/src/le/libevent/bufferevent_ssl.c:863: error: Null Dereference
pointer `bev_ssl` last assigned on line 855 could be null and is dereferenced at line 863, column 6.
861. r2 = start_writing(bev_ssl);
862.
863. if (bev_ssl->underlying) {
^
864. if (events & EV_READ)
865. BEV_RESET_GENERIC_READ_TIMEOUT(bev);
/src/le/libevent/bufferevent_filter.c:234: error: Null Dereference
pointer `bevf` last assigned on line 231 could be null and is dereferenced at line 234, column 6.
232. EVUTIL_ASSERT(bevf);
233.
234. if (bevf->bev.options & BEV_OPT_CLOSE_ON_FREE) {
^
235. /* Yes, there is also a decref in bufferevent_decref_.
236. * That decref corresponds to the incref when we set
Note, that in order to do this evrpc_hook_add_meta() should have return
value, so this is a minor ABI change, which should not affect C ABI, but
still worth to mention.
Anyway this will be done in 2.2 release and unlikely RPC subsystem is
popular.
Currently, libevent's HTTP parser accepts and ignores 0x, +, and whitespace prefixes on chunk sizes. It also ignores - prefixes on chunk sizes of 0. This patch fixes that.
There is a potential danger in the current behavior, which is that there exist HTTP implementations that interpret chunk sizes as their longest valid prefix. For those implementations, 0xa (for example) is equivalent to 0, and this may present a request smuggling risk when those implementations are used in conjunction with libevent. However, as far I'm aware, there is no HTTP proxy that both interprets 0xa as 0 and forwards it verbatim, so I think this is a low-risk bug that is acceptable to report in public.
As acfac7a#r124469888 mentioned, LibeventConfig.cmake is looking for MBedTLS package, even if libevent is not configured to use MBedTLS.
This PR makes MbedTLS and OpenSSL dependencies configurable.
Fixes: #1543
Currently, when libevent parses requests with version `HTTP/4294967295.255`, you end up with `req->major == req->minor == (char)-1`. (At least on linux-gnu-x86_64, where `char` is signed.)
This is sort of weird.
This patch changes the version parser to match the grammar in RFCs 7230 and 9112. (i.e. `HTTP/[0-9].[0-9]`)
EDIT: Technically, a little stronger than the RFC requires, since this patch continues to block major versions greater than 1, which was already what libevent was doing.
The `readv`/`writev` functions are designed for scattered I/O optimally,
their logic in the kernel is more sophisticated, compared to read/write,
which includes extra on-stack `iovec` in the kernel space, importing `iovec`
array from user space to kernel space, reading/writing with `iov_iter`, etc.
As a result, using `readv`/`writev` on single-segment `iovec` will fall into
the special branch in the kernel where it is imported as `ITER_UBUF` differed
from `ITER_IOVEC` for multiple-segments `iovec`.
Thus, it is just not worth calling `readv`/`writev` for single-segment `iovec`,
we should use `read`/`write` instead, to save it from going through the
sophisticated yet unnecessary kernel code path, circumvent a waste of
kernel on-stack memory, copying `iovec` between user space and kernel space, etc.
I sometimes browse and edit C/C++ code with VSCode,
and it would generate some project files in .vscode
which could easily be added and even pushed to a git repo by accident.
It's sort of annoying for programmers who work with VS/VSCode,
IntelliJ/Clion, or other widely-used IDE or editors to prevent
themself from using git command like `git add .` in lib event project.
Therefore, I propose leaving the project files generated by VS/VSCode
and IntelliJ/Clion untracked for libevent project. Hopefully, this can be accepted.
Changes:
- Optimize preprocessor directives on Solaris for evutil_set_tcp_keepalive
- Reduce the amount of code being compiled and trim trailing whitespace in passing.
- Move comments for Solaris under its macro
- Refactor the control flow
But note, that there is still issues with MbedTLS and ZLIB:
CMake Error at C:/Program Files/CMake/share/cmake-3.27/Modules/FindPackageHandleStandardArgs.cmake:230 (message):
Error: Could NOT find MbedTLS (missing: MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY
MBEDTLS_CRYPTO_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_LIBRARIES
MBEDTLS_VERSION)
Call Stack (most recent call first):
C:/Program Files/CMake/share/cmake-3.27/Modules/FindPackageHandleStandardArgs.cmake:600 (_FPHSA_FAILURE_MESSAGE)
D:/a/libevent/libevent/cmake/FindMbedTLS.cmake:142 (find_package_handle_standard_args)
D:/a/libevent/vcpkg/scripts/buildsystems/vcpkg.cmake:859 (_find_package)
C:/Program Files/CMake/share/cmake-3.27/Modules/CMakeFindDependencyMacro.cmake:76 (find_package)
D:/a/libevent/libevent/build/LibeventConfig.cmake:43 (find_dependency)
D:/a/libevent/vcpkg/scripts/buildsystems/vcpkg.cmake:859 (_find_package)
CMakeLists.txt:11 (find_package)
But by some reason it is not a fatal error on some builds:
-- OpenSSL lib: optimized;C:/Program Files/OpenSSL/lib/VC/libssl64MD.lib;debug;C:/Program Files/OpenSSL/lib/VC/libssl64MDd.lib;optimized;C:/Program Files/OpenSSL/lib/VC/libcrypto64MD.lib;debug;C:/Program Files/OpenSSL/lib/VC/libcrypto64MDd.lib
-- Could NOT find MbedTLS (missing: MBEDTLS_INCLUDE_DIR MBEDTLS_LIBRARY MBEDTLS_CRYPTO_LIBRARY MBEDTLS_X509_LIBRARY MBEDTLS_LIBRARIES MBEDTLS_VERSION)
-- Could NOT find ZLIB (missing: ZLIB_LIBRARY) (found version "1.2.11")
This will be fixed separatelly - #1534, partially worked CI better then
fully broken anyway.
* ci/windows:
Update vcpkg to fix windows CI
Switch to windows-latest (just in case)
Default settings of TCP keep-alive are not always feasible,
take Linux for example, the duration a connection needs to be
idle before sending out the first keep-alive probe is two hours,
which makes detecting dead connections extremely deferred. Thus,
enabling TCP keep-alive will be to little avail.
This sets TCP_KEEPIDLE, TCP_KEEPINTVL, and TCP_KEEPCNT when enabling TCP
keep-alive mechanism to make it practicable.
This commit addresses a minor inconsistency identified in the
documentation of multiple `evhttp` callback functions within
the `event2/http.h` header file. It was observed that the word
"additional" was presumably missing in the description of the
`arg` parameter for several functions. This oversight led to
an incorrect phrasing: "an context argument for the callback."
The documentation for the following functions has been updated
to rectify this issue:
- `evhttp_set_gencb`
- `evhttp_set_bevcb`
- `evhttp_set_newreqcb`
- `evhttp_set_errorcb`
This commit solely improves the readability of the function
descriptions without altering any functional aspects of the
code.
In evutil.c a macro ERR gets defined,
this is a very generic name in case that
in a included header file ERR is used too,
the compiler will fail complaining
about the redefinition of the macro ERR.
To fix this make sure ERR is undefined,
before defining it in evutil.c
The variable chainp is only used if USE_IOVEC_IMPL is defined.
This makes a strict compiler complain about unused variables,
since chainp is declared outside of an USE_IOVEC_IMPL block.
- Added WS_MAX_RECV_FRAME_SZ, if a received frame exceeds this limit (10
MiB), error out. This is a DoS prevention measure.
- Also redid the unmasking code in get_ws_frame(), to avoid assumptions
about the size of an unsigned int and some casting, and avoid
memcpy(), just use the mask bytes from the buffer that are already there
to unmask.
get_ws_frame:
- had potentially unaligned access; fixed.
- was not reading the full 8 bytes in the 64-bit case (was using the
incorrect htons); fixed.
make_ws_frame:
- wasn't writing the length in the 8-byte case.
Also switched both functions to use size_t rather than int where
appropriate.
* evbuffer_add_reference_with_offset:
Add a comment for evbuffer_ref_cleanup_cb
tests: simplify test_evbuffer_add_reference_with_offset
Add function evbuffer_add_reference_with_offset()
report:
/src/le/libevent/sample/becat.c:304:29: warning: implicit truncation from 'int' to a one-bit wide bit-field changes value from 1 to -1 [-Wsingle-bit-bitfield-constant-conversion]
case 'k': o.extra.keep = 1; break;
This is the same as evbuffer_add_reference(), but allows to specify
offset in the @data
v2: rename evbuffer_add_reference_misalign() to evbuffer_add_reference_with_offset()
Replace evws_send with evws_send_text, and introduce new API -
evws_send_binary, that can be used to send binary frames.
But note, that this commit breaks the ABI compatibility, but it should be OK,
since there was only alpha release with evws_send, and nobody should rely on
this, and I hope nobody does (we decided to go this way to avoid supporting
deprecated API).
Previous settings caused install outside CMAKE_PLATFORM_IMPLICIT_LINK_DIRECTORIES
to use install_name "lib/" in place of the expected (and useful) "@rpath/".
