Avoid segfault on weird timeout during name lookup.
If an evdns_getaddrinfo timeout happens while pending_cb is set, and
a callback is about to run, but we get a call to
evdns_getaddrinfo_gotresolve before it finishes.
Github issue #60. Thanks to Greg Hazel for patch and patience.
Nick Mathewson [Tue, 17 Jul 2012 15:08:25 +0000 (11:08 -0400)]
Fix a memory leak on error in evhttp_uriencode
If we ran out of memory in evhttp_uriencode when allocating the
output buffer, we would neglect to call evbuffer_free() on our
temporary buffer. Now we always free the temporary buffer.
Fixes sourceforge issue 3539887. Thanks to Andrew Cox for reporting
this one.
Greg Hazel [Tue, 29 May 2012 19:39:12 +0000 (12:39 -0700)]
check for arc4random_buf at runtime, on OS X
(Tweaked by nickm: Fix up the arcr4andom_buf OSX hack so that the
fallback case isn't compiled into the code when we have
arc4random_buf() and we are not on OSX. Also add a comment
explaining what's up.)
Mark Ellzey [Fri, 30 Mar 2012 19:08:40 +0000 (15:08 -0400)]
Fixed potential double-readcb execution with openssl bufferevents.
the function do_read() will call SSL_read(), and if successful, will
call _bufferevent_run_readcb() before returning to consider_reading().
consider_reading() will then check SSL_pending() to make sure all
pending data has also been read. If it does not, do_read() is called
again.
The issue with this is the possibility that the function that is
executed by _bufferevent_run_readcb() called
bufferevent_disable(ssl_bev, EV_READ) before the second do_read(); In
this case, the users read callback is executed a second time. This is
potentially bad for applications that expect the bufferevent to stay
disabled until further notice. (this is why running openssl bufferevents
without DEFER_CALLBACKS has always been troublesome).
Nick Mathewson [Thu, 19 Apr 2012 04:25:12 +0000 (00:25 -0400)]
If time has jumped so we'd reschedule a periodic event in the past, schedule it for the future instead
Fixes an issue reported on libevent-users in the thread "a dead
looping bug when changing system time backward". Previously, if time
jumped forward 1 hour[*] and we had a one-second periodic timer event,
that event would get invoked 3600 times. That's almost certainly not
what anybody wants.
In a future version of Libevent, we should expose the amount of time
that the callbac kwould have been invoked somehow.
[*] Forward time jumps can happen with nonmonotonic clocks, or with
clocks that jump on suspend/resume. It can also happen from
Libevent's point of view if the user exits from event_base_loop() and
doesn't call it again for a while.
Nick Mathewson [Tue, 3 Apr 2012 22:31:08 +0000 (18:31 -0400)]
Backport: provide EVENT_LOG_* names, and deprecate _EVENT_LOG_*
This is a partial backport of cb9da0bf and a backport of c9635349.
Because C doesn't like us to declare identifiers starting with an
underscore, Libevent 2.1 has renamed every such identifier. The
only change that affects a public API is that the _EVENT_LOG_*
macros have been renamed to start with EVENT_LOG instead. The old
names are still present, but deprecated.
I'm doing this backport because it represents the deprecation of a
Libevent 2.0 interface, and folks should have the opportunity to
write code that isn't deprecated and works with both 2.0 and 2.1.
Sebastian Hahn [Tue, 13 Mar 2012 05:40:56 +0000 (06:40 +0100)]
Don't do clang version detection when disabling some flags
When clang 2.9 was around we hoped they'd introduce support for the
normalized=id and override-init warnings by 3.0, but they haven't. We
should only add the version detection back in when clang actually
supports those warnings.
Nick Mathewson [Thu, 16 Feb 2012 01:12:32 +0000 (20:12 -0500)]
Stop crashing in evdns when nameserver probes give a weird error
When a nameserver is down, we periodically try sending a "probe"
message to that nameserver to see if it has come back up. If a
nameserver comes up, we cancel any pending probe messages.
Cancelling a probe message while handling the probe's response would
result in a access-after-free or a double-free, so when we notice that
we're about to call a nameserver up because of having received a probe
from it, we need to check whether current response is the response
from the probe.
There was a case where we didn't to that, though: when the resolver
gave us an unusual error response to our request that it resolve
google.com. This is pretty rare, but apparently it can happen with
some weird cacheing nameservers -- the one on the mikrotik router, for
example. Without this patch, we would crash with a NULL pointer
derefernce.
Thanks to Hannes Sowa for finding this issue and helping me track it
down.
Nick Mathewson [Fri, 10 Feb 2012 16:24:51 +0000 (11:24 -0500)]
In the kqueue backend, do not report EBADF as an EV_READ
We were doing this because of (correct) reports that NetBSD gives an
EBADF when you try to add the write side of a pipe for which the
read side has been closed. But on most kqueue platforms, that
doesn't happen, and on *all* kqueue platforms, reporting a
nonexistent fd (which we usually have if we have seen EBADF) as
readable tends to give programs a case of the vapors.
Nicholas Marriott wrote the original patch here; I did the comment
fixes.
Nick Mathewson [Mon, 6 Feb 2012 17:24:49 +0000 (12:24 -0500)]
Loop on filtering SSL reads until we are blocked or exhausted.
This is not a perfect fix, but it's much much better than the
current buggy behavior, which could lead to filtering SSL
connections that just stopped reading.
Based on ideas by Maseeb Abdul Qadir and Mark Ellzey.
Nick Mathewson [Mon, 23 Jan 2012 22:59:16 +0000 (17:59 -0500)]
Fix a list corruption bug when using event_reinit() with signals present
While re-adding all the events, event_reinit() could add a signal
event, which could then cause evsig_add() to add the
base->sig.ev_signal event. Later on its merry path through
base->eventqueue, event_reinit() would find that same event and give
it to event_io_add a second time. This would make the ev_io_next
list for that fd become circular. Ouch!
Nick Mathewson [Mon, 9 Jan 2012 21:44:53 +0000 (16:44 -0500)]
Fix a race condition in the dns/bufferevent_connect_hostname test.
As originally written, the test would only pass if the accept()
callbacks for the evconnlistener were all invoked before the last of
the CONNECTED/ERROR callbacks for the connecting/resolving bufferevent
had its call to event_base_loopexit() complete. But this was only
accidentally true in 2.0, and might not be true at all in 2.1 where
we schedule event_base_once() callbacks more aggressively.
Nick Mathewson [Mon, 9 Jan 2012 16:49:41 +0000 (11:49 -0500)]
Make evconnlistener work around bug in older Linux when getting nmapped
Older Linuxes sometimes respond to some nmap probes by having accept()
return a success but with socklen 0. That can lead to confusing behavior
when you go to process the sockaddr.
Nick Mathewson [Mon, 5 Dec 2011 20:02:27 +0000 (15:02 -0500)]
Be absolutely sure to clear pncalls before leaving event_signal_closure
I thought we'd fixed the cases where this could come up, but
apparently having an event_base_break() happen while processing
signal events could get us in trouble.
Found by Remi Gacogne. Sourceforge issue 3451433 .
Mark Ellzey [Thu, 17 Nov 2011 16:59:41 +0000 (11:59 -0500)]
Avoid spinning on OpenSSL reads
Previously, if some sender were generating data to read on an
OpenSSL connection as fast as we could process it, we could easily
wind up looping on an openssl do_read operation without ever
considering other sockets.
The difference between this and the original method in
consider_reading() is that it only loops for a single completed
*frame* instead of looping until fd is drained or an error condition
was triggered.