " + QString::fromStdString(email)+"\nKey ID: "+QString::fromStdString(gpg_id.toStdString())+"\n\n"+tr("You can use it now to create a new node.")) ; + QMessageBox::information(this,tr("New profile imported"),tr("Your profile was imported successfully:")+" \n"+"\nName :"+QString::fromStdString(name)+"\nKey ID: "+QString::fromStdString(gpg_id.toStdString())+"\n\n"+tr("You can use it now to create a new node.")) ; + + initKeyList(); + setupState(); return true ; } diff --git a/retroshare-gui/src/gui/connect/ConfCertDialog.cpp b/retroshare-gui/src/gui/connect/ConfCertDialog.cpp index c6be06b6e..fc56ebef5 100644 --- a/retroshare-gui/src/gui/connect/ConfCertDialog.cpp +++ b/retroshare-gui/src/gui/connect/ConfCertDialog.cpp @@ -306,11 +306,15 @@ QString ConfCertDialog::getCertificateDescription(const RsPeerDetails& detail,bo infotext += "
    " ; if(use_short_format) + { infotext += "
  • a Profile fingerprint"; + infotext += " (" + QString::fromUtf8(detail.name.c_str()) + "@" + detail.fpr.toStdString().c_str()+") " ; + } else - infotext += "
  • a Profile key"; - - infotext += " (" + QString::fromUtf8(detail.name.c_str()) + "@" + detail.gpg_id.toStdString().c_str()+") " ; + { + infotext += "
  • a Profile public key"; + infotext += " (" + QString::fromUtf8(detail.name.c_str()) + "@" + detail.gpg_id.toStdString().c_str()+") " ; + } if(signatures_included && !use_short_format) infotext += tr("with")+" "+QString::number(detail.gpgSigners.size()-1)+" "+tr("external signatures
    • ") ; diff --git a/retroshare-gui/src/gui/settings/CryptoPage.ui b/retroshare-gui/src/gui/settings/CryptoPage.ui index 50c0c84fb..bbda9302c 100755 --- a/retroshare-gui/src/gui/settings/CryptoPage.ui +++ b/retroshare-gui/src/gui/settings/CryptoPage.ui @@ -14,7 +14,7 @@ - 0 + 1 @@ -541,7 +541,7 @@ - + 0 0 @@ -569,6 +569,9 @@ + + <html><head/><body><p>This option includes all signatures of your profile key. Signatures are not mandatory, but only a way to express your trust in some particular profile.</p></body></html> + Include signatures @@ -576,6 +579,9 @@ + + <html><head/><body><p>The short format only contains the profile fingerprint, and authentication is based on the node ID (ID of the SSL key). If you choose the old (long) format, the certificate includes the full profile public key. There is no fundamental difference between making friends with either method, because the public profile keys will be exchanged and checked w.r.t. the fingerprint after connection.</p></body></html> + Short format @@ -601,7 +607,7 @@ - Save Key into a file + <html><head/><body><p>Saves your profile key pair into a file. This allows you to create a new node for the same profile, by importing this key pair on a different computer. Friends who already accept connections from you will automatically accept connections from that new node after you add them yourself. Your key is exported encrypted and you will need your login password to create a new profile.</p></body></html> Save certificate to file