Script 'mail_helper' called by obssrc
Hello community,
here is the log from the commit of package ulfius for openSUSE:Factory checked
in at 2021-09-08 21:36:47
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Comparing /work/SRC/openSUSE:Factory/ulfius (Old)
and /work/SRC/openSUSE:Factory/.ulfius.new.1899 (New)
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Package is "ulfius"
Wed Sep 8 21:36:47 2021 rev:21 rq:917448 version:2.7.4
Changes:
--------
--- /work/SRC/openSUSE:Factory/ulfius/ulfius.changes 2021-06-09
21:52:17.050472826 +0200
+++ /work/SRC/openSUSE:Factory/.ulfius.new.1899/ulfius.changes 2021-09-08
21:37:08.801925705 +0200
@@ -1,0 +2,9 @@
+Tue Sep 7 06:37:49 UTC 2021 - Martin Hauke <mar...@gmx.de>
+
+- Update to version 2.7.4
+ Fix security issue CVE-2021-40540 (bsc#1190246)
+ * Add void parameter to functions with no param.
+ * Fix bug when malformed HTTP requests are sent.
+ * Remove yder flag from libulfius.pc when yder is disabled.
+
+-------------------------------------------------------------------
Old:
----
ulfius-2.7.3.tar.gz
New:
----
ulfius-2.7.4.tar.gz
++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++++
Other differences:
------------------
++++++ ulfius.spec ++++++
--- /var/tmp/diff_new_pack.2kAxCP/_old 2021-09-08 21:37:09.361926361 +0200
+++ /var/tmp/diff_new_pack.2kAxCP/_new 2021-09-08 21:37:09.365926365 +0200
@@ -20,7 +20,7 @@
%define _lto_cflags %{nil}
%define sover 2_7
Name: ulfius
-Version: 2.7.3
+Version: 2.7.4
Release: 0
Summary: Web Framework for REST Applications in C
License: MIT
++++++ ulfius-2.7.3.tar.gz -> ulfius-2.7.4.tar.gz ++++++
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/API.md new/ulfius-2.7.4/API.md
--- old/ulfius-2.7.3/API.md 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/API.md 2021-09-06 23:34:10.000000000 +0200
@@ -1,6 +1,8 @@
# Ulfius API Documentation
-- [Header file](#header-file)
+- [Use Ulfius in a C program](#use-ulfius-in-a-c-program)
+ - [Header file](#header-file)
+ - [Build options](#build-options)
- [Return values](#return-values)
- [Memory management](#memory-management)
- [Webservice initialization](#webservice-initialization)
@@ -59,7 +61,9 @@
- [Update existing programs from Ulfius 2.0 to
2.1](#update-existing-programs-from-ulfius-20-to-21)
- [Update existing programs from Ulfius 1.x to
2.0](#update-existing-programs-from-ulfius-1x-to-20)
-## Header file <a name="header-file"></a>
+## Use Ulfius in a C program <a name="use-ulfius-in-a-c-program"></a>
+
+### Header file <a name="header-file"></a>
Include file `ulfius.h` in your source file:
@@ -67,6 +71,23 @@
#include <ulfius.h>
```
+### Build options <a name="build-options"></a>
+
+You can use `pkg-config` to provide the compile and link options for Ulfius:
+
+```shell
+$ # compile flags
+$ pkg-config --cflags libulfius
+-I/usr/include
+$ # linker flags
+$ pkg-config --libs libulfius
+-L/usr/lib -lulfius -lorcania -lyder
+```
+
+If you don't or can't have pkg-config for the build, you can set the linker
options `-lulfius -lorcania -lyder`.
+
+The options `-lorcania` and `-lyder` are not necessary if you don't directly
use Orcania or Yder functions. But in doubt, add them anyway.
+
On your linker command, add Ulfius as a dependency library, e.g. `-lulfius`
for gcc.
## Return values <a name="return-values"></a>
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/CHANGELOG.md
new/ulfius-2.7.4/CHANGELOG.md
--- old/ulfius-2.7.3/CHANGELOG.md 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/CHANGELOG.md 2021-09-06 23:34:10.000000000 +0200
@@ -1,5 +1,12 @@
# Ulfius Changelog
+## 2.7.4
+
+- Add `void` parameter to functions with no param
+- Fix bug when malformed HTTP requests are sent, thanks Jeremy Brown!
+- Remove yder flag from `libulfius.pc` when yder is disabled
+- Avoid Time-of-check time-of-use filesystem race condition, assume `fopen`
result is enough
+
## 2.7.3
- Add `ULFIUS_CHECK_VERSION` macro (Thanks Oliv3)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/CMakeLists.txt
new/ulfius-2.7.4/CMakeLists.txt
--- old/ulfius-2.7.3/CMakeLists.txt 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/CMakeLists.txt 2021-09-06 23:34:10.000000000 +0200
@@ -30,7 +30,7 @@
set(PROJECT_BUGREPORT_PATH "https://github.com/babelouest/ulfius/issues";)
set(LIBRARY_VERSION_MAJOR "2")
set(LIBRARY_VERSION_MINOR "7")
-set(LIBRARY_VERSION_PATCH "3")
+set(LIBRARY_VERSION_PATCH "4")
set(PROJECT_VERSION
"${LIBRARY_VERSION_MAJOR}.${LIBRARY_VERSION_MINOR}.${LIBRARY_VERSION_PATCH}")
set(PROJECT_VERSION_MAJOR ${LIBRARY_VERSION_MAJOR})
@@ -281,7 +281,9 @@
option(WITH_YDER "Use Yder library to log messages" ON)
option(SEARCH_YDER "Search for Yder library" ON)
+set(LIB_YDER "")
if (WITH_YDER)
+ set(LIB_YDER "-lyder")
set(U_DISABLE_YDER OFF)
set(SEARCH_ORCANIA OFF CACHE BOOL "Force to false") # Avoid to search and
download orcania during yder search and download
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/README.md new/ulfius-2.7.4/README.md
--- old/ulfius-2.7.3/README.md 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/README.md 2021-09-06 23:34:10.000000000 +0200
@@ -126,4 +126,4 @@
I'm open for questions and suggestions, feel free to open an
[issue](https://github.com/babelouest/ulfius/issues), a [pull
request](https://github.com/babelouest/ulfius/pulls) or send me an
[e-mail](mailto:m...@babelouest.org) if you feel like it!
-You can visit the IRC channel #ulfius on the [Freenode](https://freenode.net/)
network.
+You can visit the IRC channel #ulfius on the
[Libera.???Chat](https://libera.chat/) network.
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c
new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c
---
old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c
2021-05-23 15:15:08.000000000 +0200
+++
new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.c
2021-09-06 23:34:10.000000000 +0200
@@ -2,9 +2,9 @@
*
* Static file server with compression Ulfius callback
*
- * Copyright 2020 Nicolas Mora <m...@babelouest.org>
+ * Copyright 2020-2021 Nicolas Mora <m...@babelouest.org>
*
- * Version 20201213
+ * Version 20210906
*
* The MIT License (MIT)
*
@@ -189,24 +189,22 @@
file_path = msprintf("%s/%s", ((struct
_u_compressed_inmemory_website_config *)user_data)->files_path, file_requested);
- if (access(file_path, F_OK) != -1) {
- f = fopen (file_path, "rb");
- if (f) {
- fseek (f, 0, SEEK_END);
- length = ftell (f);
- fseek (f, 0, SEEK_SET);
-
- content_type = u_map_get_case(&((struct
_u_compressed_inmemory_website_config *)user_data)->mime_types,
get_filename_ext(file_requested));
- if (content_type == NULL) {
- content_type = u_map_get(&((struct
_u_compressed_inmemory_website_config *)user_data)->mime_types, "*");
- y_log_message(Y_LOG_LEVEL_WARNING, "Static File Server - Unknown
mime type for extension %s", get_filename_ext(file_requested));
- }
- u_map_put(response->map_header, "Content-Type", content_type);
- u_map_copy_into(response->map_header, &((struct
_u_compressed_inmemory_website_config *)user_data)->map_header);
+ f = fopen (file_path, "rb");
+ if (f) {
+ fseek (f, 0, SEEK_END);
+ length = ftell (f);
+ fseek (f, 0, SEEK_SET);
+
+ content_type = u_map_get_case(&((struct
_u_compressed_inmemory_website_config *)user_data)->mime_types,
get_filename_ext(file_requested));
+ if (content_type == NULL) {
+ content_type = u_map_get(&((struct
_u_compressed_inmemory_website_config *)user_data)->mime_types, "*");
+ y_log_message(Y_LOG_LEVEL_WARNING, "Static File Server - Unknown mime
type for extension %s", get_filename_ext(file_requested));
+ }
+ u_map_put(response->map_header, "Content-Type", content_type);
+ u_map_copy_into(response->map_header, &((struct
_u_compressed_inmemory_website_config *)user_data)->map_header);
- if (ulfius_set_stream_response(response, 200,
callback_static_file_uncompressed_stream,
callback_static_file_uncompressed_stream_free, length, CHUNK, f) != U_OK) {
- y_log_message(Y_LOG_LEVEL_ERROR, "Static File Server - Error
ulfius_set_stream_response");
- }
+ if (ulfius_set_stream_response(response, 200,
callback_static_file_uncompressed_stream,
callback_static_file_uncompressed_stream_free, length, CHUNK, f) != U_OK) {
+ y_log_message(Y_LOG_LEVEL_ERROR, "Static File Server - Error
ulfius_set_stream_response");
}
} else {
if (((struct _u_compressed_inmemory_website_config
*)user_data)->redirect_on_404 == NULL) {
@@ -358,99 +356,97 @@
} else {
file_path = msprintf("%s/%s", ((struct
_u_compressed_inmemory_website_config *)user_data)->files_path, file_requested);
- if (access(file_path, F_OK) != -1) {
- if (!pthread_mutex_lock(&config->lock)) {
- f = fopen (file_path, "rb");
- if (f) {
- fseek (f, 0, SEEK_END);
- offset = length = ftell (f);
- fseek (f, 0, SEEK_SET);
-
- if ((file_content_orig = file_content = o_malloc(length)) !=
NULL && (data_zip = o_malloc((2*length)+20)) != NULL) {
- defstream.zalloc = u_zalloc;
- defstream.zfree = u_zfree;
- defstream.opaque = Z_NULL;
- defstream.avail_in = (uInt)length;
- defstream.next_in = (Bytef *)file_content;
- while ((read_length = fread(file_content, sizeof(char),
offset, f))) {
- file_content += read_length;
- offset -= read_length;
- }
+ if (!pthread_mutex_lock(&config->lock)) {
+ f = fopen (file_path, "rb");
+ if (f) {
+ fseek (f, 0, SEEK_END);
+ offset = length = ftell (f);
+ fseek (f, 0, SEEK_SET);
+
+ if ((file_content_orig = file_content = o_malloc(length)) !=
NULL && (data_zip = o_malloc((2*length)+20)) != NULL) {
+ defstream.zalloc = u_zalloc;
+ defstream.zfree = u_zfree;
+ defstream.opaque = Z_NULL;
+ defstream.avail_in = (uInt)length;
+ defstream.next_in = (Bytef *)file_content;
+ while ((read_length = fread(file_content, sizeof(char),
offset, f))) {
+ file_content += read_length;
+ offset -= read_length;
+ }
- if (compress_mode == U_COMPRESS_GZIP) {
- if (deflateInit2(&defstream,
- Z_DEFAULT_COMPRESSION,
- Z_DEFLATED,
- U_GZIP_WINDOW_BITS | U_GZIP_ENCODING,
- 8,
- Z_DEFAULT_STRATEGY) != Z_OK) {
- y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error deflateInit (gzip)");
- ret = U_CALLBACK_ERROR;
- }
- } else {
- if (deflateInit(&defstream, Z_BEST_COMPRESSION) != Z_OK)
{
- y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error deflateInit (deflate)");
+ if (compress_mode == U_COMPRESS_GZIP) {
+ if (deflateInit2(&defstream,
+ Z_DEFAULT_COMPRESSION,
+ Z_DEFLATED,
+ U_GZIP_WINDOW_BITS | U_GZIP_ENCODING,
+ 8,
+ Z_DEFAULT_STRATEGY) != Z_OK) {
+ y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error deflateInit (gzip)");
+ ret = U_CALLBACK_ERROR;
+ }
+ } else {
+ if (deflateInit(&defstream, Z_BEST_COMPRESSION) != Z_OK) {
+ y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error deflateInit (deflate)");
+ ret = U_CALLBACK_ERROR;
+ }
+ }
+ if (ret == U_CALLBACK_CONTINUE) {
+ do {
+ if ((data_zip = o_realloc(data_zip,
data_zip_len+_U_W_BLOCK_SIZE)) != NULL) {
+ defstream.avail_out = _U_W_BLOCK_SIZE;
+ defstream.next_out = ((Bytef *)data_zip)+data_zip_len;
+ switch ((res = deflate(&defstream, Z_FINISH))) {
+ case Z_OK:
+ case Z_STREAM_END:
+ case Z_BUF_ERROR:
+ break;
+ default:
+ y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error deflate %d", res);
+ ret = U_CALLBACK_ERROR;
+ break;
+ }
+ data_zip_len += _U_W_BLOCK_SIZE - defstream.avail_out;
+ } else {
+ y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error allocating resources for
data_zip");
ret = U_CALLBACK_ERROR;
}
- }
+ } while (U_CALLBACK_CONTINUE == ret && defstream.avail_out
== 0);
+
if (ret == U_CALLBACK_CONTINUE) {
- do {
- if ((data_zip = o_realloc(data_zip,
data_zip_len+_U_W_BLOCK_SIZE)) != NULL) {
- defstream.avail_out = _U_W_BLOCK_SIZE;
- defstream.next_out = ((Bytef
*)data_zip)+data_zip_len;
- switch ((res = deflate(&defstream, Z_FINISH))) {
- case Z_OK:
- case Z_STREAM_END:
- case Z_BUF_ERROR:
- break;
- default:
- y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error deflate %d", res);
- ret = U_CALLBACK_ERROR;
- break;
- }
- data_zip_len += _U_W_BLOCK_SIZE -
defstream.avail_out;
- } else {
- y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error allocating resources for
data_zip");
- ret = U_CALLBACK_ERROR;
+ if (compress_mode == U_COMPRESS_GZIP) {
+ if (config->allow_cache_compressed) {
+ u_map_put_binary(&config->gzip_files,
file_requested, data_zip, 0, defstream.total_out);
}
- } while (U_CALLBACK_CONTINUE == ret &&
defstream.avail_out == 0);
-
- if (ret == U_CALLBACK_CONTINUE) {
- if (compress_mode == U_COMPRESS_GZIP) {
- if (config->allow_cache_compressed) {
- u_map_put_binary(&config->gzip_files,
file_requested, data_zip, 0, defstream.total_out);
- }
- ulfius_set_binary_body_response(response, 200,
u_map_get(&config->gzip_files, file_requested),
u_map_get_length(&config->gzip_files, file_requested));
- } else {
- if (config->allow_cache_compressed) {
- u_map_put_binary(&config->deflate_files,
file_requested, data_zip, 0, defstream.total_out);
- }
- ulfius_set_binary_body_response(response, 200,
u_map_get(&config->deflate_files, file_requested),
u_map_get_length(&config->deflate_files, file_requested));
+ ulfius_set_binary_body_response(response, 200,
u_map_get(&config->gzip_files, file_requested),
u_map_get_length(&config->gzip_files, file_requested));
+ } else {
+ if (config->allow_cache_compressed) {
+ u_map_put_binary(&config->deflate_files,
file_requested, data_zip, 0, defstream.total_out);
}
- u_map_put(response->map_header, U_CONTENT_HEADER,
compress_mode==U_COMPRESS_GZIP?U_ACCEPT_GZIP:U_ACCEPT_DEFLATE);
+ ulfius_set_binary_body_response(response, 200,
u_map_get(&config->deflate_files, file_requested),
u_map_get_length(&config->deflate_files, file_requested));
}
+ u_map_put(response->map_header, U_CONTENT_HEADER,
compress_mode==U_COMPRESS_GZIP?U_ACCEPT_GZIP:U_ACCEPT_DEFLATE);
}
- deflateEnd(&defstream);
- o_free(data_zip);
- } else {
- y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error allocating resource for
file_content or data_zip");
- ret = U_CALLBACK_ERROR;
}
- o_free(file_content_orig);
- fclose(f);
+ deflateEnd(&defstream);
+ o_free(data_zip);
+ } else {
+ y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error allocating resource for
file_content or data_zip");
+ ret = U_CALLBACK_ERROR;
}
- pthread_mutex_unlock(&config->lock);
+ o_free(file_content_orig);
+ fclose(f);
} else {
- y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error pthread_lock_mutex");
- ret = U_CALLBACK_ERROR;
+ if (((struct _u_compressed_inmemory_website_config
*)user_data)->redirect_on_404 == NULL) {
+ ret = U_CALLBACK_IGNORE;
+ } else {
+ ulfius_add_header_to_response(response, "Location", ((struct
_u_compressed_inmemory_website_config *)user_data)->redirect_on_404);
+ response->status = 302;
+ }
}
+ pthread_mutex_unlock(&config->lock);
} else {
- if (((struct _u_compressed_inmemory_website_config
*)user_data)->redirect_on_404 == NULL) {
- ret = U_CALLBACK_IGNORE;
- } else {
- ulfius_add_header_to_response(response, "Location", ((struct
_u_compressed_inmemory_website_config *)user_data)->redirect_on_404);
- response->status = 302;
- }
+ y_log_message(Y_LOG_LEVEL_ERROR,
"callback_static_compressed_inmemory_website - Error pthread_lock_mutex");
+ ret = U_CALLBACK_ERROR;
}
o_free(file_path);
}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h
new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h
---
old/ulfius-2.7.3/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h
2021-05-23 15:15:08.000000000 +0200
+++
new/ulfius-2.7.4/example_callbacks/static_compressed_inmemory_website/static_compressed_inmemory_website_callback.h
2021-09-06 23:34:10.000000000 +0200
@@ -2,9 +2,9 @@
*
* Static file server with compression Ulfius callback
*
- * Copyright 2020 Nicolas Mora <m...@babelouest.org>
+ * Copyright 2020-2021 Nicolas Mora <m...@babelouest.org>
*
- * Version 20201213
+ * Version 20210906
*
* The MIT License (MIT)
*
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore'
old/ulfius-2.7.3/example_programs/test_u_map/test_u_map.c
new/ulfius-2.7.4/example_programs/test_u_map/test_u_map.c
--- old/ulfius-2.7.3/example_programs/test_u_map/test_u_map.c 2021-05-23
15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/example_programs/test_u_map/test_u_map.c 2021-09-06
23:34:10.000000000 +0200
@@ -59,7 +59,7 @@
FILE * f;
int res = U_OK;
- if (access(file_path, F_OK) != -1 && map != NULL) {
+ if (map != NULL) {
f = fopen (file_path, "rb");
if (f) {
fseek (f, 0, SEEK_END);
@@ -70,13 +70,15 @@
fread (buffer, 1, length, f);
}
fclose (f);
- }
- if (buffer) {
- res = u_map_put_binary(map,file_path, (char *)buffer, offset, length);
- o_free(buffer);
+ if (buffer) {
+ res = u_map_put_binary(map,file_path, (char *)buffer, offset, length);
+ o_free(buffer);
+ } else {
+ res = U_ERROR;
+ }
} else {
- res = U_ERROR;
+ res = U_ERROR_PARAMS;
}
} else {
res = U_ERROR_PARAMS;
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/include/ulfius.h
new/ulfius-2.7.4/include/ulfius.h
--- old/ulfius-2.7.3/include/ulfius.h 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/include/ulfius.h 2021-09-06 23:34:10.000000000 +0200
@@ -382,12 +382,12 @@
* The function ulfius_send_request_close must be called when ulfius send
request functions are no longer needed
* @return U_OK on success
*/
-int ulfius_global_init();
+int ulfius_global_init(void);
/**
* Close global parameters
*/
-void ulfius_global_close();
+void ulfius_global_close(void);
/**
* @}
@@ -640,7 +640,7 @@
* ulfius_empty_endpoint
* @return empty endpoint that goes at the end of an endpoint list
*/
-const struct _u_endpoint * ulfius_empty_endpoint();
+const struct _u_endpoint * ulfius_empty_endpoint(void);
/**
* ulfius_copy_endpoint
@@ -2081,7 +2081,7 @@
*/
#ifndef U_DISABLE_GNUTLS
-/*
+/**
* ulfius_export_client_certificate_pem
* Exports the client certificate using PEM format
* @param request struct _u_request used
@@ -2090,7 +2090,7 @@
*/
char * ulfius_export_client_certificate_pem(const struct _u_request * request);
-/*
+/**
* ulfius_import_client_certificate_pem
* Imports the client certificate using PEM format
* @param request struct _u_request used
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/libulfius.pc.in
new/ulfius-2.7.4/libulfius.pc.in
--- old/ulfius-2.7.3/libulfius.pc.in 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/libulfius.pc.in 2021-09-06 23:34:10.000000000 +0200
@@ -9,5 +9,5 @@
Version: @LIBRARY_VERSION@
Requires: @PKGCONF_REQ@
Requires.private: @PKGCONF_REQ_PRIVATE@
-Libs: -L${libdir} -lulfius -lorcania -lyder @LIB_STATIC@
+Libs: -L${libdir} -lulfius -lorcania @LIB_YDER@ @LIB_STATIC@
Cflags: -I${includedir}
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/src/Makefile
new/ulfius-2.7.4/src/Makefile
--- old/ulfius-2.7.3/src/Makefile 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/src/Makefile 2021-09-06 23:34:10.000000000 +0200
@@ -34,6 +34,7 @@
LIBSDEP=-lmicrohttpd -lpthread -lz
LIBS=-L$(DESTDIR)/lib -lc $(LDFLAGS)
LIB_STATIC=
+LIB_YDER=
SONAME = -soname
ifeq ($(shell uname -s),Darwin)
SONAME = -install_name
@@ -42,7 +43,7 @@
OUTPUT=libulfius.so
VERSION_MAJOR=2
VERSION_MINOR=7
-VERSION_PATCH=3
+VERSION_PATCH=4
ifndef JANSSONFLAG
DISABLE_JANSSON=0
@@ -75,6 +76,7 @@
ifndef YDERFLAG
DISABLE_YDER=0
LYDER=-lyder
+LIB_YDER=$(LYDER)
else
DISABLE_YDER=1
endif
@@ -173,6 +175,7 @@
@sed -i -e 's/@PKGCONF_REQ@/$(PKGCONF_REQ)/g' $(PKGCONFIG_FILE)
@sed -i -e 's/@PKGCONF_REQ_PRIVATE@/$(PKGCONF_REQ_PRIVATE)/g'
$(PKGCONFIG_FILE)
@sed -i -e 's/@LIB_STATIC@/$(LIB_STATIC)/g' $(PKGCONFIG_FILE)
+ @sed -i -e 's/@LIB_YDER@/$(LIB_YDER)/g' $(PKGCONFIG_FILE)
target: $(OBJECTS)
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/src/ulfius.c
new/ulfius-2.7.4/src/ulfius.c
--- old/ulfius-2.7.3/src/ulfius.c 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/src/ulfius.c 2021-09-06 23:34:10.000000000 +0200
@@ -57,7 +57,7 @@
(void)(message);
}
-int y_close_logs() {
+int y_close_logs(void) {
return 1;
}
#endif
@@ -207,6 +207,7 @@
UNUSED(cls);
if (con_info != NULL) {
+ memset(con_info, 0, sizeof(struct connection_info_struct));
con_info->callback_first_iteration = 1;
con_info->u_instance = NULL;
u_map_init(&con_info->map_url_initial);
@@ -217,7 +218,8 @@
return NULL;
}
- if (NULL == con_info->request || ulfius_init_request(con_info->request) !=
U_OK) {
+ if (ulfius_init_request(con_info->request) != U_OK) {
+ y_log_message(Y_LOG_LEVEL_ERROR, "Ulfius - Error initializing
con_info->request");
ulfius_clean_request_full(con_info->request);
o_free(con_info);
return NULL;
@@ -433,7 +435,6 @@
size_t * upload_data_size,
void ** con_cls) {
#endif
-
struct _u_endpoint * endpoint_list = ((struct _u_instance
*)cls)->endpoint_list, ** current_endpoint_list = NULL, * current_endpoint =
NULL;
struct connection_info_struct * con_info = * con_cls;
int mhd_ret = MHD_NO, callback_ret = U_OK, i, close_loop = 0, inner_error =
U_OK, mhd_response_flag;
@@ -1514,7 +1515,7 @@
return ret;
}
-const struct _u_endpoint * ulfius_empty_endpoint() {
+const struct _u_endpoint * ulfius_empty_endpoint(void) {
static struct _u_endpoint empty_endpoint;
empty_endpoint.http_method = NULL;
@@ -1901,7 +1902,7 @@
}
}
-int ulfius_global_init() {
+int ulfius_global_init(void) {
int ret = U_OK;
o_malloc_t malloc_fn;
o_realloc_t realloc_fn;
@@ -1925,7 +1926,7 @@
return ret;
}
-void ulfius_global_close() {
+void ulfius_global_close(void) {
#ifndef U_DISABLE_CURL
curl_global_cleanup();
#endif
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/test/Makefile
new/ulfius-2.7.4/test/Makefile
--- old/ulfius-2.7.3/test/Makefile 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/test/Makefile 2021-09-06 23:34:10.000000000 +0200
@@ -21,7 +21,7 @@
all: test
clean:
- rm -f *.o u_map core framework websocket valgrind-*.txt
+ rm -f *.o u_map core framework websocket valgrind-*.txt *.log
$(ULFIUS_LIBRARY): $(ULFIUS_SCRUTINIZE)
cd $(ULFIUS_LOCATION) && $(MAKE) debug
diff -urN '--exclude=CVS' '--exclude=.cvsignore' '--exclude=.svn'
'--exclude=.svnignore' old/ulfius-2.7.3/test/framework.c
new/ulfius-2.7.4/test/framework.c
--- old/ulfius-2.7.3/test/framework.c 2021-05-23 15:15:08.000000000 +0200
+++ new/ulfius-2.7.4/test/framework.c 2021-09-06 23:34:10.000000000 +0200
@@ -10,6 +10,7 @@
#include <sys/select.h>
#include <sys/time.h>
#include <sys/types.h>
+#include <netinet/tcp.h>
#ifndef _WIN32
#include <sys/socket.h>
@@ -528,6 +529,33 @@
free(ptr);
}
+int callback_function_simple(const struct _u_request * request, struct
_u_response * response, void * user_data) {
+ ulfius_set_response_properties(response, U_OPT_STATUS, 200,
U_OPT_STRING_BODY, "Hello World!", U_OPT_NONE);
+ return U_CALLBACK_CONTINUE;
+}
+
+int socket_connect_localhost(in_port_t port) {
+ struct sockaddr_in server;
+ struct hostent * he;
+ int sock = socket(AF_INET, SOCK_STREAM, 0);
+
+ if (sock != -1) {
+ if ((he = gethostbyname("127.0.0.1")) != NULL) {
+ memcpy(&server.sin_addr, he->h_addr_list[0], he->h_length);
+ server.sin_family = AF_INET;
+ server.sin_port = htons(port);
+
+ if (connect(sock, (struct sockaddr *)&server , sizeof(server)) < 0) {
+ close(sock);
+ sock = -1;
+ }
+ } else {
+ close(sock);
+ sock = -1;
+ }
+ }
+ return sock;
+}
#ifndef U_DISABLE_GNUTLS
int callback_auth_client_cert (const struct _u_request * request, struct
_u_response * response, void * user_data) {
char * dn;
@@ -1351,6 +1379,69 @@
}
END_TEST
+
+START_TEST(test_ulfius_malformed_requests)
+{
+ struct _u_instance u_instance;
+ struct _u_request request;
+ int socket;
+ const char request_1[] = "GET / HTTP/1.1\n\r";
+ const char request_2[] = "GET / HTTP/1.1\r\rx";
+ const char request_3[] = "GET / HTTP/1.1\r\r";
+ const char request_4[] = "GET / HTTP/1.1\n\n";
+ const char request_5[] = "GET / HTTP/1.1\n";
+ const char request_6[] = "GET / HTTP/1.1";
+ const char request_7[] = "I am Cornholio!";
+
+ ck_assert_int_eq(ulfius_init_instance(&u_instance, 8080, NULL, NULL), U_OK);
+ ck_assert_int_eq(ulfius_add_endpoint_by_val(&u_instance, "GET", NULL, "*",
0, &callback_function_simple, NULL), U_OK);
+ ck_assert_int_eq(ulfius_start_framework(&u_instance), U_OK);
+
+ ulfius_init_request(&request);
+ ck_assert_int_eq(ulfius_set_request_properties(&request, U_OPT_HTTP_URL,
"http://localhost:8080/";, U_OPT_NONE), U_OK);
+ ck_assert_int_eq(ulfius_send_http_request(&request, NULL), U_OK);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_1, sizeof(request_1), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_2, sizeof(request_2), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_3, sizeof(request_3), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_4, sizeof(request_4), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_5, sizeof(request_5), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_6, sizeof(request_6), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ck_assert_int_gt(socket = socket_connect_localhost(8080), -1);
+ send(socket, request_7, sizeof(request_7), MSG_NOSIGNAL);
+ shutdown(socket, SHUT_WR);
+ close(socket);
+
+ ulfius_clean_request(&request);
+ ulfius_stop_framework(&u_instance);
+ ulfius_clean_instance(&u_instance);
+}
+END_TEST
+
#ifndef U_DISABLE_GNUTLS
START_TEST(test_ulfius_server_ca_trust)
{
@@ -1477,6 +1568,7 @@
tcase_add_test(tc_core, test_ulfius_send_rich_smtp);
tcase_add_test(tc_core, test_ulfius_follow_redirect);
tcase_add_test(tc_core, test_ulfius_shared_data);
+ tcase_add_test(tc_core, test_ulfius_malformed_requests);
#ifndef U_DISABLE_GNUTLS
tcase_add_test(tc_core, test_ulfius_server_ca_trust);
tcase_add_test(tc_core, test_ulfius_client_certificate);
