Script 'mail_helper' called by obssrc Hello community, here is the log from the commit of package ulfius for openSUSE:Factory checked in at 2021-09-08 21:36:47 ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Comparing /work/SRC/openSUSE:Factory/ulfius (Old) and /work/SRC/openSUSE:Factory/.ulfius.new.1899 (New) ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ulfius" Wed Sep 8 21:36:47 2021 rev:21 rq:917448 version:2.7.4 Changes: -------- --- /work/SRC/openSUSE:Factory/ulfius/ulfius.changes 2021-06-09 21:52:17.050472826 +0200 +++ /work/SRC/openSUSE:Factory/.ulfius.new.1899/ulfius.changes 2021-09-08 21:37:08.801925705 +0200 @@ -1,0 +2,9 @@ +Tue Sep 7 06:37:49 UTC 2021 - Martin Hauke <mar...@gmx.de> + +- Update to version 2.7.4 + Fix security issue CVE-2021-40540 (bsc#1190246) + * Add void parameter to functions with no param. + * Fix bug when malformed HTTP requests are sent. + * Remove yder flag from libulfius.pc when yder is disabled. + +------------------------------------------------------------------- Old: ---- ulfius-2.7.3.tar.gz New: ---- ulfius-2.7.4.tar.gz ++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++ Other differences: ------------------ ++++++ ulfius.spec ++++++ --- /var/tmp/diff_new_pack.2kAxCP/_old 2021-09-08 21:37:09.361926361 +0200 +++ /var/tmp/diff_new_pack.2kAxCP/_new 2021-09-08 21:37:09.365926365 +0200 @@ -20,7 +20,7 @@ %define _lto_cflags %{nil} %define sover 2_7 Name: ulfius -Version: 2.7.3 +Version: 2.7.4 Release: 0 Summary: Web Framework for REST Applications in C License: MIT ++++++ ulfius-2.7.3.tar.gz -> ulfius-2.7.4.tar.gz ++++++ diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/API.md new/ulfius-2.7.4/API.md --- old/ulfius-2.7.3/API.md 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/API.md 2021-09-06 23:34:10.000000000 +0200 @@ -1,6 +1,8 @@ # Ulfius API Documentation -- [Header file](#header-file) +- [Use Ulfius in a C program](#use-ulfius-in-a-c-program) + - [Header file](#header-file) + - [Build options](#build-options) - [Return values](#return-values) - [Memory management](#memory-management) - [Webservice initialization](#webservice-initialization) @@ -59,7 +61,9 @@ - [Update existing programs from Ulfius 2.0 to 2.1](#update-existing-programs-from-ulfius-20-to-21) - [Update existing programs from Ulfius 1.x to 2.0](#update-existing-programs-from-ulfius-1x-to-20) -## Header file <a name="header-file"></a> +## Use Ulfius in a C program <a name="use-ulfius-in-a-c-program"></a> + +### Header file <a name="header-file"></a> Include file `ulfius.h` in your source file: @@ -67,6 +71,23 @@ #include <ulfius.h> ``` +### Build options <a name="build-options"></a> + +You can use `pkg-config` to provide the compile and link options for Ulfius: + +```shell +$ # compile flags +$ pkg-config --cflags libulfius +-I/usr/include +$ # linker flags +$ pkg-config --libs libulfius +-L/usr/lib -lulfius -lorcania -lyder +``` + +If you don't or can't have pkg-config for the build, you can set the linker options `-lulfius -lorcania -lyder`. + +The options `-lorcania` and `-lyder` are not necessary if you don't directly use Orcania or Yder functions. But in doubt, add them anyway. + On your linker command, add Ulfius as a dependency library, e.g. `-lulfius` for gcc. ## Return values <a name="return-values"></a> diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/CHANGELOG.md new/ulfius-2.7.4/CHANGELOG.md --- old/ulfius-2.7.3/CHANGELOG.md 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/CHANGELOG.md 2021-09-06 23:34:10.000000000 +0200 @@ -1,5 +1,12 @@ # Ulfius Changelog +## 2.7.4 + +- Add `void` parameter to functions with no param +- Fix bug when malformed HTTP requests are sent, thanks Jeremy Brown! +- Remove yder flag from `libulfius.pc` when yder is disabled +- Avoid Time-of-check time-of-use filesystem race condition, assume `fopen` result is enough + ## 2.7.3 - Add `ULFIUS_CHECK_VERSION` macro (Thanks Oliv3) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/CMakeLists.txt new/ulfius-2.7.4/CMakeLists.txt --- old/ulfius-2.7.3/CMakeLists.txt 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/CMakeLists.txt 2021-09-06 23:34:10.000000000 +0200 @@ -30,7 +30,7 @@ set(PROJECT_BUGREPORT_PATH "https://github.com/babelouest/ulfius/issues") set(LIBRARY_VERSION_MAJOR "2") set(LIBRARY_VERSION_MINOR "7") -set(LIBRARY_VERSION_PATCH "3") +set(LIBRARY_VERSION_PATCH "4") set(PROJECT_VERSION "${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}") set(PROJECT_VERSION_MAJOR ${LIBRARY_VERSION_MAJOR}) @@ -281,7 +281,9 @@ option(WITH_YDER "Use Yder library to log messages" ON) option(SEARCH_YDER "Search for Yder library" ON) +set(LIB_YDER "") if (WITH_YDER) + set(LIB_YDER "-lyder") set(U_DISABLE_YDER OFF) set(SEARCH_ORCANIA OFF CACHE BOOL "Force to false") # Avoid to search and download orcania during yder search and download diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/README.md new/ulfius-2.7.4/README.md --- old/ulfius-2.7.3/README.md 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/README.md 2021-09-06 23:34:10.000000000 +0200 @@ -126,4 +126,4 @@ I'm open for questions and suggestions, feel free to open an [issue](https://github.com/babelouest/ulfius/issues), a [pull request](https://github.com/babelouest/ulfius/pulls) or send me an [e-mail](mailto:m...@babelouest.org) if you feel like it! -You can visit the IRC channel #ulfius on the [Freenode](https://freenode.net/) network. +You can visit the IRC channel #ulfius on the [Libera.???Chat](https://libera.chat/) network. diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c --- old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c 2021-09-06 23:34:10.000000000 +0200 @@ -2,9 +2,9 @@ * * Static file server with compression Ulfius callback * - * Copyright 2020 Nicolas Mora <m...@babelouest.org> + * Copyright 2020-2021 Nicolas Mora <m...@babelouest.org> * - * Version 20201213 + * Version 20210906 * * The MIT License (MIT) * @@ -189,24 +189,22 @@ file_path = msprintf("%s/%s", ((struct _u_compressed_inmemory_website_config *)user_data)->files_path, file_requested); - if (access(file_path, F_OK) != -1) { - f = fopen (file_path, "rb"); - if (f) { - fseek (f, 0, SEEK_END); - length = ftell (f); - fseek (f, 0, SEEK_SET); - - content_type = u_map_get_case(&((struct _u_compressed_inmemory_website_config *)user_data)->mime_types, get_filename_ext(file_requested)); - if (content_type == NULL) { - content_type = u_map_get(&((struct _u_compressed_inmemory_website_config *)user_data)->mime_types, "*"); - y_log_message(Y_LOG_LEVEL_WARNING, "Static File Server - Unknown mime type for extension %s", get_filename_ext(file_requested)); - } - u_map_put(response->map_header, "Content-Type", content_type); - u_map_copy_into(response->map_header, &((struct _u_compressed_inmemory_website_config *)user_data)->map_header); + f = fopen (file_path, "rb"); + if (f) { + fseek (f, 0, SEEK_END); + length = ftell (f); + fseek (f, 0, SEEK_SET); + + content_type = u_map_get_case(&((struct _u_compressed_inmemory_website_config *)user_data)->mime_types, get_filename_ext(file_requested)); + if (content_type == NULL) { + content_type = u_map_get(&((struct _u_compressed_inmemory_website_config *)user_data)->mime_types, "*"); + y_log_message(Y_LOG_LEVEL_WARNING, "Static File Server - Unknown mime type for extension %s", get_filename_ext(file_requested)); + } + u_map_put(response->map_header, "Content-Type", content_type); + u_map_copy_into(response->map_header, &((struct _u_compressed_inmemory_website_config *)user_data)->map_header); - if (ulfius_set_stream_response(response, 200, callback_static_file_uncompressed_stream, callback_static_file_uncompressed_stream_free, length, CHUNK, f) != U_OK) { - y_log_message(Y_LOG_LEVEL_ERROR, "Static File Server - Error ulfius_set_stream_response"); - } + if (ulfius_set_stream_response(response, 200, callback_static_file_uncompressed_stream, callback_static_file_uncompressed_stream_free, length, CHUNK, f) != U_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "Static File Server - Error ulfius_set_stream_response"); } } else { if (((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404 == NULL) { @@ -358,99 +356,97 @@ } else { file_path = msprintf("%s/%s", ((struct _u_compressed_inmemory_website_config *)user_data)->files_path, file_requested); - if (access(file_path, F_OK) != -1) { - if (!pthread_mutex_lock(&config->lock)) { - f = fopen (file_path, "rb"); - if (f) { - fseek (f, 0, SEEK_END); - offset = length = ftell (f); - fseek (f, 0, SEEK_SET); - - if ((file_content_orig = file_content = o_malloc(length)) != NULL && (data_zip = o_malloc((2*length)+20)) != NULL) { - defstream.zalloc = u_zalloc; - defstream.zfree = u_zfree; - defstream.opaque = Z_NULL; - defstream.avail_in = (uInt)length; - defstream.next_in = (Bytef *)file_content; - while ((read_length = fread(file_content, sizeof(char), offset, f))) { - file_content += read_length; - offset -= read_length; - } + if (!pthread_mutex_lock(&config->lock)) { + f = fopen (file_path, "rb"); + if (f) { + fseek (f, 0, SEEK_END); + offset = length = ftell (f); + fseek (f, 0, SEEK_SET); + + if ((file_content_orig = file_content = o_malloc(length)) != NULL && (data_zip = o_malloc((2*length)+20)) != NULL) { + defstream.zalloc = u_zalloc; + defstream.zfree = u_zfree; + defstream.opaque = Z_NULL; + defstream.avail_in = (uInt)length; + defstream.next_in = (Bytef *)file_content; + while ((read_length = fread(file_content, sizeof(char), offset, f))) { + file_content += read_length; + offset -= read_length; + } - if (compress_mode == U_COMPRESS_GZIP) { - if (deflateInit2(&defstream, - Z_DEFAULT_COMPRESSION, - Z_DEFLATED, - U_GZIP_WINDOW_BITS | U_GZIP_ENCODING, - 8, - Z_DEFAULT_STRATEGY) != Z_OK) { - y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error deflateInit (gzip)"); - ret = U_CALLBACK_ERROR; - } - } else { - if (deflateInit(&defstream, Z_BEST_COMPRESSION) != Z_OK) { - y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error deflateInit (deflate)"); + if (compress_mode == U_COMPRESS_GZIP) { + if (deflateInit2(&defstream, + Z_DEFAULT_COMPRESSION, + Z_DEFLATED, + U_GZIP_WINDOW_BITS | U_GZIP_ENCODING, + 8, + Z_DEFAULT_STRATEGY) != Z_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error deflateInit (gzip)"); + ret = U_CALLBACK_ERROR; + } + } else { + if (deflateInit(&defstream, Z_BEST_COMPRESSION) != Z_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error deflateInit (deflate)"); + ret = U_CALLBACK_ERROR; + } + } + if (ret == U_CALLBACK_CONTINUE) { + do { + if ((data_zip = o_realloc(data_zip, data_zip_len+_U_W_BLOCK_SIZE)) != NULL) { + defstream.avail_out = _U_W_BLOCK_SIZE; + defstream.next_out = ((Bytef *)data_zip)+data_zip_len; + switch ((res = deflate(&defstream, Z_FINISH))) { + case Z_OK: + case Z_STREAM_END: + case Z_BUF_ERROR: + break; + default: + y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error deflate %d", res); + ret = U_CALLBACK_ERROR; + break; + } + data_zip_len += _U_W_BLOCK_SIZE - defstream.avail_out; + } else { + y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error allocating resources for data_zip"); ret = U_CALLBACK_ERROR; } - } + } while (U_CALLBACK_CONTINUE == ret && defstream.avail_out == 0); + if (ret == U_CALLBACK_CONTINUE) { - do { - if ((data_zip = o_realloc(data_zip, data_zip_len+_U_W_BLOCK_SIZE)) != NULL) { - defstream.avail_out = _U_W_BLOCK_SIZE; - defstream.next_out = ((Bytef *)data_zip)+data_zip_len; - switch ((res = deflate(&defstream, Z_FINISH))) { - case Z_OK: - case Z_STREAM_END: - case Z_BUF_ERROR: - break; - default: - y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error deflate %d", res); - ret = U_CALLBACK_ERROR; - break; - } - data_zip_len += _U_W_BLOCK_SIZE - defstream.avail_out; - } else { - y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error allocating resources for data_zip"); - ret = U_CALLBACK_ERROR; + if (compress_mode == U_COMPRESS_GZIP) { + if (config->allow_cache_compressed) { + u_map_put_binary(&config->gzip_files, file_requested, data_zip, 0, defstream.total_out); } - } while (U_CALLBACK_CONTINUE == ret && defstream.avail_out == 0); - - if (ret == U_CALLBACK_CONTINUE) { - if (compress_mode == U_COMPRESS_GZIP) { - if (config->allow_cache_compressed) { - u_map_put_binary(&config->gzip_files, file_requested, data_zip, 0, defstream.total_out); - } - ulfius_set_binary_body_response(response, 200, u_map_get(&config->gzip_files, file_requested), u_map_get_length(&config->gzip_files, file_requested)); - } else { - if (config->allow_cache_compressed) { - u_map_put_binary(&config->deflate_files, file_requested, data_zip, 0, defstream.total_out); - } - ulfius_set_binary_body_response(response, 200, u_map_get(&config->deflate_files, file_requested), u_map_get_length(&config->deflate_files, file_requested)); + ulfius_set_binary_body_response(response, 200, u_map_get(&config->gzip_files, file_requested), u_map_get_length(&config->gzip_files, file_requested)); + } else { + if (config->allow_cache_compressed) { + u_map_put_binary(&config->deflate_files, file_requested, data_zip, 0, defstream.total_out); } - u_map_put(response->map_header, U_CONTENT_HEADER, compress_mode==U_COMPRESS_GZIP?U_ACCEPT_GZIP:U_ACCEPT_DEFLATE); + ulfius_set_binary_body_response(response, 200, u_map_get(&config->deflate_files, file_requested), u_map_get_length(&config->deflate_files, file_requested)); } + u_map_put(response->map_header, U_CONTENT_HEADER, compress_mode==U_COMPRESS_GZIP?U_ACCEPT_GZIP:U_ACCEPT_DEFLATE); } - deflateEnd(&defstream); - o_free(data_zip); - } else { - y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error allocating resource for file_content or data_zip"); - ret = U_CALLBACK_ERROR; } - o_free(file_content_orig); - fclose(f); + deflateEnd(&defstream); + o_free(data_zip); + } else { + y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error allocating resource for file_content or data_zip"); + ret = U_CALLBACK_ERROR; } - pthread_mutex_unlock(&config->lock); + o_free(file_content_orig); + fclose(f); } else { - y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error pthread_lock_mutex"); - ret = U_CALLBACK_ERROR; + if (((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404 == NULL) { + ret = U_CALLBACK_IGNORE; + } else { + ulfius_add_header_to_response(response, "Location", ((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404); + response->status = 302; + } } + pthread_mutex_unlock(&config->lock); } else { - if (((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404 == NULL) { - ret = U_CALLBACK_IGNORE; - } else { - ulfius_add_header_to_response(response, "Location", ((struct _u_compressed_inmemory_website_config *)user_data)->redirect_on_404); - response->status = 302; - } + y_log_message(Y_LOG_LEVEL_ERROR, "callback_static_compressed_inmemory_website - Error pthread_lock_mutex"); + ret = U_CALLBACK_ERROR; } o_free(file_path); } diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h --- old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h 2021-09-06 23:34:10.000000000 +0200 @@ -2,9 +2,9 @@ * * Static file server with compression Ulfius callback * - * Copyright 2020 Nicolas Mora <m...@babelouest.org> + * Copyright 2020-2021 Nicolas Mora <m...@babelouest.org> * - * Version 20201213 + * Version 20210906 * * The MIT License (MIT) * diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/example_programs/test_u_map/test_u_map.c new/ulfius-2.7.4/example_programs/test_u_map/test_u_map.c --- old/ulfius-2.7.3/example_programs/test_u_map/test_u_map.c 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/example_programs/test_u_map/test_u_map.c 2021-09-06 23:34:10.000000000 +0200 @@ -59,7 +59,7 @@ FILE * f; int res = U_OK; - if (access(file_path, F_OK) != -1 && map != NULL) { + if (map != NULL) { f = fopen (file_path, "rb"); if (f) { fseek (f, 0, SEEK_END); @@ -70,13 +70,15 @@ fread (buffer, 1, length, f); } fclose (f); - } - if (buffer) { - res = u_map_put_binary(map,file_path, (char *)buffer, offset, length); - o_free(buffer); + if (buffer) { + res = u_map_put_binary(map,file_path, (char *)buffer, offset, length); + o_free(buffer); + } else { + res = U_ERROR; + } } else { - res = U_ERROR; + res = U_ERROR_PARAMS; } } else { res = U_ERROR_PARAMS; diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/include/ulfius.h new/ulfius-2.7.4/include/ulfius.h --- old/ulfius-2.7.3/include/ulfius.h 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/include/ulfius.h 2021-09-06 23:34:10.000000000 +0200 @@ -382,12 +382,12 @@ * The function ulfius_send_request_close must be called when ulfius send request functions are no longer needed * @return U_OK on success */ -int ulfius_global_init(); +int ulfius_global_init(void); /** * Close global parameters */ -void ulfius_global_close(); +void ulfius_global_close(void); /** * @} @@ -640,7 +640,7 @@ * ulfius_empty_endpoint * @return empty endpoint that goes at the end of an endpoint list */ -const struct _u_endpoint * ulfius_empty_endpoint(); +const struct _u_endpoint * ulfius_empty_endpoint(void); /** * ulfius_copy_endpoint @@ -2081,7 +2081,7 @@ */ #ifndef U_DISABLE_GNUTLS -/* +/** * ulfius_export_client_certificate_pem * Exports the client certificate using PEM format * @param request struct _u_request used @@ -2090,7 +2090,7 @@ */ char * ulfius_export_client_certificate_pem(const struct _u_request * request); -/* +/** * ulfius_import_client_certificate_pem * Imports the client certificate using PEM format * @param request struct _u_request used diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/libulfius.pc.in new/ulfius-2.7.4/libulfius.pc.in --- old/ulfius-2.7.3/libulfius.pc.in 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/libulfius.pc.in 2021-09-06 23:34:10.000000000 +0200 @@ -9,5 +9,5 @@ Version: @LIBRARY_VERSION@ Requires: @PKGCONF_REQ@ Requires.private: @PKGCONF_REQ_PRIVATE@ -Libs: -L${libdir} -lulfius -lorcania -lyder @LIB_STATIC@ +Libs: -L${libdir} -lulfius -lorcania @LIB_YDER@ @LIB_STATIC@ Cflags: -I${includedir} diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/src/Makefile new/ulfius-2.7.4/src/Makefile --- old/ulfius-2.7.3/src/Makefile 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/src/Makefile 2021-09-06 23:34:10.000000000 +0200 @@ -34,6 +34,7 @@ LIBSDEP=-lmicrohttpd -lpthread -lz LIBS=-L$(DESTDIR)/lib -lc $(LDFLAGS) LIB_STATIC= +LIB_YDER= SONAME = -soname ifeq ($(shell uname -s),Darwin) SONAME = -install_name @@ -42,7 +43,7 @@ OUTPUT=libulfius.so VERSION_MAJOR=2 VERSION_MINOR=7 -VERSION_PATCH=3 +VERSION_PATCH=4 ifndef JANSSONFLAG DISABLE_JANSSON=0 @@ -75,6 +76,7 @@ ifndef YDERFLAG DISABLE_YDER=0 LYDER=-lyder +LIB_YDER=$(LYDER) else DISABLE_YDER=1 endif @@ -173,6 +175,7 @@ @sed -i -e 's/@PKGCONF_REQ@/$(PKGCONF_REQ)/g' $(PKGCONFIG_FILE) @sed -i -e 's/@PKGCONF_REQ_PRIVATE@/$(PKGCONF_REQ_PRIVATE)/g' $(PKGCONFIG_FILE) @sed -i -e 's/@LIB_STATIC@/$(LIB_STATIC)/g' $(PKGCONFIG_FILE) + @sed -i -e 's/@LIB_YDER@/$(LIB_YDER)/g' $(PKGCONFIG_FILE) target: $(OBJECTS) diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/src/ulfius.c new/ulfius-2.7.4/src/ulfius.c --- old/ulfius-2.7.3/src/ulfius.c 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/src/ulfius.c 2021-09-06 23:34:10.000000000 +0200 @@ -57,7 +57,7 @@ (void)(message); } -int y_close_logs() { +int y_close_logs(void) { return 1; } #endif @@ -207,6 +207,7 @@ UNUSED(cls); if (con_info != NULL) { + memset(con_info, 0, sizeof(struct connection_info_struct)); con_info->callback_first_iteration = 1; con_info->u_instance = NULL; u_map_init(&con_info->map_url_initial); @@ -217,7 +218,8 @@ return NULL; } - if (NULL == con_info->request || ulfius_init_request(con_info->request) != U_OK) { + if (ulfius_init_request(con_info->request) != U_OK) { + y_log_message(Y_LOG_LEVEL_ERROR, "Ulfius - Error initializing con_info->request"); ulfius_clean_request_full(con_info->request); o_free(con_info); return NULL; @@ -433,7 +435,6 @@ size_t * upload_data_size, void ** con_cls) { #endif - struct _u_endpoint * endpoint_list = ((struct _u_instance *)cls)->endpoint_list, ** current_endpoint_list = NULL, * current_endpoint = NULL; struct connection_info_struct * con_info = * con_cls; int mhd_ret = MHD_NO, callback_ret = U_OK, i, close_loop = 0, inner_error = U_OK, mhd_response_flag; @@ -1514,7 +1515,7 @@ return ret; } -const struct _u_endpoint * ulfius_empty_endpoint() { +const struct _u_endpoint * ulfius_empty_endpoint(void) { static struct _u_endpoint empty_endpoint; empty_endpoint.http_method = NULL; @@ -1901,7 +1902,7 @@ } } -int ulfius_global_init() { +int ulfius_global_init(void) { int ret = U_OK; o_malloc_t malloc_fn; o_realloc_t realloc_fn; @@ -1925,7 +1926,7 @@ return ret; } -void ulfius_global_close() { +void ulfius_global_close(void) { #ifndef U_DISABLE_CURL curl_global_cleanup(); #endif diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/test/Makefile new/ulfius-2.7.4/test/Makefile --- old/ulfius-2.7.3/test/Makefile 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/test/Makefile 2021-09-06 23:34:10.000000000 +0200 @@ -21,7 +21,7 @@ all: test clean: - rm -f *.o u_map core framework websocket valgrind-*.txt + rm -f *.o u_map core framework websocket valgrind-*.txt *.log $(ULFIUS_LIBRARY): $(ULFIUS_SCRUTINIZE) cd $(ULFIUS_LOCATION) && $(MAKE) debug diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn' '--exclude=.svnignore' old/ulfius-2.7.3/test/framework.c new/ulfius-2.7.4/test/framework.c --- old/ulfius-2.7.3/test/framework.c 2021-05-23 15:15:08.000000000 +0200 +++ new/ulfius-2.7.4/test/framework.c 2021-09-06 23:34:10.000000000 +0200 @@ -10,6 +10,7 @@ #include <sys/select.h> #include <sys/time.h> #include <sys/types.h> +#include <netinet/tcp.h> #ifndef _WIN32 #include <sys/socket.h> @@ -528,6 +529,33 @@ free(ptr); } +int callback_function_simple(const struct _u_request * request, struct _u_response * response, void * user_data) { + ulfius_set_response_properties(response, U_OPT_STATUS, 200, U_OPT_STRING_BODY, "Hello World!", U_OPT_NONE); + return U_CALLBACK_CONTINUE; +} + +int socket_connect_localhost(in_port_t port) { + struct sockaddr_in server; + struct hostent * he; + int sock = socket(AF_INET, SOCK_STREAM, 0); + + if (sock != -1) { + if ((he = gethostbyname("127.0.0.1")) != NULL) { + memcpy(&server.sin_addr, he->h_addr_list[0], he->h_length); + server.sin_family = AF_INET; + server.sin_port = htons(port); + + if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) { + close(sock); + sock = -1; + } + } else { + close(sock); + sock = -1; + } + } + return sock; +} #ifndef U_DISABLE_GNUTLS int callback_auth_client_cert (const struct _u_request * request, struct _u_response * response, void * user_data) { char * dn; @@ -1351,6 +1379,69 @@ } END_TEST + +START_TEST(test_ulfius_malformed_requests) +{ + struct _u_instance u_instance; + struct _u_request request; + int socket; + const char request_1[] = "GET / HTTP/1.1\n\r"; + const char request_2[] = "GET / HTTP/1.1\r\rx"; + const char request_3[] = "GET / HTTP/1.1\r\r"; + const char request_4[] = "GET / HTTP/1.1\n\n"; + const char request_5[] = "GET / HTTP/1.1\n"; + const char request_6[] = "GET / HTTP/1.1"; + const char request_7[] = "I am Cornholio!"; + + ck_assert_int_eq(ulfius_init_instance(&u_instance, 8080, NULL, NULL), U_OK); + ck_assert_int_eq(ulfius_add_endpoint_by_val(&u_instance, "GET", NULL, "*", 0, &callback_function_simple, NULL), U_OK); + ck_assert_int_eq(ulfius_start_framework(&u_instance), U_OK); + + ulfius_init_request(&request); + ck_assert_int_eq(ulfius_set_request_properties(&request, U_OPT_HTTP_URL, "http://localhost:8080/", U_OPT_NONE), U_OK); + ck_assert_int_eq(ulfius_send_http_request(&request, NULL), U_OK); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_1, sizeof(request_1), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_2, sizeof(request_2), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_3, sizeof(request_3), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_4, sizeof(request_4), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_5, sizeof(request_5), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_6, sizeof(request_6), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ck_assert_int_gt(socket = socket_connect_localhost(8080), -1); + send(socket, request_7, sizeof(request_7), MSG_NOSIGNAL); + shutdown(socket, SHUT_WR); + close(socket); + + ulfius_clean_request(&request); + ulfius_stop_framework(&u_instance); + ulfius_clean_instance(&u_instance); +} +END_TEST + #ifndef U_DISABLE_GNUTLS START_TEST(test_ulfius_server_ca_trust) { @@ -1477,6 +1568,7 @@ tcase_add_test(tc_core, test_ulfius_send_rich_smtp); tcase_add_test(tc_core, test_ulfius_follow_redirect); tcase_add_test(tc_core, test_ulfius_shared_data); + tcase_add_test(tc_core, test_ulfius_malformed_requests); #ifndef U_DISABLE_GNUTLS tcase_add_test(tc_core, test_ulfius_server_ca_trust); tcase_add_test(tc_core, test_ulfius_client_certificate);