aboutsummaryrefslogtreecommitdiff
AgeCommit message (Collapse)Author
2016-10-22multi: force connections to get closed in close_all_connectionsDaniel Stenberg
Several independent reports on infinite loops hanging in the close_all_connections() function when closing a multi handle, can be fixed by first marking the connection to get closed before calling Curl_disconnect. This is more fixing-the-symptom rather than the underlying problem though. Bug: https://curl.haxx.se/mail/lib-2016-10/0011.html Bug: https://curl.haxx.se/mail/lib-2016-10/0059.html Reported-by: Dan Fandrich, Valentin David, Miloš Ljumović
2016-10-22curl_multi_remove_handle: fix a double-freeAnders Bakken
In short the easy handle needs to be disconnected from its connection at this point since the connection still is serving other easy handles. In our app we can reliably reproduce a crash in our http2 stress test that is fixed by this change. I can't easily reproduce the same test in a small example. This is the gdb/asan output: ==11785==ERROR: AddressSanitizer: heap-use-after-free on address 0xe9f4fb80 at pc 0x09f41f19 bp 0xf27be688 sp 0xf27be67c READ of size 4 at 0xe9f4fb80 thread T13 (RESOURCE_HTTP) #0 0x9f41f18 in curl_multi_remove_handle /path/to/source/3rdparty/curl/lib/multi.c:666 0xe9f4fb80 is located 0 bytes inside of 1128-byte region [0xe9f4fb80,0xe9f4ffe8) freed by thread T13 (RESOURCE_HTTP) here: #0 0xf7b1b5c2 in __interceptor_free /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:45 #1 0x9f7862d in conn_free /path/to/source/3rdparty/curl/lib/url.c:2808 #2 0x9f78c6a in Curl_disconnect /path/to/source/3rdparty/curl/lib/url.c:2876 #3 0x9f41b09 in multi_done /path/to/source/3rdparty/curl/lib/multi.c:615 #4 0x9f48017 in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1896 #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123 #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854 #7 0x9c445e0 in ... #8 0x9c4cf1d in ... #9 0xa2be6b5 in ... #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226 #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d) previously allocated by thread T13 (RESOURCE_HTTP) here: #0 0xf7b1ba27 in __interceptor_calloc /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_malloc_linux.cc:70 #1 0x9f7dfa6 in allocate_conn /path/to/source/3rdparty/curl/lib/url.c:3904 #2 0x9f88ca0 in create_conn /path/to/source/3rdparty/curl/lib/url.c:5797 #3 0x9f8c928 in Curl_connect /path/to/source/3rdparty/curl/lib/url.c:6438 #4 0x9f45a8c in multi_runsingle /path/to/source/3rdparty/curl/lib/multi.c:1411 #5 0x9f490f1 in curl_multi_perform /path/to/source/3rdparty/curl/lib/multi.c:2123 #6 0x9c4443c in perform /path/to/source/src/net/resourcemanager/ResourceManagerCurlThread.cpp:854 #7 0x9c445e0 in ... #8 0x9c4cf1d in ... #9 0xa2be6b5 in ... #10 0xf7aa5780 in asan_thread_start /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226 #11 0xf4d3a16d in __clone (/lib/i386-linux-gnu/libc.so.6+0xe716d) SUMMARY: AddressSanitizer: heap-use-after-free /path/to/source/3rdparty/curl/lib/multi.c:666 in curl_multi_remove_handle Shadow bytes around the buggy address: 0x3d3e9f20: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9f30: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9f40: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9f50: fd fd fd fd fd fd fd fd fd fd fd fd fd fa fa fa 0x3d3e9f60: fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa fa =>0x3d3e9f70:[fd]fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9f80: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9f90: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9fa0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9fb0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd 0x3d3e9fc0: fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd fd Shadow byte legend (one shadow byte represents 8 application bytes): Addressable: 00 Partially addressable: 01 02 03 04 05 06 07 Heap left redzone: fa Heap right redzone: fb Freed heap region: fd Stack left redzone: f1 Stack mid redzone: f2 Stack right redzone: f3 Stack partial redzone: f4 Stack after return: f5 Stack use after scope: f8 Global redzone: f9 Global init order: f6 Poisoned by user: f7 Container overflow: fc Array cookie: ac Intra object redzone: bb ASan internal: fe Left alloca redzone: ca Right alloca redzone: cb ==11785==ABORTING Thread 14 "RESOURCE_HTTP" received signal SIGABRT, Aborted. [Switching to Thread 0xf27bfb40 (LWP 12324)] 0xf7fd8be9 in __kernel_vsyscall () (gdb) bt #0 0xf7fd8be9 in __kernel_vsyscall () #1 0xf4c7ee89 in __GI_raise (sig=6) at ../sysdeps/unix/sysv/linux/raise.c:54 #2 0xf4c803e7 in __GI_abort () at abort.c:89 #3 0xf7b2ef2e in __sanitizer::Abort () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_posix_libcdep.cc:122 #4 0xf7b262fa in __sanitizer::Die () at /opt/toolchain/src/gcc-6.2.0/libsanitizer/sanitizer_common/sanitizer_common.cc:145 #5 0xf7b21ab3 in __asan::ScopedInErrorReport::~ScopedInErrorReport (this=0xf27be171, __in_chrg=<optimized out>) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:689 #6 0xf7b214a5 in __asan::ReportGenericError (pc=166993689, bp=4068206216, sp=4068206204, addr=3925146496, is_write=false, access_size=4, exp=0, fatal=true) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_report.cc:1074 #7 0xf7b21fce in __asan::__asan_report_load4 (addr=3925146496) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_rtl.cc:129 #8 0x09f41f19 in curl_multi_remove_handle (multi=0xf3406080, data=0xde582400) at /path/to/source3rdparty/curl/lib/multi.c:666 #9 0x09f6b277 in Curl_close (data=0xde582400) at /path/to/source3rdparty/curl/lib/url.c:415 #10 0x09f3354e in curl_easy_cleanup (data=0xde582400) at /path/to/source3rdparty/curl/lib/easy.c:860 #11 0x09c6de3f in ... #12 0x09c378c5 in ... #13 0x09c48133 in ... #14 0x09c4d092 in ... #15 0x0a2be6b6 in ... #16 0xf7aa5781 in asan_thread_start (arg=0xf2d22938) at /opt/toolchain/src/gcc-6.2.0/libsanitizer/asan/asan_interceptors.cc:226 #17 0xf5de52b5 in start_thread (arg=0xf27bfb40) at pthread_create.c:333 #18 0xf4d3a16e in clone () at ../sysdeps/unix/sysv/linux/i386/clone.S:114 Fixes #1083
2016-10-22testcurl.1: fix the URL to the autobuild summaryDaniel Stenberg
2016-10-22testcurl.1: update URLsDaniel Stenberg
2016-10-21INSTALL: converted to markdown => INSTALL.mdDaniel Stenberg
Also heavily edited for content. Removed lots of old cruft that we added like 10+ years ago that is likely incorrect by now. Also removed INSTALL.devcpp for same reason.
2016-10-20configure: Check for other variants of the -m*os*-version-min flagsMartin Storsjo
In addition to -miphoneos-version-min, the same version can be set using -mios-version-min. And for WatchOS and TvOS, there's -mwatchos-version-min and -mtvos-version-min.
2016-10-20configure: set min version flags for builds on macDaniel Stenberg
This helps building binaries that can work on multiple macOS versions. Help-by: Martin Storsjö Fixes #1069
2016-10-19curl_multi_add_handle: set timeouts in closure handlesDaniel Stenberg
The closure handle only ever has default timeouts set. To improve the state somewhat we clone the timeouts from each added handle so that the closure handle always has the same timeouts as the most recently added easy handle. Fixes #739
2016-10-18configure/CURL_CHECK_FUNC_POLL: disable poll completely on macDaniel Stenberg
... so that the same libcurl build easier can run on any version. Follow-up to issue #1057
2016-10-18RELEASE-NOTES: synced with f36f8c14551efc6772Daniel Stenberg
2016-10-18test14xx: fixed --libcurl output tests again after 8e8afa82cbbDaniel Stenberg
2016-10-18s/cURL/curlDaniel Stenberg
The tool was never called cURL, only the project. But even so, we have more and more over time switched to just use lower case.
2016-10-18polarssl: indented code, removed unused variablesDaniel Stenberg
2016-10-18polarssl: reduce #ifdef madness with a macroDaniel Stenberg
2016-10-18polarssl: fix unaligned SSL session-id lockDaniel Stenberg
2016-10-18Curl_polarsslthreadlock_thread_setup: clear array at initDaniel Stenberg
... since if it fails to init the entire array and then tries to clean it up, it would attempt to work on an uninitialized pointer.
2016-10-18curl: set INTERLEAVEDATA tooDaniel Stenberg
As otherwise the callback could be called with a NULL pointer when RTSP data is provided.
2016-10-18gopher: properly return error for poll failuresDaniel Stenberg
2016-10-18select: switch to macros in uppercaseDaniel Stenberg
Curl_select_ready() was the former API that was replaced with Curl_select_check() a while back and the former arg setup was provided with a define (in order to leave existing code unmodified). Now we instead offer SOCKET_READABLE and SOCKET_WRITABLE for the most common shortcuts where only one socket is checked. They're also more visibly macros.
2016-10-18select: use more proper macro-looking namesDaniel Stenberg
... so that it becomes more obvious in the code what is what. Also added a typecast for one of the calculations.
2016-10-18Curl_socket_check: add extra check to avoid integer overflowDaniel Stenberg
2016-10-17maketgz: make it support "only" generating version infoDaniel Stenberg
... to allow you to update the local repository with the given version number data.
2016-10-17url: skip to-be-closed connections when pipelining (follow-up)Jay Satiro
- Change back behavior so that pipelining is considered possible for connections that have not yet reached the protocol level. This is a follow-up to e5f0b1a which had changed the behavior of checking if pipelining is possible to ignore connections that had 'bits.close' set. Connections that have not yet reached the protocol level also have that bit set, and we need to consider pipelining possible on those connections.
2016-10-17HTTP2: mention the tool's limited supportDaniel Stenberg
2016-10-16RELEASE-NOTES: synced with a1a5cd04877fd6fdDaniel Stenberg
2016-10-16curl: do not set CURLOPT_SSLENGINEDEFAULT automaticallyDavid Woodhouse
There were bugs in the PKCS#11 engine, and fixing them triggers bugs in OpenSSL. Just don't get involved; there's no need to be making the engine methods the default anyway. https://github.com/OpenSC/libp11/pull/108 https://github.com/openssl/openssl/pull/1639 Merges #1042
2016-10-16KNOWN_BUGS: two more existing problemsDaniel Stenberg
2016-10-16win: fix Universal Windows Platform buildMarcel Raad
This fixes a merge error in commit 7f3df80 caused by commit 332e8d6. Additionally, this changes Curl_verify_windows_version for Windows App builds to assume to always be running on the target Windows version. There seems to be no way to determine the Windows version from a UWP app. Neither GetVersion(Ex), nor VerifyVersionInfo, nor the Version Helper functions are supported. Bug: https://github.com/curl/curl/pull/820#issuecomment-250889878 Reported-by: Paul Joyce Closes https://github.com/curl/curl/pull/1048
2016-10-16KNOWN_BUGS: minor formatting editDaniel Stenberg
2016-10-14url: skip to-be-closed connections when pipeliningRider Linden
No longer attempt to use "doomed" to-be-closed connections when pipelining. Prior to this change connections marked for deletion (e.g. timeout) would be erroneously used, resulting in sporadic crashes. As originally reported and fixed by Carlo Wood (origin unknown). Bug: https://github.com/curl/curl/issues/627 Reported-by: Rider Linden Closes https://github.com/curl/curl/pull/1075 Participation-by: nopjmp@users.noreply.github.com
2016-10-13vtls: only re-use session-ids using the same schemeDaniel Stenberg
To make it harder to do cross-protocol mistakes
2016-10-11dist: add missing cmake modules to the tarballTorben Dannhauer
Closes https://github.com/curl/curl/pull/1070
2016-10-11configure: detect the broken poll() in macOS 10.12Daniel Stenberg
Fixes #1057
2016-10-10dist: remove PDF and HTML converted docs from the releasesDaniel Stenberg
2016-10-10cmake: add nghttp2 supportRemo E
Closes #922
2016-10-10resolve: add error message when resolving using SIGALRMAndreas Streichardt
Closes #1066
2016-10-10GIT-INFO: remove the Mac 10.1-specific detailsDaniel Stenberg
There shouldn't be many devs out there anymore using such outdated macOS versions. And it removes the dead link. Closes #1049
2016-10-10RELEASE-NOTES: spellfixDaniel Stenberg
2016-10-10RELEASE-NOTES: synced with 82720490628cb53aDaniel Stenberg
5 more fixes, 2 more contributors
2016-10-09smb: properly check incoming packet boundariesTobias Stoeckmann
Not all reply messages were properly checked for their lengths, which made it possible to access uninitialized memory (but this does not lead to out of boundary accesses). Closes #1052
2016-10-08test557: verify printf() with 128 and 129 argumentsDaniel Stenberg
2016-10-08mprintf: return error on too many argumentsDaniel Stenberg
128 arguments should be enough for everyone
2016-10-08ftp: fix Curl_ftpsendf()Daniel Stenberg
... it no longer takes printf() arguments since it was only really taken advantage by one user and it was not written and used in a safe way. Thus the 'f' is removed from the function name and the proto is changed. Although the current code wouldn't end up in badness, it was a risk that future changes could end up springf()ing too large data or passing in a format string inadvertently.
2016-10-08formpost: avoid silent snprintf() truncationDaniel Stenberg
The previous use of snprintf() could make libcurl silently truncate some input data and not report that back on overly large input, which could make data get sent over the network in a bad format. Example: $ curl --form 'a=b' -H "Content-Type: $(perl -e 'print "A"x4100')"
2016-10-08TODO: build: Enable PIE and RELRO by defaultDaniel Stenberg
2016-10-08TODO: Support better than MD5 hostkey hash (for ssh)Daniel Stenberg
2016-10-08tests: Fix a small typo in the tests README (#1060)Daniel Gustafsson
The subdirectory for logs in tests/ is named log/ without an 's' at the end.
2016-10-06TODO: Introduce --fail-fast to exit on first transfer failDaniel Stenberg
See #1054
2016-10-06TODO: Leave secure cookies aloneDaniel Stenberg
2016-10-06CURLOPT_DEBUGFUNCTION.3: unused argument warning (#1056)Rainer Müller
The 'userp' argument is unused in this example code.