zeroc-ice 3.8.0 → 3.8.2

data/dist/ice/cpp/src/Ice/OutputStream.cpp

@@ -68,6 +68,10 @@ Ice::OutputStream::OutputStream(
       _format(format),
       _currentEncaps(nullptr)
 {
+    if (!_wstringConverter)
+    {
+        _wstringConverter = getProcessWstringConverter();
+    }
 }
 
 Ice::OutputStream::OutputStream(
@@ -85,6 +89,11 @@ Ice::OutputStream::OutputStream(
       _currentEncaps(nullptr)
 {
     b.reset();
+
+    if (!_wstringConverter)
+    {
+        _wstringConverter = getProcessWstringConverter();
+    }
 }
 
 Ice::OutputStream::OutputStream(const CommunicatorPtr& communicator, EncodingVersion encoding)
@@ -104,6 +113,7 @@ Ice::OutputStream::OutputStream(Instance* instance, EncodingVersion encoding)
           instance->getStringConverter(),
           instance->getWstringConverter())
 {
+    assert(_wstringConverter);
 }
 
 Ice::OutputStream::OutputStream(OutputStream&& other) noexcept
@@ -116,6 +126,7 @@ Ice::OutputStream::OutputStream(OutputStream&& other) noexcept
       _currentEncaps(other._currentEncaps)
 {
     // Reset other to its default state.
+    other._wstringConverter = getProcessWstringConverter();
     other._closure = nullptr;
     other._encoding = Encoding_1_1;
     other._format = FormatType::CompactFormat;
@@ -140,6 +151,7 @@ Ice::OutputStream::operator=(OutputStream&& other) noexcept
         _currentEncaps = other._currentEncaps;
 
         // Reset other to its default state.
+        other._wstringConverter = getProcessWstringConverter();
         other._closure = nullptr;
         other._encoding = Encoding_1_1;
         other._format = FormatType::CompactFormat;
@@ -703,80 +715,54 @@ Ice::OutputStream::write(const char*)
 void
 Ice::OutputStream::writeConverted(const char* vdata, size_t vsize)
 {
+    if (!_stringConverter)
+    {
+        // No converter installed; write the string as-is (assumed to be UTF-8 already).
+        writeSize(static_cast<int32_t>(vsize));
+        Container::size_type position = b.size();
+        resize(position + vsize);
+        memcpy(&b[position], vdata, vsize);
+        return;
+    }
+
     //
-    // What is the size of the resulting UTF-8 encoded string?
-    // Impossible to tell, so we guess. If we don't guess correctly,
-    // we'll have to fix the mistake afterwards
+    // Convert the narrow string to UTF-8 using the string converter and write the result to the stream.
+    //
+    // The worst-case expansion for converting a narrow string to UTF-8 is 3x (e.g., a single byte in Shift_JIS can
+    // expand to 3 bytes in UTF-8). We use this upper bound to decide the size encoding:
+    //  - If vsize <= 254 / 3 (84), the converted string is at most 252 bytes, which always fits in a 1-byte size.
+    //  - Otherwise, we use the 5-byte size encoding to avoid guessing and memmove fixups.
     //
     try
     {
-        auto guessedSize = static_cast<int32_t>(vsize);
-        writeSize(guessedSize); // writeSize() only writes the size; it does not reserve any buffer space.
-
-        size_t firstIndex = b.size();
-        StreamUTF8BufferI buffer(*this);
-
-        byte* lastByte = nullptr;
-        bool converted = false;
-
-        StringConverterPtr stringConverter = _stringConverter;
-        if (!stringConverter)
+        if (vsize <= 254 / 3)
         {
-            stringConverter = getProcessStringConverter();
-        }
-        if (stringConverter)
-        {
-            lastByte = stringConverter->toUTF8(vdata, vdata + vsize, buffer);
-            converted = true;
-        }
+            // The maximum UTF-8 size is vsize * 3 <= 252, which fits in a 1-byte size encoding.
+            auto sizePos = startOneByteSize();
 
-        if (!converted)
-        {
-            Container::size_type position = b.size();
-            resize(position + vsize);
-            memcpy(&b[position], vdata, vsize);
-            return;
-        }
+            StreamUTF8BufferI buffer(*this);
+            byte* lastByte = _stringConverter->toUTF8(vdata, vdata + vsize, buffer);
+            if (lastByte != b.end())
+            {
+                resize(static_cast<size_t>(lastByte - b.begin()));
+            }
 
-        if (lastByte != b.end())
-        {
-            resize(static_cast<size_t>(lastByte - b.begin()));
+            endOneByteSize(sizePos);
         }
-        size_t lastIndex = b.size();
-
-        auto actualSize = static_cast<int32_t>(lastIndex - firstIndex);
-
-        //
-        // Check against the guess
-        //
-        if (guessedSize != actualSize)
+        else
         {
-            if (guessedSize <= 254 && actualSize > 254)
-            {
-                //
-                // Move the UTF-8 sequence 4 bytes further
-                // Use memmove instead of memcpy since the source and destination typically overlap.
-                //
-                resize(b.size() + 4);
-                memmove(b.begin() + firstIndex + 4, b.begin() + firstIndex, static_cast<size_t>(actualSize));
-            }
-            else if (guessedSize > 254 && actualSize <= 254)
-            {
-                //
-                // Move the UTF-8 sequence 4 bytes back
-                //
-                memmove(b.begin() + firstIndex - 4, b.begin() + firstIndex, static_cast<size_t>(actualSize));
-                resize(b.size() - 4);
-            }
+            // Write the first byte of the 5-byte size encoding, followed by a 4-byte size placeholder.
+            write(uint8_t(255));
+            auto sizePos = startSize();
 
-            if (guessedSize <= 254)
+            StreamUTF8BufferI buffer(*this);
+            byte* lastByte = _stringConverter->toUTF8(vdata, vdata + vsize, buffer);
+            if (lastByte != b.end())
             {
-                rewriteSize(actualSize, b.begin() + firstIndex - 1);
-            }
-            else
-            {
-                rewriteSize(actualSize, b.begin() + firstIndex - 1 - 4);
+                resize(static_cast<size_t>(lastByte - b.begin()));
             }
+
+            endSize(sizePos);
         }
     }
     catch (const Ice::IllegalConversionException& ex)
@@ -808,68 +794,47 @@ Ice::OutputStream::write(wstring_view v)
         return;
     }
 
-    //
-    // What is the size of the resulting UTF-8 encoded string?
-    // Impossible to tell, so we guess. If we don't guess correctly,
-    // we'll have to fix the mistake afterwards
-    //
-    try
-    {
-        auto guessedSize = static_cast<int32_t>(v.size());
-        writeSize(guessedSize); // writeSize() only writes the size; it does not reserve any buffer space.
+    assert(_wstringConverter);
 
-        size_t firstIndex = b.size();
-        StreamUTF8BufferI buffer(*this);
+    // The worst-case expansion for converting a wide string to UTF-8 is 3x or 4x depending on the platform.
+    const size_t factor = sizeof(wchar_t) == 2 ? 3 : 4;
 
-        byte* lastByte = nullptr;
-
-        WstringConverterPtr wstringConverter = _wstringConverter;
-        if (!wstringConverter)
+    try
+    {
+        // (252 / 3 = 84, 252 / 4 = 63)
+        if (v.size() <= 252 / factor)
         {
-            wstringConverter = getProcessWstringConverter();
-        }
-        assert(wstringConverter); // never null
-        lastByte = wstringConverter->toUTF8(v.data(), v.data() + v.size(), buffer);
+            // The maximum UTF-8 size is v.size() * factor <= 252, which fits in a 1-byte size encoding.
+            // We use this upper bound to decide the size encoding:
+            //  - If v.size() <= 252 / factor, the converted string is at most 252 bytes, which always fits in a 1-byte
+            //   size.
+            //  - Otherwise, we use the 5-byte size encoding to avoid guessing and memmove fixups.
+            auto sizePos = startOneByteSize();
+
+            StreamUTF8BufferI buffer(*this);
+            byte* lastByte = _wstringConverter->toUTF8(v.data(), v.data() + v.size(), buffer);
+            if (lastByte != b.end())
+            {
+                resize(static_cast<size_t>(lastByte - b.begin()));
+            }
 
-        if (lastByte != b.end())
-        {
-            resize(static_cast<size_t>(lastByte - b.begin()));
+            endOneByteSize(sizePos);
+            return;
         }
-        size_t lastIndex = b.size();
-
-        auto actualSize = static_cast<int32_t>(lastIndex - firstIndex);
-
-        //
-        // Check against the guess
-        //
-        if (guessedSize != actualSize)
+        else
         {
-            if (guessedSize <= 254 && actualSize > 254)
-            {
-                //
-                // Move the UTF-8 sequence 4 bytes further
-                // Use memmove instead of memcpy since the source and destination typically overlap.
-                //
-                resize(b.size() + 4);
-                memmove(b.begin() + firstIndex + 4, b.begin() + firstIndex, static_cast<size_t>(actualSize));
-            }
-            else if (guessedSize > 254 && actualSize <= 254)
-            {
-                //
-                // Move the UTF-8 sequence 4 bytes back
-                //
-                memmove(b.begin() + firstIndex - 4, b.begin() + firstIndex, static_cast<size_t>(actualSize));
-                resize(b.size() - 4);
-            }
+            // Write the first byte of the 5-byte size encoding, followed by a 4-byte size placeholder.
+            write(uint8_t(255));
+            auto sizePos = startSize();
 
-            if (guessedSize <= 254)
+            StreamUTF8BufferI buffer(*this);
+            byte* lastByte = _wstringConverter->toUTF8(v.data(), v.data() + v.size(), buffer);
+            if (lastByte != b.end())
             {
-                rewriteSize(actualSize, b.begin() + firstIndex - 1);
-            }
-            else
-            {
-                rewriteSize(actualSize, b.begin() + firstIndex - 1 - 4);
+                resize(static_cast<size_t>(lastByte - b.begin()));
             }
+
+            endSize(sizePos);
         }
     }
     catch (const Ice::IllegalConversionException& ex)

data/dist/ice/cpp/src/Ice/PropertyNames.cpp

@@ -70,6 +70,7 @@ const PropertyArray PropertyNames::ThreadPoolProps
 const Property ObjectAdapterPropsData[] =
 {
     Property{"AdapterId", "", false, false, nullptr},
+    Property{"AllowedOrigins", "", false, false, nullptr},
     Property{"Connection", "", false, false, &PropertyNames::ConnectionProps},
     Property{"Endpoints", "", false, false, nullptr},
     Property{"Locator", "", false, false, &PropertyNames::ProxyProps},
@@ -89,7 +90,7 @@ const PropertyArray PropertyNames::ObjectAdapterProps
     .prefixOnly=true,
     .isOptIn=false,
     .properties=ObjectAdapterPropsData,
-    .length=12
+    .length=13
 };
 
 const Property IcePropsData[] =
@@ -428,7 +429,7 @@ const Property IceSSLPropsData[] =
     Property{"KeyFile", "", false, false, nullptr},
     Property{"Password", "", false, false, nullptr},
     Property{"RevocationCheck", "0", false, false, nullptr},
-    Property{"RevocationCheckCacheOnly", "0", false, false, nullptr},
+    Property{"RevocationCheckCacheOnly", "1", false, false, nullptr},
     Property{"Trace.Security", "0", false, false, nullptr},
     Property{"TrustOnly", "", false, false, nullptr},
     Property{"TrustOnly.Client", "", false, false, nullptr},

data/dist/ice/cpp/src/Ice/ProxyFunctions.cpp

@@ -53,8 +53,8 @@ Ice::proxyIdentityAndFacetLess(const optional<ObjectPrx>& lhs, const optional<Ob
 {
     if (lhs && rhs)
     {
-        Identity lhsIdentity = lhs->ice_getIdentity();
-        Identity rhsIdentity = rhs->ice_getIdentity();
+        const Identity& lhsIdentity = lhs->ice_getIdentity();
+        const Identity& rhsIdentity = rhs->ice_getIdentity();
 
         if (lhsIdentity < rhsIdentity)
         {
@@ -65,8 +65,8 @@ Ice::proxyIdentityAndFacetLess(const optional<ObjectPrx>& lhs, const optional<Ob
             return false;
         }
 
-        string lhsFacet = lhs->ice_getFacet();
-        string rhsFacet = rhs->ice_getFacet();
+        const string& lhsFacet = lhs->ice_getFacet();
+        const string& rhsFacet = rhs->ice_getFacet();
 
         return lhsFacet < rhsFacet;
     }

data/dist/ice/cpp/src/Ice/Reference.cpp

@@ -549,7 +549,7 @@ IceInternal::FixedReference::changeConnectionId(string) const
 ReferencePtr
 IceInternal::FixedReference::changeConnection(Ice::ConnectionIPtr newConnection) const
 {
-    FixedReferencePtr r = dynamic_pointer_cast<FixedReference>(clone());
+    FixedReferencePtr r = static_pointer_cast<FixedReference>(clone());
     r->_fixedConnection = std::move(newConnection);
     return r;
 }
@@ -787,7 +787,7 @@ IceInternal::RoutableReference::changeEncoding(Ice::EncodingVersion encoding) co
     ReferencePtr r = Reference::changeEncoding(encoding);
     if (r.get() != const_cast<RoutableReference*>(this))
     {
-        LocatorInfoPtr& locInfo = dynamic_pointer_cast<RoutableReference>(r)->_locatorInfo;
+        LocatorInfoPtr& locInfo = static_pointer_cast<RoutableReference>(r)->_locatorInfo;
         if (locInfo && locInfo->getLocator()->ice_getEncodingVersion() != encoding)
         {
             locInfo = getInstance()->locatorManager()->get(locInfo->getLocator()->ice_encodingVersion(encoding));
@@ -809,7 +809,7 @@ IceInternal::RoutableReference::changeCompress(bool newCompress) const
         {
             newEndpoints.push_back(endpoint->compress(newCompress));
         }
-        dynamic_pointer_cast<RoutableReference>(r)->_endpoints = newEndpoints;
+        static_pointer_cast<RoutableReference>(r)->_endpoints = std::move(newEndpoints);
     }
     return r;
 }
@@ -817,7 +817,7 @@ IceInternal::RoutableReference::changeCompress(bool newCompress) const
 ReferencePtr
 IceInternal::RoutableReference::changeEndpoints(vector<EndpointIPtr> newEndpoints) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_endpoints = std::move(newEndpoints);
     r->applyOverrides(r->_endpoints);
     r->_adapterId.clear();
@@ -827,7 +827,7 @@ IceInternal::RoutableReference::changeEndpoints(vector<EndpointIPtr> newEndpoint
 ReferencePtr
 IceInternal::RoutableReference::changeAdapterId(string newAdapterId) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_adapterId = std::move(newAdapterId);
     r->_endpoints.clear();
     return r;
@@ -837,7 +837,7 @@ ReferencePtr
 IceInternal::RoutableReference::changeLocator(optional<LocatorPrx> newLocator) const
 {
     LocatorInfoPtr newLocatorInfo = newLocator ? getInstance()->locatorManager()->get(newLocator.value()) : nullptr;
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_locatorInfo = std::move(newLocatorInfo);
     return r;
 }
@@ -846,7 +846,7 @@ ReferencePtr
 IceInternal::RoutableReference::changeRouter(optional<RouterPrx> newRouter) const
 {
     RouterInfoPtr newRouterInfo = newRouter ? getInstance()->routerManager()->get(newRouter.value()) : nullptr;
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_routerInfo = std::move(newRouterInfo);
     return r;
 }
@@ -854,7 +854,7 @@ IceInternal::RoutableReference::changeRouter(optional<RouterPrx> newRouter) cons
 ReferencePtr
 IceInternal::RoutableReference::changeCollocationOptimized(bool newCollocationOptimized) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_collocationOptimized = newCollocationOptimized;
     return r;
 }
@@ -862,7 +862,7 @@ IceInternal::RoutableReference::changeCollocationOptimized(bool newCollocationOp
 ReferencePtr
 IceInternal::RoutableReference::changeCacheConnection(bool newCache) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_cacheConnection = newCache;
     return r;
 }
@@ -870,7 +870,7 @@ IceInternal::RoutableReference::changeCacheConnection(bool newCache) const
 ReferencePtr
 IceInternal::RoutableReference::changeEndpointSelection(EndpointSelectionType newType) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_endpointSelection = newType;
     return r;
 }
@@ -878,7 +878,7 @@ IceInternal::RoutableReference::changeEndpointSelection(EndpointSelectionType ne
 ReferencePtr
 IceInternal::RoutableReference::changeLocatorCacheTimeout(chrono::milliseconds timeout) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_locatorCacheTimeout = timeout;
     return r;
 }
@@ -886,7 +886,7 @@ IceInternal::RoutableReference::changeLocatorCacheTimeout(chrono::milliseconds t
 ReferencePtr
 IceInternal::RoutableReference::changeConnectionId(string id) const
 {
-    RoutableReferencePtr r = dynamic_pointer_cast<RoutableReference>(clone());
+    RoutableReferencePtr r = static_pointer_cast<RoutableReference>(clone());
     r->_connectionId = id;
     if (!_endpoints.empty()) // Also override the connection id on the endpoints.
     {
@@ -896,7 +896,7 @@ IceInternal::RoutableReference::changeConnectionId(string id) const
         {
             newEndpoints.push_back(endpoint->connectionId(id));
         }
-        r->_endpoints = newEndpoints;
+        r->_endpoints = std::move(newEndpoints);
     }
     return r;
 }
@@ -1259,7 +1259,7 @@ IceInternal::RoutableReference::getConnectionAsync(
     if (_routerInfo)
     {
         // If we route, we send everything to the router's client proxy endpoints.
-        auto self = dynamic_pointer_cast<RoutableReference>(const_cast<RoutableReference*>(this)->shared_from_this());
+        auto self = static_pointer_cast<RoutableReference>(const_cast<RoutableReference*>(this)->shared_from_this());
 
         _routerInfo->getClientEndpointsAsync(
             [self = std::move(self), response = std::move(response), exception](vector<EndpointIPtr> endpoints) mutable
@@ -1364,7 +1364,7 @@ IceInternal::RoutableReference::getConnectionNoRouterInfoAsync(
     if (_locatorInfo)
     {
         RoutableReferencePtr self =
-            dynamic_pointer_cast<RoutableReference>(const_cast<RoutableReference*>(this)->shared_from_this());
+            static_pointer_cast<RoutableReference>(const_cast<RoutableReference*>(this)->shared_from_this());
         _locatorInfo->getEndpoints(
             self,
             _locatorCacheTimeout,

data/dist/ice/cpp/src/Ice/ReferenceFactory.cpp

@@ -93,13 +93,14 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
         return nullptr;
     }
 
-    const string delim = " \t\r\n";
+    static constexpr const char* whitespace = " \t\r\n";
+    static constexpr const char* whitespaceOrSeparator = " \t\r\n:@";
 
-    string s(str);
+    string s{str};
     string::size_type beg;
     string::size_type end = 0;
 
-    beg = s.find_first_not_of(delim, end);
+    beg = s.find_first_not_of(whitespace, end);
     if (beg == string::npos)
     {
         throw ParseException(__FILE__, __LINE__, "no non-whitespace characters found in proxy string '" + s + "'");
@@ -117,7 +118,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
     }
     else if (end == 0)
     {
-        end = s.find_first_of(delim + ":@", beg);
+        end = s.find_first_of(whitespaceOrSeparator, beg);
         if (end == string::npos)
         {
             end = s.size();
@@ -144,7 +145,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
         // a null proxy, but only if nothing follows the
         // quotes.
         //
-        if (s.find_first_not_of(delim, end) != string::npos)
+        if (s.find_first_not_of(whitespace, end) != string::npos)
         {
             throw ParseException(__FILE__, __LINE__, "invalid characters after identity in proxy string '" + s + "'");
         }
@@ -167,7 +168,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
 
     while (true)
     {
-        beg = s.find_first_not_of(delim, end);
+        beg = s.find_first_not_of(whitespace, end);
         if (beg == string::npos)
         {
             break;
@@ -178,7 +179,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
             break;
         }
 
-        end = s.find_first_of(delim + ":@", beg);
+        end = s.find_first_of(whitespaceOrSeparator, beg);
         if (end == string::npos)
         {
             end = s.length();
@@ -204,7 +205,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
         // quotation marks.
         //
         string argument;
-        string::size_type argumentBeg = s.find_first_not_of(delim, end);
+        string::size_type argumentBeg = s.find_first_not_of(whitespace, end);
         if (argumentBeg != string::npos)
         {
             if (s[argumentBeg] != '@' && s[argumentBeg] != ':' && s[argumentBeg] != '-')
@@ -220,7 +221,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
                 }
                 else if (end == 0)
                 {
-                    end = s.find_first_of(delim + ":@", beg);
+                    end = s.find_first_of(whitespaceOrSeparator, beg);
                     if (end == string::npos)
                     {
                         end = s.size();
@@ -493,7 +494,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
         }
         case '@':
         {
-            beg = s.find_first_not_of(delim, beg + 1);
+            beg = s.find_first_not_of(whitespace, beg + 1);
             if (beg == string::npos)
             {
                 throw ParseException(__FILE__, __LINE__, "missing adapter id in proxy string '" + s + "'");
@@ -510,7 +511,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
             }
             else if (end == 0)
             {
-                end = s.find_first_of(delim, beg);
+                end = s.find_first_of(whitespace, beg);
                 if (end == string::npos)
                 {
                     end = s.size();
@@ -525,7 +526,7 @@ IceInternal::ReferenceFactory::create(string_view str, const string& propertyPre
             }
 
             // Check for trailing whitespace.
-            if (end != string::npos && s.find_first_not_of(delim, end) != string::npos)
+            if (end != string::npos && s.find_first_not_of(whitespace, end) != string::npos)
             {
                 throw ParseException(
                     __FILE__,
@@ -610,7 +611,9 @@ IceInternal::ReferenceFactory::create(Identity ident, InputStream* s)
     vector<EndpointIPtr> endpoints;
     string adapterId;
 
-    int32_t sz = s->readSize();
+    // Each endpoint occupies at least 8 bytes on the wire (a 2-byte type plus a 6-byte minimum
+    // encapsulation), so readAndCheckSeqSize rejects an oversized count before we allocate.
+    int32_t sz = s->readAndCheckSeqSize(8);
 
     if (sz > 0)
     {

data/dist/ice/cpp/src/Ice/ResourceConfig.h

@@ -5,8 +5,8 @@
 
 #include "winver.h"
 
-#define ICE_VERSION 3, 8, 0, 0
-#define ICE_STRING_VERSION "3.8.0\0"
+#define ICE_VERSION 3, 8, 2, 0
+#define ICE_STRING_VERSION "3.8.2\0"
 #define ICE_SO_VERSION "38\0"
 #define ICE_COMPANY_NAME "ZeroC, Inc.\0"
 #define ICE_COPYRIGHT "\251 ZeroC, Inc.\0"

data/dist/ice/cpp/src/Ice/SSL/OpenSSLEngine.cpp

@@ -44,20 +44,18 @@ extern "C"
         auto* p = reinterpret_cast<OpenSSL::SSLEngine*>(userData);
         assert(p);
         string passwd = p->password();
-        int sz = static_cast<int>(passwd.size());
-        if (sz > size)
-        {
-            sz = size - 1;
-        }
-        strncpy(buf, passwd.c_str(), sz);
-        buf[sz] = '\0';
+
+        // Follow the OpenSSL documentation example: copy the password into the buffer, truncating if necessary, and
+        // null-terminate. See https://docs.openssl.org/3.0/man3/SSL_CTX_set_default_passwd_cb/#examples
+        strncpy(buf, passwd.c_str(), static_cast<size_t>(size));
+        buf[size - 1] = '\0';
 
         for (auto& character : passwd)
         {
             character = '\0';
         }
 
-        return sz;
+        return static_cast<int>(strlen(buf));
     }
 }
 
@@ -74,7 +72,14 @@ namespace
 
 OpenSSL::SSLEngine::SSLEngine(const IceInternal::InstancePtr& instance) : Ice::SSL::SSLEngine(instance) {}
 
-OpenSSL::SSLEngine::~SSLEngine() = default;
+OpenSSL::SSLEngine::~SSLEngine()
+{
+    if (_ctx)
+    {
+        SSL_CTX_free(_ctx);
+        _ctx = nullptr;
+    }
+}
 
 void
 OpenSSL::SSLEngine::initialize()
@@ -93,6 +98,10 @@ OpenSSL::SSLEngine::initialize()
             throw InitializationException(__FILE__, __LINE__, "IceSSL: unable to create SSL context:\n" + sslErrors());
         }
 
+        // Reject peer-initiated TLS renegotiation: it is a CPU-asymmetric denial-of-service primitive
+        // on TLS 1.2 and is removed entirely in TLS 1.3.
+        SSL_CTX_set_options(_ctx, SSL_OP_NO_RENEGOTIATION);
+
         // Check for a default directory. We look in this directory for files mentioned in the configuration.
         const string defaultDir = properties->getIceProperty("IceSSL.DefaultDir");
 
@@ -154,7 +163,10 @@ OpenSSL::SSLEngine::initialize()
             }
             else if (properties->getIcePropertyAsInt("IceSSL.UsePlatformCAs") > 0)
             {
-                SSL_CTX_set_default_verify_paths(_ctx);
+                if (!SSL_CTX_set_default_verify_paths(_ctx))
+                {
+                    throw InitializationException(__FILE__, __LINE__, "IceSSL: unable to set default verify paths");
+                }
             }
         }
 
@@ -395,9 +407,16 @@ OpenSSL::SSLEngine::initialize()
             _ctx,
             reinterpret_cast<unsigned char*>(this),
             static_cast<unsigned int>(sizeof(this)));
+
+        // Scrub the password from memory now that initialization is complete.
+        OPENSSL_cleanse(_password.data(), _password.size());
+        _password.clear();
     }
     catch (...)
     {
+        // Scrub the password from memory even if initialization fails.
+        OPENSSL_cleanse(_password.data(), _password.size());
+        _password.clear();
         SSL_CTX_free(_ctx);
         _ctx = nullptr;
         throw;
@@ -501,13 +520,3 @@ OpenSSL::SSLEngine::sslErrors() const
 {
     return getErrors();
 }
-
-void
-OpenSSL::SSLEngine::destroy()
-{
-    if (_ctx)
-    {
-        SSL_CTX_free(_ctx);
-        _ctx = nullptr;
-    }
-}

data/dist/ice/cpp/src/Ice/SSL/OpenSSLEngine.h

@@ -17,10 +17,9 @@ namespace Ice::SSL::OpenSSL
     {
     public:
         SSLEngine(const IceInternal::InstancePtr&);
-        ~SSLEngine();
+        ~SSLEngine() override;
 
         void initialize() final;
-        void destroy() final;
         [[nodiscard]] std::string sslErrors() const;
         [[nodiscard]] std::string password() const { return _password; }
         [[nodiscard]] Ice::SSL::ClientAuthenticationOptions