More, but more subdued, rampaging for next release

app/mbedtls/app/espconn_mbedtls.c

@@ -458,17 +458,12 @@ espconn_mbedtls_parse(mbedtls_msg *msg, mbedtls_auth_type auth_type, const uint8
 	switch (auth_type) {
 	case ESPCONN_CERT_AUTH:
 		ret = mbedtls_x509_crt_parse(&msg->psession->cacert, buf, len);
-		lwIP_REQUIRE_NOERROR(ret, exit);
-		mbedtls_ssl_conf_authmode(&msg->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
-		mbedtls_ssl_conf_ca_chain(&msg->conf, &msg->psession->cacert, NULL);
 		break;
 	case ESPCONN_CERT_OWN:
 		ret = mbedtls_x509_crt_parse(&msg->psession->clicert, buf, len);
 		break;
 	case ESPCONN_PK:
 		ret = mbedtls_pk_parse_key(&msg->psession->pkey, buf, len, NULL, 0);
-		lwIP_REQUIRE_NOERROR(ret, exit);
-		ret = mbedtls_ssl_conf_own_cert(&msg->conf, &msg->psession->clicert, &msg->psession->pkey);
 		break;
 	default:
 		return false;
@@ -509,8 +504,9 @@ nodemcu_tls_cert_get(mbedtls_msg *msg, mbedtls_auth_type auth_type)
 		return 0;
 	}
 
-	if (cbref == LUA_NOREF)
+	if (cbref == LUA_NOREF) {
 		return 0;
+	}
 
 	lua_State *L = lua_getstate();
 
@@ -522,8 +518,8 @@ nodemcu_tls_cert_get(mbedtls_msg *msg, mbedtls_auth_type auth_type)
 			lua_pop(L, 1); /* pcall will have pushed an error message */
 			return -1;
 		}
-		if (lua_isnil(L, -1)) {
-			/* nil return; stop iteration */
+		if (lua_isnil(L, -1) || (lua_isboolean(L,-1) && lua_toboolean(L,-1) == false)) {
+			/* nil or false return; stop iteration */
 			lua_pop(L, 1);
 			break;
 		}
@@ -562,14 +558,6 @@ static bool mbedtls_msg_info_load(mbedtls_msg *msg, mbedtls_auth_type auth_type)
 	size_t load_len = 0;
 	file_param file_param;
 
-	/* Override with Lua callbacks, if registered */
-	switch(nodemcu_tls_cert_get(msg, auth_type)) {
-	case -1:
-		return false;
-	case 1:
-		return true;
-	}
-
 	bzero(&file_param, sizeof(file_param));
 
 again:
@@ -629,41 +617,75 @@ static bool mbedtls_msg_config(mbedtls_msg *msg)
 	bool load_flag = false;
 	int ret = ESPCONN_OK;
 
+	/* Load upstream default configs */
+	ret = mbedtls_ssl_config_defaults(&msg->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
+	lwIP_REQUIRE_NOERROR(ret, exit);
+
+	ret = mbedtls_ssl_setup(&msg->ssl, &msg->conf);
+	lwIP_REQUIRE_NOERROR(ret, exit);
+
 	/*Initialize the RNG and the session data*/
 	ret = mbedtls_ctr_drbg_seed(&msg->ctr_drbg, mbedtls_entropy_func, &msg->entropy, "client", 6);
 	lwIP_REQUIRE_NOERROR(ret, exit);
 
 	/*Load the certificate and private RSA key*/
-	if (ssl_client_options.cert_req_sector.flag
-       || (ssl_client_options.cert_auth_callback != LUA_NOREF)) {
-
+	ret = 0;
+	if (ssl_client_options.cert_auth_callback != LUA_NOREF) {
+		ret = nodemcu_tls_cert_get(msg, ESPCONN_PK);
+		switch(ret) {
+			case 0: break;
+			case -1: ret = ESPCONN_ABRT; goto exit;
+			case 1: switch(nodemcu_tls_cert_get(msg, ESPCONN_CERT_OWN)) {
+				case -1: ret = ESPCONN_ABRT; goto exit;
+				case 0: break;
+				case 1:
+					ret = mbedtls_ssl_conf_own_cert(&msg->conf, &msg->psession->clicert, &msg->psession->pkey);
+					lwIP_REQUIRE_ACTION(ret == 0, exit, ret = ESPCONN_ABRT);
+			}
+		}
+	}
+	if (ret == 0 && ssl_client_options.cert_req_sector.flag) {
 		load_flag = mbedtls_msg_info_load(msg, ESPCONN_CERT_OWN);
 		lwIP_REQUIRE_ACTION(load_flag, exit, ret = ESPCONN_MEM);
 		load_flag = mbedtls_msg_info_load(msg, ESPCONN_PK);
 		lwIP_REQUIRE_ACTION(load_flag, exit, ret = ESPCONN_MEM);
+		ret = mbedtls_ssl_conf_own_cert(&msg->conf, &msg->psession->clicert, &msg->psession->pkey);
+		lwIP_REQUIRE_ACTION(ret == 0, exit, ret = ESPCONN_ABRT);
 	}
 
+	ret = 0;
+
 	/*Load the trusted CA*/
-	if(ssl_client_options.cert_ca_sector.flag
-       || (ssl_client_options.cert_verify_callback != LUA_NOREF)) {
+
+	if (ssl_client_options.cert_verify_callback != LUA_NOREF) {
+		ret = nodemcu_tls_cert_get(msg, ESPCONN_CERT_AUTH);
+	   switch(ret) {
+			case 0: break;
+			case -1: ret = ESPCONN_ABRT; goto exit;
+			case 1:
+				mbedtls_ssl_conf_authmode(&msg->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+				mbedtls_ssl_conf_ca_chain(&msg->conf, &msg->psession->cacert, NULL);
+				break;
+		}
+	}
+	if(ret == 0 && ssl_client_options.cert_ca_sector.flag) {
 		load_flag = mbedtls_msg_info_load(msg, ESPCONN_CERT_AUTH);
 		lwIP_REQUIRE_ACTION(load_flag, exit, ret = ESPCONN_MEM);
+		mbedtls_ssl_conf_authmode(&msg->conf, MBEDTLS_SSL_VERIFY_REQUIRED);
+		mbedtls_ssl_conf_ca_chain(&msg->conf, &msg->psession->cacert, NULL);
+	} else if (ret == 0) {
+		/*
+		 * OPTIONAL is not optimal for security, but makes interop easier in this session
+		 * This gets overridden below if appropriate.
+		 */
+		mbedtls_ssl_conf_authmode(&msg->conf, MBEDTLS_SSL_VERIFY_NONE);
 	}
 
-	/*Setup the stuff*/
-	ret = mbedtls_ssl_config_defaults(&msg->conf, MBEDTLS_SSL_IS_CLIENT, MBEDTLS_SSL_TRANSPORT_STREAM, MBEDTLS_SSL_PRESET_DEFAULT);
-	lwIP_REQUIRE_NOERROR(ret, exit);
+	ret = 0;
 
-	/*OPTIONAL is not optimal for security, but makes interop easier in this session*/
-	if (ssl_client_options.cert_ca_sector.flag == false) {
-		mbedtls_ssl_conf_authmode(&msg->conf, MBEDTLS_SSL_VERIFY_NONE);
-	}
 	mbedtls_ssl_conf_rng(&msg->conf, mbedtls_ctr_drbg_random, &msg->ctr_drbg);
 	mbedtls_ssl_conf_dbg(&msg->conf, mbedtls_dbg, NULL);
 
-	ret = mbedtls_ssl_setup(&msg->ssl, &msg->conf);
-	lwIP_REQUIRE_NOERROR(ret, exit);
-
 	mbedtls_ssl_set_bio(&msg->ssl, &msg->fd, mbedtls_net_send, mbedtls_net_recv, NULL);
 
 exit:

app/modules/file.c

@@ -88,15 +88,21 @@ static int file_on(lua_State *L)
   case ON_RTC:
     luaL_unref(L, LUA_REGISTRYINDEX, rtc_cb_ref);
 
-    if ((lua_type(L, 2) == LUA_TFUNCTION) ||
-        (lua_type(L, 2) == LUA_TLIGHTFUNCTION)) {
+    switch(lua_type(L, 2)) {
+    case LUA_TFUNCTION:
+    case LUA_TLIGHTFUNCTION:
       lua_pushvalue(L, 2);  // copy argument (func) to the top of stack
       rtc_cb_ref = luaL_ref(L, LUA_REGISTRYINDEX);
       vfs_register_rtc_cb(file_rtc_cb);
-    } else {
+      break;
+    case LUA_TNIL:
       rtc_cb_ref = LUA_NOREF;
       vfs_register_rtc_cb(NULL);
+      break;
+    default:
+      luaL_error(L, "Callback should be function or nil");
     }
+
     break;
   default:
     break;

app/modules/mqtt.c

@@ -1037,10 +1037,11 @@ static int mqtt_delete( lua_State* L )
   mud->cb_unsuback_ref = LUA_NOREF;
   luaL_unref(L, LUA_REGISTRYINDEX, mud->cb_puback_ref);
   mud->cb_puback_ref = LUA_NOREF;
-  lua_gc(L, LUA_GCSTOP, 0);
-  luaL_unref(L, LUA_REGISTRYINDEX, mud->self_ref);
+
+  int selfref = mud->self_ref;
   mud->self_ref = LUA_NOREF;
-  lua_gc(L, LUA_GCRESTART, 0);
+  luaL_unref(L, LUA_REGISTRYINDEX, mud->self_ref);
+
   NODE_DBG("leave mqtt_delete.\n");
   return 0;
 }
@@ -1208,7 +1209,6 @@ static int mqtt_socket_connect( lua_State* L )
     lua_pushvalue(L, stack);  // copy argument (func) to the top of stack
     luaL_unref(L, LUA_REGISTRYINDEX, mud->cb_connect_fail_ref);
     mud->cb_connect_fail_ref = luaL_ref(L, LUA_REGISTRYINDEX);
-    stack++;
   }
 
   lua_pushvalue(L, 1);  // copy userdata to the top of stack
@@ -1758,7 +1758,6 @@ LROT_BEGIN(mqtt)
   LROT_NUMENTRY( CONNACK_REFUSED_BAD_USER_OR_PASS, MQTT_CONNACK_REFUSED_BAD_USER_OR_PASS )
   LROT_NUMENTRY( CONNACK_REFUSED_NOT_AUTHORIZED, MQTT_CONNACK_REFUSED_NOT_AUTHORIZED )
 
-  LROT_TABENTRY( __metatable, mqtt )
 LROT_END( mqtt, mqtt, 0 )
 
 

app/modules/net.c

@@ -110,6 +110,7 @@ lnet_userdata *net_create( lua_State *L, enum net_type type ) {
       ud->client.cb_reconnect_ref = LUA_NOREF;
       ud->client.cb_disconnect_ref = LUA_NOREF;
       ud->client.hold = 0;
+      /* FALLTHROUGH */
     case TYPE_UDP_SOCKET:
       ud->client.wait_dns = 0;
       ud->client.cb_dns_ref = LUA_NOREF;
@@ -141,10 +142,9 @@ static void net_err_cb(void *arg, err_t err) {
     lua_call(L, 2, 0);
   }
   if (ud->client.wait_dns == 0) {
-    lua_gc(L, LUA_GCSTOP, 0);
-    luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
+    int selfref = ud->self_ref;
     ud->self_ref = LUA_NOREF;
-    lua_gc(L, LUA_GCRESTART, 0);
+    luaL_unref(L, LUA_REGISTRYINDEX, selfref);
   }
 }
 
@@ -188,10 +188,9 @@ static void net_dns_cb(const char *name, ip_addr_t *ipaddr, void *arg) {
   if (ud->pcb && ud->type == TYPE_TCP_CLIENT && ud->tcp_pcb->state == CLOSED) {
     tcp_connect(ud->tcp_pcb, &addr, ud->tcp_pcb->remote_port, net_connected_cb);
   } else if (!ud->pcb && ud->client.wait_dns == 0) {
-    lua_gc(L, LUA_GCSTOP, 0);
-    luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
+    int selfref = ud->self_ref;
     ud->self_ref = LUA_NOREF;
-    lua_gc(L, LUA_GCRESTART, 0);
+    luaL_unref(L, LUA_REGISTRYINDEX, selfref);
   }
 }
 
@@ -741,10 +740,10 @@ int net_close( lua_State *L ) {
   }
   if (ud->type == TYPE_TCP_SERVER ||
      (ud->pcb == NULL && ud->client.wait_dns == 0)) {
-//    lua_gc(L, LUA_GCSTOP, 0);
-    luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
+
+    int selfref = ud->self_ref;
     ud->self_ref = LUA_NOREF;
-//    lua_gc(L, LUA_GCRESTART, 0);
+    luaL_unref(L, LUA_REGISTRYINDEX, selfref);
   }
 #if 0
   dbg_print_ud("close exit", ud);
@@ -793,10 +792,10 @@ int net_delete( lua_State *L ) {
       ud->server.cb_accept_ref = LUA_NOREF;
       break;
   }
-//  lua_gc(L, LUA_GCSTOP, 0);
-  luaL_unref(L, LUA_REGISTRYINDEX, ud->self_ref);
+
+  int selfref = ud->self_ref;
   ud->self_ref = LUA_NOREF;
-//  lua_gc(L, LUA_GCRESTART, 0);
+  luaL_unref(L, LUA_REGISTRYINDEX, selfref);
 #if 0
   dbg_print_ud("delete end", ud);
 #endif
@@ -858,12 +857,19 @@ static void net_dns_static_cb(const char *name, ip_addr_t *ipaddr, void *callbac
   if (ipaddr != NULL)
     addr = *ipaddr;
   else addr.addr = 0xFFFFFFFF;
-  int cb_ref = ((int*)callback_arg)[0];
-  free(callback_arg);
+  int cb_ref = (int)callback_arg;
   lua_State *L = lua_getstate();
 
+  /*
+   * Move reference from registry to stack before the call could possibly
+   * longjmp us out of here.
+   */
   lua_rawgeti(L, LUA_REGISTRYINDEX, cb_ref);
+  luaL_unref(L, LUA_REGISTRYINDEX, cb_ref);
+
+  // XXX I have no idea why the API insists on a `nil` here, but it does.
   lua_pushnil(L);
+
   if (addr.addr != 0xFFFFFFFF) {
     char iptmp[20];
     size_t ipl = sprintf(iptmp, IPSTR, IP2STR(&addr.addr));
@@ -872,8 +878,6 @@ static void net_dns_static_cb(const char *name, ip_addr_t *ipaddr, void *callbac
     lua_pushnil(L);
   }
   lua_call(L, 2, 0);
-
-  luaL_unref(L, LUA_REGISTRYINDEX, cb_ref);
 }
 
 // Lua: net.dns.resolve( domain, function(sk, ip) )
@@ -884,25 +888,25 @@ static int net_dns_static( lua_State* L ) {
     return luaL_error(L, "wrong domain");
   }
 
+  /* Register callback with registry */
   luaL_checkanyfunction(L, 2);
-  lua_pushvalue(L, 2);  // copy argument (func) to the top of stack
+  lua_pushvalue(L, 2);
   int cbref = luaL_ref(L, LUA_REGISTRYINDEX);
-  if (cbref == LUA_NOREF) {
-    return luaL_error(L, "wrong callback");
-  }
-  int *cbref_ptr = calloc(1, sizeof(int));
-  cbref_ptr[0] = cbref;
   ip_addr_t addr;
-  err_t err = dns_gethostbyname(domain, &addr, net_dns_static_cb, cbref_ptr);
+
+  _Static_assert(sizeof(void *) >= sizeof(typeof(cbref)),
+                 "Can't upcast int to ptr");
+
+  err_t err = dns_gethostbyname(domain, &addr, net_dns_static_cb, (void *)cbref);
   if (err == ERR_OK) {
-    net_dns_static_cb(domain, &addr, cbref_ptr);
+    net_dns_static_cb(domain, &addr, (void *)cbref);
     return 0;
   } else if (err == ERR_INPROGRESS) {
     return 0;
   } else {
-    int e = lwip_lua_checkerr(L, err);
-    free(cbref_ptr);
-    return e;
+    /* Bail out!  Unhook callback from registry, first */
+    luaL_unref(L, LUA_REGISTRYINDEX, cbref);
+    return lwip_lua_checkerr(L, err);
   }
   return 0;
 }
@@ -1060,7 +1064,6 @@ LROT_BEGIN(net)
   LROT_FUNCENTRY( multicastJoin, net_multicastJoin )
   LROT_FUNCENTRY( multicastLeave, net_multicastLeave )
   LROT_TABENTRY( dns, net_dns )
-  LROT_TABENTRY( __metatable, net )
 LROT_END( net, net, 0 )
 
 

app/modules/tls.c

@@ -641,7 +641,6 @@ LROT_END( tls_socket, tls_socket, 0 )
 LROT_PUBLIC_BEGIN(tls_cert)
   LROT_FUNCENTRY( verify, tls_cert_verify )
   LROT_FUNCENTRY( auth, tls_cert_auth )
-  LROT_TABENTRY( __index, tls_cert )
 LROT_END( tls_cert, tls_cert, 0 )
 
 
@@ -651,7 +650,6 @@ LROT_BEGIN(tls)
   LROT_FUNCENTRY( setDebug, tls_set_debug_threshold )
 #endif
   LROT_TABENTRY( cert, tls_cert )
-  LROT_TABENTRY( __metatable, tls )
 LROT_END( tls, tls, 0 )
 
 

app/modules/wifi.c

@@ -1909,7 +1909,6 @@ LROT_BEGIN(wifi_ap)
   LROT_FUNCENTRY( getconfig, wifi_ap_getconfig_current )
   LROT_FUNCENTRY( getdefaultconfig, wifi_ap_getconfig_default )
   LROT_TABENTRY( dhcp, wifi_ap_dhcp )
-//  LROT_TABENTRY( __metatable, wifi_ap )
 LROT_END( wifi_ap, wifi_ap, 0 )
 
 
@@ -1969,7 +1968,6 @@ LROT_BEGIN(wifi)
   LROT_NUMENTRY( COUNTRY_AUTO, WIFI_COUNTRY_POLICY_AUTO )
   LROT_NUMENTRY( COUNTRY_MANUAL, WIFI_COUNTRY_POLICY_MANUAL )
 
-  LROT_TABENTRY( __metatable, wifi )
 LROT_END( wifi, wifi, 0 )
 
 

docs/modules/file.md

@@ -222,7 +222,7 @@ Trigger events are:
 
 #### Parameters
 - `event` string
-- `function()` callback function. Unregisters the callback if `function()` is omitted.
+- `function()` callback function. Unregisters the callback if `function()` is omitted or `nil`.
 
 #### Returns
 `nil`

docs/modules/net.md

@@ -597,13 +597,8 @@ Resolve a hostname to an IP address. Doesn't require a socket like [`net.socket.
 - `host` hostname to resolve
 - `function(sk, ip)` callback called when the name was resolved. `sk` is always `nil`
 
-There is at most one callback for all `net.dns.resolve()` requests at any time;
-all resolution results are sent to the most recent callback specified at time
-of receipt!  If multiple DNS callbacks are needed, associate them with separate
-sockets using [`net.socket:dns()`](#netsocketdns).
-
 #### Returns
-`nil`
+`nil` but may raise errors for severe network stack issues (e.g., out of DNS query table slots)
 
 #### Example
 ```lua