Merge pull request #17 from jwinarske/jw/flatpak

Fix reliability, security, and correctness issues across codebase

Author: jwinarske

CMakeLists.txt

@@ -57,6 +57,7 @@ message(STATUS "libudev ................ found (version ${UDEV_VERSION})")
 add_subdirectory(src/avahi)
 add_subdirectory(src/bluez)
 add_subdirectory(src/connman)
+add_subdirectory(src/flatpak)
 add_subdirectory(src/fwupd)
 add_subdirectory(src/geoclue2)
 add_subdirectory(src/hostname1)

src/avahi/main.cc

@@ -31,7 +31,7 @@ int main() {
     LOG_INFO("Local Service Cookie: {}", server.GetLocalServiceCookie());
     LOG_INFO("State: {}", server.GetState());
     LOG_INFO("Version: {}", server.GetVersionString());
-    LOG_INFO("NSSS upport available: {}",
+    LOG_INFO("NSS Support available: {}",
              server.IsNSSSupportAvailable() ? "Yes" : "No");
   }
 

src/bluez/hidraw.hpp

@@ -30,7 +30,9 @@
 #include <linux/input.h>
 #include <linux/types.h>
 
-#include <spdlog/spdlog.h>
+#include <cctype>
+
+#include "../utils/logging.h"
 
 #include "hexdump.hpp"
 
@@ -150,26 +152,26 @@ class Hidraw {
     // Use RAII wrapper for automatic cleanup
     const UdevPtr udev(udev_new());
     if (!udev) {
-      spdlog::error("Can't create udev");
+      LOG_ERROR("Can't create udev");
       return results;  // Safe - RAII cleans up automatically
     }
 
     // Use RAII wrapper for enumerating
     const UdevEnumeratePtr enumerate(udev_enumerate_new(udev.get()));
     if (!enumerate) {
-      spdlog::error("Can't create udev enumerate");
+      LOG_ERROR("Can't create udev enumerate");
       return results;  // Safe - both RAII objects clean up
     }
 
     if (const int res = udev_enumerate_add_match_subsystem(enumerate.get(),
                                                            sub_system.c_str());
         res < 0) {
-      spdlog::error("Failed to add subsystem match: {}", sub_system);
+      LOG_ERROR("Failed to add subsystem match: {}", sub_system);
       return results;  // Safe - RAII cleanup
     }
 
     if (const int res = udev_enumerate_scan_devices(enumerate.get()); res < 0) {
-      spdlog::error("Failed to scan devices");
+      LOG_ERROR("Failed to scan devices");
       return results;  // Safe - RAII cleanup
     }
 
@@ -186,7 +188,7 @@ class Hidraw {
       // Use RAII wrapper for a device
       UdevDevicePtr dev(udev_device_new_from_syspath(udev.get(), path));
       if (!dev) {
-        spdlog::debug("Failed to get device from syspath: {}", path);
+        LOG_DEBUG("Failed to get device from syspath: {}", path);
         continue;  // Skip this device, continue with others
       }
 
@@ -201,7 +203,7 @@ class Hidraw {
               udev_device_get_property_value(dev.get(), properties_name);
           properties[properties_name] = value ? value : "";
           if (debug) {
-            spdlog::debug("  {} = {}", properties_name, value ? value : "");
+            LOG_DEBUG("  {} = {}", properties_name, value ? value : "");
           }
         }
       }
@@ -262,19 +264,21 @@ class Hidraw {
         if (compare_subsystem_device_paths(input_path, hidraw_path)) {
           if (hidraw_properties.contains(DEV_NAME)) {
             const auto& hidraw_dev_name = hidraw_properties.at(DEV_NAME);
+            if (!input_properties.contains("UNIQ")) {
+              continue;
+            }
             auto serial_number = input_properties.at("UNIQ");
             const auto dev_key =
                 create_device_key_from_serial_number(serial_number);
-            spdlog::info(
-                "Associated input device path: {} with hidraw device: {}",
-                input_path, hidraw_dev_name);
+            LOG_INFO("Associated input device path: {} with hidraw device: {}",
+                     input_path, hidraw_dev_name);
             devices_[dev_key] = hidraw_dev_name;
           }
         }
       }
     }
     for (const auto& value : devices_ | std::views::values) {
-      spdlog::debug("hidraw device: {}", value);
+      LOG_DEBUG("hidraw device: {}", value);
     }
     return true;
   }
@@ -327,18 +331,18 @@ class Hidraw {
 
     // Validate that both substrings were found
     if (input_pos == std::string::npos) {
-      spdlog::debug("Path does not contain '/input': {}", input_path);
+      LOG_DEBUG("Path does not contain '/input': {}", input_path);
       return false;
     }
 
     if (hidraw_pos == std::string::npos) {
-      spdlog::debug("Path does not contain '/hidraw': {}", hidraw_path);
+      LOG_DEBUG("Path does not contain '/hidraw': {}", hidraw_path);
       return false;
     }
 
     // Ensure the positions are after the prefix
     if (input_pos < prefix.size() || hidraw_pos < prefix.size()) {
-      spdlog::debug("Invalid path structure - subsystem before prefix");
+      LOG_DEBUG("Invalid path structure - subsystem before prefix");
       return false;
     }
 
@@ -366,7 +370,7 @@ class Hidraw {
 
     // Convert to uppercase
     std::ranges::transform(converted_serial, converted_serial.begin(),
-                           ::toupper);
+                           [](unsigned char c) { return std::toupper(c); });
 
     // Replace ':' with '_'
     std::ranges::replace(converted_serial, ':', '_');

src/bluez/horipad_steam/horipad_steam.cc

@@ -45,8 +45,10 @@ HoripadSteam::HoripadSteam(sdbus::IConnection& connection)
                               sub_system ? sub_system : "");
                     if (std::strcmp(sub_system, "hidraw") == 0) {
                       if (std::strcmp(action, "remove") == 0) {
-                        input_reader_->stop();
-                        input_reader_.reset();
+                        if (input_reader_) {
+                          input_reader_->stop();
+                          input_reader_.reset();
+                        }
                       }
                       if (!get_hidraw_devices(input_match_params_bt)) {
                         get_hidraw_devices(input_match_params_usb);

src/bluez/horipad_steam/input_reader.cc

@@ -94,6 +94,12 @@ InputReader::Task InputReader::read_input() {
     }
     LOG_INFO("Report Descriptor Size: {}", desc_size);
 
+    if (desc_size < 0 ||
+        static_cast<unsigned>(desc_size) > HID_MAX_DESCRIPTOR_SIZE) {
+      LOG_ERROR("Invalid report descriptor size: {}", desc_size);
+      break;
+    }
+
     // Report Descriptor
     hidraw_report_descriptor rpt_desc{};
     rpt_desc.size = desc_size;

src/bluez/horipad_steam/input_reader.h

@@ -15,8 +15,6 @@
 #ifndef SRC_BLUEZ_XBOX_CONTROLLER_INPUT_READER_HPP_
 #define SRC_BLUEZ_XBOX_CONTROLLER_INPUT_READER_HPP_
 
-#include "horipad_stream_01ab_0196.h"
-
 #include <atomic>
 #include <coroutine>
 

src/bluez/ps5_dual_sense/dual_sense.cc

@@ -14,6 +14,8 @@
 
 #include "dual_sense.h"
 
+#include <cctype>
+
 #include "../../utils/property_utils.h"
 #include "../../utils/resource_limits.h"
 
@@ -42,8 +44,10 @@ DualSense::DualSense(sdbus::IConnection& connection)
                               sub_system ? sub_system : "");
                     if (std::strcmp(sub_system, "hidraw") == 0) {
                       if (std::strcmp(action, "remove") == 0) {
-                        input_reader_->stop();
-                        input_reader_.reset();
+                        if (input_reader_) {
+                          input_reader_->stop();
+                          input_reader_.reset();
+                        }
                       }
                       if (!get_hidraw_devices(input_match_bt)) {
                         get_hidraw_devices(input_match_usb);
@@ -250,7 +254,8 @@ std::string DualSense::convert_mac_to_path(const std::string& mac_address) {
       "/org/freedesktop/UPower/devices/battery_ps_controller_battery_";
   std::string converted_mac = mac_address;
   std::ranges::replace(converted_mac, ':', 'o');
-  std::ranges::transform(converted_mac, converted_mac.begin(), ::tolower);
+  std::ranges::transform(converted_mac, converted_mac.begin(),
+                         [](unsigned char c) { return std::tolower(c); });
   result += converted_mac;
   return result;
 }

src/bluez/ps5_dual_sense/input_reader.cc

@@ -95,6 +95,12 @@ InputReader::Task InputReader::read_input() {
     }
     LOG_INFO("Report Descriptor Size: {}", desc_size);
 
+    if (desc_size < 0 ||
+        static_cast<unsigned>(desc_size) > HID_MAX_DESCRIPTOR_SIZE) {
+      LOG_ERROR("Invalid report descriptor size: {}", desc_size);
+      break;
+    }
+
     // Report Descriptor
     hidraw_report_descriptor rpt_desc{};
     rpt_desc.size = desc_size;

src/bluez/udev_monitor.hpp

@@ -29,7 +29,7 @@
 #include <sys/epoll.h>
 #include <unistd.h>
 
-#include <spdlog/spdlog.h>
+#include "../utils/logging.h"
 
 // ---------------------------------------------------------------------------
 // RAII wrappers for libudev handles
@@ -72,8 +72,7 @@ class UdevMonitor {
                   callback)
       : sub_systems_(std::move(sub_systems)), callback_(callback) {
     if (pipe(pipe_fds_) == -1) {
-      spdlog::error("Failed to create pipe: {} ({})", std::strerror(errno),
-                    errno);
+      LOG_ERROR("Failed to create pipe: {} ({})", std::strerror(errno), errno);
       pipe_fds_[0] = -1;
       pipe_fds_[1] = -1;
       return;
@@ -125,8 +124,8 @@ class UdevMonitor {
     // Signal the worker thread to exit
     if (pipe_fds_[1] != -1) {
       if (const ssize_t wrote = write(pipe_fds_[1], "x", 1); wrote == -1) {
-        spdlog::error("Failed to write to stop pipe: {} ({})",
-                      std::strerror(errno), errno);
+        LOG_ERROR("Failed to write to stop pipe: {} ({})", std::strerror(errno),
+                  errno);
       }
     }
   }
@@ -142,15 +141,15 @@ class UdevMonitor {
     // RAII: udev context — automatically udev_unref'd on scope exit
     const UdevPtr udev(udev_new());
     if (!udev) {
-      spdlog::error("Failed to create udev context");
+      LOG_ERROR("Failed to create udev context");
       is_running_ = false;
       return;
     }
 
     // RAII: udev monitor — automatically udev_monitor_unref'd on scope exit
     const UdevMonitorPtr mon(udev_monitor_new_from_netlink(udev.get(), "udev"));
     if (!mon) {
-      spdlog::error("Failed to create udev monitor");
+      LOG_ERROR("Failed to create udev monitor");
       is_running_ = false;
       return;
     }
@@ -159,7 +158,7 @@ class UdevMonitor {
       if (int res = udev_monitor_filter_add_match_subsystem_devtype(
               mon.get(), sub_system.c_str(), nullptr);
           res != 0) {
-        spdlog::error(
+        LOG_ERROR(
             "udev_monitor_filter_add_match_subsystem_devtype failed on {} = {}",
             sub_system, res);
       }
@@ -170,8 +169,7 @@ class UdevMonitor {
     // RAII: epoll fd — automatically closed on scope exit
     const EpollFd epoll_fd(epoll_create1(0));
     if (!epoll_fd.valid()) {
-      spdlog::error("Failed to create epoll: {} ({})", std::strerror(errno),
-                    errno);
+      LOG_ERROR("Failed to create epoll: {} ({})", std::strerror(errno), errno);
       is_running_ = false;
       return;
     }
@@ -180,16 +178,16 @@ class UdevMonitor {
     ev.events = EPOLLIN;
     ev.data.fd = fd;
     if (epoll_ctl(epoll_fd.get(), EPOLL_CTL_ADD, fd, &ev) == -1) {
-      spdlog::error("Failed to add udev fd to epoll: {} ({})",
-                    std::strerror(errno), errno);
+      LOG_ERROR("Failed to add udev fd to epoll: {} ({})", std::strerror(errno),
+                errno);
       is_running_ = false;
       return;
     }
 
     ev.data.fd = pipe_fds_[0];
     if (epoll_ctl(epoll_fd.get(), EPOLL_CTL_ADD, pipe_fds_[0], &ev) == -1) {
-      spdlog::error("Failed to add pipe fd to epoll: {} ({})",
-                    std::strerror(errno), errno);
+      LOG_ERROR("Failed to add pipe fd to epoll: {} ({})", std::strerror(errno),
+                errno);
       is_running_ = false;
       return;
     }
@@ -202,14 +200,13 @@ class UdevMonitor {
         if (errno == EINTR) {
           continue;  // Interrupted by signal, retry
         }
-        spdlog::error("epoll_wait failed: {} ({})", std::strerror(errno),
-                      errno);
+        LOG_ERROR("epoll_wait failed: {} ({})", std::strerror(errno), errno);
         break;
       }
 
       for (int n = 0; n < triggered_event_count; ++n) {
         if (events[n].data.fd == pipe_fds_[0]) {
-          spdlog::info("Pipe was written to, exiting the loop");
+          LOG_INFO("Pipe was written to, exiting the loop");
           is_running_ = false;
           break;
         }
@@ -225,7 +222,7 @@ class UdevMonitor {
               if (action && subsystem) {
                 callback_(action, devnode, subsystem);
               } else {
-                spdlog::debug(
+                LOG_DEBUG(
                     "Skipping callback for device with missing properties: "
                     "action={}, devnode={}, subsystem={}",
                     action ? action : "null", devnode ? devnode : "null",
@@ -239,7 +236,7 @@ class UdevMonitor {
     }
 
     // All resources (epoll_fd, mon, udev) are released by their destructors.
-    spdlog::debug("UdevMonitor worker thread exiting");
+    LOG_DEBUG("UdevMonitor worker thread exiting");
   }
 };
 

src/bluez/xbox_controller/input_reader.cc

@@ -95,6 +95,12 @@ InputReader::Task InputReader::read_input() {
     }
     LOG_INFO("Report Descriptor Size: {}", desc_size);
 
+    if (desc_size < 0 ||
+        static_cast<unsigned>(desc_size) > HID_MAX_DESCRIPTOR_SIZE) {
+      LOG_ERROR("Invalid report descriptor size: {}", desc_size);
+      break;
+    }
+
     // Report Descriptor
     hidraw_report_descriptor rpt_desc{};
     rpt_desc.size = desc_size;