Projects
Mega:23.09
nghttp2
Sign Up
Log In
Username
Password
We truncated the diff of some files because they were too big. If you want to see the full diff for every file,
click here
.
Overview
Repositories
Revisions
Requests
Users
Attributes
Meta
Expand all
Collapse all
Changes of Revision 3
View file
_service:tar_scm:nghttp2.spec
Changed
@@ -1,5 +1,5 @@ Name: nghttp2 -Version: 1.55.1 +Version: 1.58.0 Release: 1 Summary: Contains the HTTP/2 client, server and proxy programs. License: MIT @@ -89,6 +89,18 @@ %{_mandir}/man1/* %changelog +* Wed Dec 27 2023 gaihuiying <eaglegai@163.com> - 1.58.0-1 +- Type:requirements +- ID:NA +- SUG:NA +- DESC:update nghttp2 to 1.58.0 + +* Thu Oct 19 2023 xingwei <xingwei14@h-partners.com> - 1.55.1-2 +- Type:CVE +- ID:CVE-2023-44487 +- SUG:NA +- DESC:fix CVE-2023-44487 and build error + * Tue Jul 25 2023 wangye <wangye91@h-partners.com> - 1.55.1-1 - Type:requirements - ID:NA
View file
_service
Changed
@@ -2,7 +2,7 @@ <service name="tar_scm"> <param name="url">git@gitee.com:src-openeuler/nghttp2.git</param> <param name="scm">git</param> - <param name="revision">openEuler-23.09</param> + <param name="revision">master</param> <param name="exclude">*</param> <param name="extract">*</param> </service>
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/AUTHORS -> _service:tar_scm:nghttp2-1.58.0.tar.xz/AUTHORS
Changed
@@ -17,6 +17,7 @@ Adam Gołębiowski Alek Storm Alex Nalivko +Alexandr Vlasov Alexandros Konstantinakis-Karmis Alexis La Goutte Amir Livneh
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/CMakeLists.txt -> _service:tar_scm:nghttp2-1.58.0.tar.xz/CMakeLists.txt
Changed
@@ -24,13 +24,13 @@ cmake_minimum_required(VERSION 3.0) # XXX using 1.8.90 instead of 1.9.0-DEV -project(nghttp2 VERSION 1.55.1) +project(nghttp2 VERSION 1.58.0) # See versioning rule: # https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -set(LT_CURRENT 38) -set(LT_REVISION 3) -set(LT_AGE 24) +set(LT_CURRENT 39) +set(LT_REVISION 1) +set(LT_AGE 25) set(CMAKE_MODULE_PATH "${CMAKE_CURRENT_SOURCE_DIR}/cmake" ${CMAKE_MODULE_PATH}) include(Version) @@ -273,9 +273,11 @@ check_include_file("limits.h" HAVE_LIMITS_H) check_include_file("netdb.h" HAVE_NETDB_H) check_include_file("netinet/in.h" HAVE_NETINET_IN_H) +check_include_file("netinet/ip.h" HAVE_NETINET_IP_H) check_include_file("pwd.h" HAVE_PWD_H) check_include_file("sys/socket.h" HAVE_SYS_SOCKET_H) check_include_file("sys/time.h" HAVE_SYS_TIME_H) +check_include_file("sysinfoapi.h" HAVE_SYSINFOAPI_H) check_include_file("syslog.h" HAVE_SYSLOG_H) check_include_file("time.h" HAVE_TIME_H) check_include_file("unistd.h" HAVE_UNISTD_H) @@ -316,8 +318,11 @@ include(CheckFunctionExists) check_function_exists(_Exit HAVE__EXIT) check_function_exists(accept4 HAVE_ACCEPT4) +check_function_exists(clock_gettime HAVE_CLOCK_GETTIME) check_function_exists(mkostemp HAVE_MKOSTEMP) +check_symbol_exists(GetTickCount64 sysinfoapi.h HAVE_GETTICKCOUNT64) + include(CheckSymbolExists) # XXX does this correctly detect initgroups (un)availability on cygwin? check_symbol_exists(initgroups grp.h HAVE_DECL_INITGROUPS) @@ -338,74 +343,12 @@ endif() else() if(ENABLE_WERROR) - extract_valid_c_flags(WARNCFLAGS -Werror) - extract_valid_c_flags(WARNCXXFLAGS -Werror) + set(WARNCFLAGS "-Werror") + set(WARNCXXFLAGS "-Werror") endif() - # For C compiler - extract_valid_c_flags(WARNCFLAGS - -Wall - -Wextra - -Wmissing-prototypes - -Wstrict-prototypes - -Wmissing-declarations - -Wpointer-arith - -Wdeclaration-after-statement - -Wformat-security - -Wwrite-strings - -Wshadow - -Winline - -Wnested-externs - -Wfloat-equal - -Wundef - -Wendif-labels - -Wempty-body - -Wcast-align - -Wclobbered - -Wvla - -Wpragmas - -Wunreachable-code - -Waddress - -Wattributes - -Wdiv-by-zero - -Wshorten-64-to-32 - - -Wconversion - -Wextended-offsetof - -Wformat-nonliteral - -Wlanguage-extension-token - -Wmissing-field-initializers - -Wmissing-noreturn - -Wmissing-variable-declarations - # Not used because we cannot change public structs - # -Wpadded - -Wsign-conversion - # Not used because this basically disallows default case - # -Wswitch-enum - -Wunreachable-code-break - -Wunused-macros - -Wunused-parameter - -Wredundant-decls - # Only work with Clang for the moment - -Wheader-guard - # This is required because we pass format string as "const char*. - -Wno-format-nonliteral - ) - - extract_valid_cxx_flags(WARNCXXFLAGS - # For C++ compiler - -Wall - -Wformat-security - ) -endif() - -if(ENABLE_STATIC_CRT) - foreach(lang C CXX) - foreach(suffix "" _DEBUG _MINSIZEREL _RELEASE _RELWITHDEBINFO) - set(var "CMAKE_${lang}_FLAGS${suffix}") - string(REPLACE "/MD" "/MT" ${var} "${${var}}") - endforeach() - endforeach() + include(PickyWarningsC) + include(PickyWarningsCXX) endif() if(ENABLE_DEBUG) @@ -501,6 +444,7 @@ CXXFLAGS: ${CMAKE_CXX_FLAGS_${_build_type}} ${CMAKE_CXX_FLAGS} WARNCFLAGS: ${WARNCFLAGS} CXX1XCXXFLAGS: ${CXX1XCXXFLAGS} + WARNCXXFLAGS: ${WARNCXXFLAGS} Python: Python: ${Python3_EXECUTABLE} Python3_VERSION: ${Python3_VERSION}
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/ChangeLog -> _service:tar_scm:nghttp2-1.58.0.tar.xz/ChangeLog
Changed
@@ -1,70 +1,389 @@ -commit 781057e15626bf403c8739c25166ad123aa17ff3 (HEAD, tag: v1.55.1, origin/v1.55.x, origin/HEAD, v1.55.x) +commit e2bc59bec9004bca47df961cbbad20664d7e53b2 (HEAD, tag: v1.58.0, origin/master, origin/HEAD, master) Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -AuthorDate: 2023-07-14 +AuthorDate: 2023-10-27 Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -CommitDate: 2023-07-14 +CommitDate: 2023-10-27 Update manual pages -commit 2f87b9c4f8aba3ac0b6b23c03773b70668bfe642 +commit 28dc67e2c272d6ce5cd6428db83dc1f5c7d9ee92 Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -AuthorDate: 2023-07-14 +AuthorDate: 2023-10-27 Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -CommitDate: 2023-07-14 +CommitDate: 2023-10-27 Bump package and library versions -commit 299d2fdaf9d7c9747378e39fc0e8e36bcdab2a5b +commit f2beef8675a07ad68505af4b4dcdff43c93774e3 Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -AuthorDate: 2023-07-12 +AuthorDate: 2023-10-27 Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -CommitDate: 2023-07-14 +CommitDate: 2023-10-27 - doc: Bump boringssl + Update AUTHORS -commit 8720afa30428fdb008b54f5218dd248b1a494b13 +commit c00452b6869d93db5fde753e92d6c2830798c12d +Merge: 8e01a772 09832b96 +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-27 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-27 + + Merge pull request #1985 from nghttp2/bump-neverbleed + + Bump neverbleed + +commit 09832b967244648b433bb329032e7f7a91fdaea5 Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -AuthorDate: 2023-07-14 +AuthorDate: 2023-10-27 Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> -CommitDate: 2023-07-14 +CommitDate: 2023-10-27 + + Bump neverbleed - Fix memory leak +commit 8e01a772aee096e914d9c73dd835dbb037a6ff72 +Merge: d3e7e955 f8670c56 +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-23 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-23 + + Merge pull request #1983 from nghttp2/bump-ngtcp2 - This commit fixes memory leak that happens when PUSH_PROMISE or - HEADERS frame cannot be sent, and nghttp2_on_stream_close_callback - fails with a fatal error. For example, if GOAWAY frame has been - received, a HEADERS frame that opens new stream cannot be sent. + Bump ngtcp2 + +commit f8670c565ce164363316bcb1c3e1b9979570dbde +Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +AuthorDate: 2023-10-23 +Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +CommitDate: 2023-10-23 + + Bump ngtcp2 + +commit d3e7e9554c67c7de18353d53f51e4cffe6b25c58 +Merge: 54a5d271 35e15efd +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-20 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-20 + + Merge pull request #1981 from nghttp2/bump-neverbleed - This issue has already been made public via CVE-2023-35945 1 issued - by envoyproxy/envoy project. During embargo period, the patch to fix - this bug was accidentally submitted to nghttp2/nghttp2 repository 2. - And they decided to disclose CVE early. I was notified just 1.5 hours - before disclosure. I had no time to respond. + Bump neverbleed + +commit 35e15efd37776e3f41a20fcab62436cdebf8fa6c +Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +AuthorDate: 2023-10-20 +Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +CommitDate: 2023-10-20 + + Bump neverbleed + +commit 54a5d271d3c1eb03048006cbd6a8177a58e8b214 +Merge: ba74559c c7536993 +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-19 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-19 + + Merge pull request #1977 from nghttp2/fix-cygwin-build - PoC described in 1 is quite simple, but I think it is not enough to - trigger this bug. While it is true that receiving GOAWAY prevents a - client from opening new stream, and nghttp2 enters error handling - branch, in order to cause the memory leak, - nghttp2_session_close_stream function must return a fatal error. - nghttp2 defines 2 fatal error codes: + Prefer clock_gettime if __CYGWIN__ defined + +commit ba74559c046058c2aae7a5078992e0c4963671fe +Merge: 3209a0b6 723f131f +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-18 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-18 + + Merge pull request #1979 from nghttp2/fix-win-map-printf-warnings - - NGHTTP2_ERR_NOMEM - - NGHTTP2_ERR_CALLBACK_FAILURE + windows: Fix warnings + +commit 3209a0b6c78cfc6d75c4664d15c318dc95cb42e5 +Merge: c16e5ad4 164ebe22 +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-18 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-18 + + Merge pull request #1978 from nghttp2/configure-cygwin - NGHTTP2_ERR_NOMEM, as its name suggests, indicates out of memory. It - is unlikely that a process gets short of memory with this simple PoC - scenario unless application does something memory heavy processing. + Configure cygwin + +commit 723f131f7691921214521d7f629904e1e930d06d +Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +AuthorDate: 2023-10-18 +Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +CommitDate: 2023-10-18 + + windows: Fix warnings + +commit 164ebe22bf7784e53f5d771132cb220290723963 +Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +AuthorDate: 2023-10-18 +Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +CommitDate: 2023-10-18 + + Do not require strict c++ mode + +commit ec362f77e49545d61ef34014a77b8b7486c90b46 +Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +AuthorDate: 2023-10-18 +Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +CommitDate: 2023-10-18 + + tests: Define NGHTTP2_STATICLIB + +commit c7536993cf3ab731bcfca8665aa4322920df05e7 +Author: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +AuthorDate: 2023-10-18 +Commit: Tatsuhiro Tsujikawa <tatsuhiro.t@gmail.com> +CommitDate: 2023-10-18 + + Prefer clock_gettime if __CYGWIN__ defined + +commit c16e5ad42e9b09c497f3ccd2f9642e6f349186ab +Merge: 56b762fa 0117e7f6 +Author: Tatsuhiro Tsujikawa <404610+tatsuhiro-t@users.noreply.github.com> +AuthorDate: 2023-10-17 +Commit: GitHub <noreply@github.com> +CommitDate: 2023-10-17 + + Merge pull request #1973 from nghttp2/nghttpx-stricter-transfer-encoding-check - NGHTTP2_ERR_CALLBACK_FAILURE is returned from application defined - callback function (nghttp2_on_stream_close_callback, in this case), - which indicates something fatal happened inside a callback, and a - connection must be closed immediately without any further action. As - nghttp2_on_stream_close_error_callback documentation says, any error - code other than 0 or NGHTTP2_ERR_CALLBACK_FAILURE is treated as fatal - error code. More specifically, it is treated as if - NGHTTP2_ERR_CALLBACK_FAILURE is returned. I guess that envoy returns - NGHTTP2_ERR_CALLBACK_FAILURE or other error code which is translated - into NGHTTP2_ERR_CALLBACK_FAILURE.
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/Makefile.am -> _service:tar_scm:nghttp2-1.58.0.tar.xz/Makefile.am
Changed
@@ -44,7 +44,9 @@ cmake/FindLibbpf.cmake \ cmake/FindLibnghttp3.cmake \ cmake/FindLibngtcp2.cmake \ - cmake/FindLibngtcp2_crypto_quictls.cmake + cmake/FindLibngtcp2_crypto_quictls.cmake \ + cmake/PickyWarningsC.cmake \ + cmake/PickyWarningsCXX.cmake .PHONY: clang-format @@ -55,5 +57,5 @@ CLANGFORMAT=`git config --get clangformat.binary`; \ test -z $${CLANGFORMAT} && CLANGFORMAT="clang-format"; \ $${CLANGFORMAT} -i lib/*.{c,h} lib/includes/nghttp2/*.h \ - src/*.{c,cc,h} examples/*.{c,cc} \ + src/*.{c,cc,h} examples/*.c \ tests/*.{c,h} bpf/*.c fuzz/*.cc
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/Makefile.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/Makefile.in
Changed
@@ -470,7 +470,9 @@ cmake/FindLibbpf.cmake \ cmake/FindLibnghttp3.cmake \ cmake/FindLibngtcp2.cmake \ - cmake/FindLibngtcp2_crypto_quictls.cmake + cmake/FindLibngtcp2_crypto_quictls.cmake \ + cmake/PickyWarningsC.cmake \ + cmake/PickyWarningsCXX.cmake all: config.h $(MAKE) $(AM_MAKEFLAGS) all-recursive @@ -999,7 +1001,7 @@ CLANGFORMAT=`git config --get clangformat.binary`; \ test -z $${CLANGFORMAT} && CLANGFORMAT="clang-format"; \ $${CLANGFORMAT} -i lib/*.{c,h} lib/includes/nghttp2/*.h \ - src/*.{c,cc,h} examples/*.{c,cc} \ + src/*.{c,cc,h} examples/*.c \ tests/*.{c,h} bpf/*.c fuzz/*.cc # Tell versions 3.59,3.63) of GNU make to not export all variables.
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/README.rst -> _service:tar_scm:nghttp2-1.58.0.tar.xz/README.rst
Changed
@@ -127,11 +127,11 @@ following libraries are required: * `OpenSSL with QUIC support - <https://github.com/quictls/openssl/tree/OpenSSL_1_1_1u+quic>`_; or + <https://github.com/quictls/openssl/tree/OpenSSL_1_1_1w+quic>`_; or `BoringSSL <https://boringssl.googlesource.com/boringssl/>`_ (commit - 80dcb67d4481fb1194b9669917e35580c32dc388) -* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ 0.17.x -* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ 0.13.x + 6ca49385b168f47a50e7172d82a590b218f55e4d) +* `ngtcp2 <https://github.com/ngtcp2/ngtcp2>`_ >= 1.0.0 +* `nghttp3 <https://github.com/ngtcp2/nghttp3>`_ >= 1.0.0 Use ``--enable-http3`` configure option to enable HTTP/3 feature for h2load and nghttpx. @@ -146,7 +146,7 @@ libelf-dev is needed to build libbpf. For Ubuntu 20.04, you can build libbpf from `the source code -<https://github.com/libbpf/libbpf/releases/tag/v1.2.0>`_. nghttpx +<https://github.com/libbpf/libbpf/releases/tag/v1.2.2>`_. nghttpx requires eBPF program for reloading its configuration and hot swapping its executable. @@ -343,7 +343,7 @@ .. code-block:: text - $ git clone --depth 1 -b OpenSSL_1_1_1u+quic https://github.com/quictls/openssl + $ git clone --depth 1 -b OpenSSL_1_1_1w+quic https://github.com/quictls/openssl $ cd openssl $ ./config --prefix=$PWD/build --openssldir=/etc/ssl $ make -j$(nproc) @@ -354,7 +354,7 @@ .. code-block:: text - $ git clone --depth 1 -b v0.13.0 https://github.com/ngtcp2/nghttp3 + $ git clone --depth 1 -b v1.0.0 https://github.com/ngtcp2/nghttp3 $ cd nghttp3 $ autoreconf -i $ ./configure --prefix=$PWD/build --enable-lib-only @@ -366,7 +366,7 @@ .. code-block:: text - $ git clone --depth 1 -b v0.17.0 https://github.com/ngtcp2/ngtcp2 + $ git clone --depth 1 -b v1.0.1 https://github.com/ngtcp2/ngtcp2 $ cd ngtcp2 $ autoreconf -i $ ./configure --prefix=$PWD/build --enable-lib-only \ @@ -380,7 +380,7 @@ .. code-block:: text - $ git clone --depth 1 -b v1.2.0 https://github.com/libbpf/libbpf + $ git clone --depth 1 -b v1.2.2 https://github.com/libbpf/libbpf $ cd libbpf $ PREFIX=$PWD/build make -C src install $ cd .. @@ -1456,12 +1456,10 @@ In the future, we may setup a dedicated mail address for this purpose. -Release schedule ----------------- +Versioning +---------- -In general, we follow `Semantic Versioning <http://semver.org/>`_. We -release MINOR version update every month, and usually we ship it -around 25th day of every month. +In general, we follow `Semantic Versioning <http://semver.org/>`_. We may release PATCH releases between the regular releases, mainly for severe security bug fixes.
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/cmake/PickyWarningsC.cmake
Added
@@ -0,0 +1,163 @@ +# nghttp2 +# +# Copyright (c) 2023 nghttp2 contributors +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +# C + +include(CheckCCompilerFlag) + +if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_C_COMPILER_ID MATCHES "Clang") + + # https://clang.llvm.org/docs/DiagnosticsReference.html + # https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html + + # WPICKY_ENABLE = Options we want to enable as-is. + # WPICKY_DETECT = Options we want to test first and enable if available. + + # Prefer the -Wextra alias with clang. + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + set(WPICKY_ENABLE "-Wextra") + else() + set(WPICKY_ENABLE "-W") + endif() + + list(APPEND WPICKY_ENABLE + -Wall + ) + + # ---------------------------------- + # Add new options here, if in doubt: + # ---------------------------------- + set(WPICKY_DETECT + ) + + # Assume these options always exist with both clang and gcc. + # Require clang 3.0 / gcc 2.95 or later. + list(APPEND WPICKY_ENABLE + -Wconversion # clang 3.0 gcc 2.95 + -Winline # clang 1.0 gcc 1.0 + -Wmissing-declarations # clang 1.0 gcc 2.7 + -Wmissing-prototypes # clang 1.0 gcc 1.0 + -Wnested-externs # clang 1.0 gcc 2.7 + -Wpointer-arith # clang 1.0 gcc 1.4 + -Wshadow # clang 1.0 gcc 2.95 + -Wundef # clang 1.0 gcc 2.95 + -Wwrite-strings # clang 1.0 gcc 1.4 + ) + + # Always enable with clang, version dependent with gcc + set(WPICKY_COMMON_OLD + -Waddress # clang 3.0 gcc 4.3 + -Wattributes # clang 3.0 gcc 4.1 + -Wcast-align # clang 1.0 gcc 4.2 + -Wdeclaration-after-statement # clang 1.0 gcc 3.4 + -Wdiv-by-zero # clang 3.0 gcc 4.1 + -Wempty-body # clang 3.0 gcc 4.3 + -Wendif-labels # clang 1.0 gcc 3.3 + -Wfloat-equal # clang 1.0 gcc 2.96 (3.0) + -Wformat-nonliteral # clang 3.0 gcc 4.1 + -Wformat-security # clang 3.0 gcc 4.1 + -Wmissing-field-initializers # clang 3.0 gcc 4.1 + -Wmissing-noreturn # clang 3.0 gcc 4.1 + -Wno-format-nonliteral # clang 1.0 gcc 2.96 (3.0) # This is required because we pass format string as "const char*" + # -Wpadded # clang 3.0 gcc 4.1 # Not used because we cannot change public structs + -Wredundant-decls # clang 3.0 gcc 4.1 + -Wsign-conversion # clang 3.0 gcc 4.3 + -Wstrict-prototypes # clang 1.0 gcc 3.3 + # -Wswitch-enum # clang 3.0 gcc 4.1 # Not used because this basically disallows default case + -Wunreachable-code # clang 3.0 gcc 4.1 + -Wunused-macros # clang 3.0 gcc 4.1 + -Wunused-parameter # clang 3.0 gcc 4.1 + -Wvla # clang 2.8 gcc 4.3 + ) + + set(WPICKY_COMMON + -Wpragmas # clang 3.5 gcc 4.1 appleclang 6.0 + ) + + if(CMAKE_C_COMPILER_ID MATCHES "Clang") + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + -Wshorten-64-to-32 # clang 1.0 + -Wlanguage-extension-token # clang 3.0 + ) + # Enable based on compiler version + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.6) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 6.3)) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON} + -Wunreachable-code-break # clang 3.5 appleclang 6.0 + -Wheader-guard # clang 3.4 appleclang 5.1 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 3.9) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 8.3)) + list(APPEND WPICKY_ENABLE + -Wmissing-variable-declarations # clang 3.2 appleclang 4.6 + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 5.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 9.4)) + list(APPEND WPICKY_ENABLE + ) + endif() + if((CMAKE_C_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 7.0) OR + (CMAKE_C_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 10.3)) + list(APPEND WPICKY_ENABLE + ) + endif() + else() # gcc + list(APPEND WPICKY_DETECT + ${WPICKY_COMMON} + ) + # Enable based on compiler version + if(NOT CMAKE_C_COMPILER_VERSION VERSION_LESS 4.3) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + -Wclobbered # gcc 4.3 + ) + endif() + endif() + + # + + unset(_wpicky) + + foreach(_CCOPT IN LISTS WPICKY_ENABLE) + set(_wpicky "${_wpicky} ${_CCOPT}") + endforeach() + + foreach(_CCOPT IN LISTS WPICKY_DETECT) + # surprisingly, CHECK_C_COMPILER_FLAG needs a new variable to store each new + # test result in. + string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) + # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, + # so test for the positive form instead + string(REPLACE "-Wno-" "-W" _CCOPT_ON "${_CCOPT}") + check_c_compiler_flag(${_CCOPT_ON} ${_optvarname}) + if(${_optvarname}) + set(_wpicky "${_wpicky} ${_CCOPT}") + endif() + endforeach() + + set(WARNCFLAGS "${WARNCFLAGS} ${_wpicky}") +endif()
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/cmake/PickyWarningsCXX.cmake
Added
@@ -0,0 +1,117 @@ +# nghttp2 +# +# Copyright (c) 2023 nghttp2 contributors +# +# Permission is hereby granted, free of charge, to any person obtaining +# a copy of this software and associated documentation files (the +# "Software"), to deal in the Software without restriction, including +# without limitation the rights to use, copy, modify, merge, publish, +# distribute, sublicense, and/or sell copies of the Software, and to +# permit persons to whom the Software is furnished to do so, subject to +# the following conditions: +# +# The above copyright notice and this permission notice shall be +# included in all copies or substantial portions of the Software. +# +# THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, +# EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF +# MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND +# NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE +# LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION +# OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION +# WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + +# C++ + +include(CheckCXXCompilerFlag) + +if(CMAKE_COMPILER_IS_GNUCC OR CMAKE_COMPILER_IS_GNUCXX OR CMAKE_CXX_COMPILER_ID MATCHES "Clang") + + # https://clang.llvm.org/docs/DiagnosticsReference.html + # https://gcc.gnu.org/onlinedocs/gcc/Warning-Options.html + + # WPICKY_ENABLE = Options we want to enable as-is. + # WPICKY_DETECT = Options we want to test first and enable if available. + + set(WPICKY_ENABLE "-Wall") + + # ---------------------------------- + # Add new options here, if in doubt: + # ---------------------------------- + set(WPICKY_DETECT + ) + + # Assume these options always exist with both clang and gcc. + # Require clang 3.0 / gcc 2.95 or later. + list(APPEND WPICKY_ENABLE + ) + + # Always enable with clang, version dependent with gcc + set(WPICKY_COMMON_OLD + -Wformat-security # clang 3.0 gcc 4.1 + ) + + set(WPICKY_COMMON + ) + + if(CMAKE_CXX_COMPILER_ID MATCHES "Clang") + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + ) + # Enable based on compiler version + if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 3.6) OR + (CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 6.3)) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON} + ) + endif() + if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 3.9) OR + (CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 8.3)) + list(APPEND WPICKY_ENABLE + ) + endif() + if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 5.0) OR + (CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 9.4)) + list(APPEND WPICKY_ENABLE + ) + endif() + if((CMAKE_CXX_COMPILER_ID STREQUAL "Clang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 7.0) OR + (CMAKE_CXX_COMPILER_ID STREQUAL "AppleClang" AND NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 10.3)) + list(APPEND WPICKY_ENABLE + ) + endif() + else() # gcc + list(APPEND WPICKY_DETECT + ${WPICKY_COMMON} + ) + # Enable based on compiler version + if(NOT CMAKE_CXX_COMPILER_VERSION VERSION_LESS 4.3) + list(APPEND WPICKY_ENABLE + ${WPICKY_COMMON_OLD} + ) + endif() + endif() + + # + + unset(_wpicky) + + foreach(_CCOPT IN LISTS WPICKY_ENABLE) + set(_wpicky "${_wpicky} ${_CCOPT}") + endforeach() + + foreach(_CCOPT IN LISTS WPICKY_DETECT) + # surprisingly, CHECK_CXX_COMPILER_FLAG needs a new variable to store each new + # test result in. + string(MAKE_C_IDENTIFIER "OPT${_CCOPT}" _optvarname) + # GCC only warns about unknown -Wno- options if there are also other diagnostic messages, + # so test for the positive form instead + string(REPLACE "-Wno-" "-W" _CCOPT_ON "${_CCOPT}") + check_cxx_compiler_flag(${_CCOPT_ON} ${_optvarname}) + if(${_optvarname}) + set(_wpicky "${_wpicky} ${_CCOPT}") + endif() + endforeach() + + set(WARNCXXFLAGS "${WARNCXXFLAGS} ${_wpicky}") +endif()
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/cmakeconfig.h.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/cmakeconfig.h.in
Changed
@@ -31,9 +31,15 @@ /* Define to 1 if you have the `accept4` function. */ #cmakedefine HAVE_ACCEPT4 1 +/* Define to 1 if you have the `clock_gettime` function. */ +#cmakedefine HAVE_CLOCK_GETTIME 1 + /* Define to 1 if you have the `mkostemp` function. */ #cmakedefine HAVE_MKOSTEMP 1 +/* Define to 1 if you have the `GetTickCount64` function. */ +#cmakedefine HAVE_GETTICKCOUNT64 1 + /* Define to 1 if you have the `initgroups` function. */ #cmakedefine01 HAVE_DECL_INITGROUPS @@ -61,6 +67,9 @@ /* Define to 1 if you have the <netinet/in.h> header file. */ #cmakedefine HAVE_NETINET_IN_H 1 +/* Define to 1 if you have the <netinet/ip.h> header file. */ +#cmakedefine HAVE_NETINET_IP_H 1 + /* Define to 1 if you have the <pwd.h> header file. */ #cmakedefine HAVE_PWD_H 1 @@ -70,6 +79,9 @@ /* Define to 1 if you have the <sys/time.h> header file. */ #cmakedefine HAVE_SYS_TIME_H 1 +/* Define to 1 if you have the <sysinfoapi.h> header file. */ +#cmakedefine HAVE_SYSINFOAPI_H 1 + /* Define to 1 if you have the <syslog.h> header file. */ #cmakedefine HAVE_SYSLOG_H 1
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/config.h.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/config.h.in
Changed
@@ -24,6 +24,9 @@ /* Define to 1 if your system has a working `chown' function. */ #undef HAVE_CHOWN +/* Define to 1 if you have the `clock_gettime' function. */ +#undef HAVE_CLOCK_GETTIME + /* define if the compiler supports basic C++14 syntax */ #undef HAVE_CXX14 @@ -53,6 +56,9 @@ /* Define to 1 if you have the `getpwnam' function. */ #undef HAVE_GETPWNAM +/* Define to 1 if you have `GetTickCount64` function. */ +#undef HAVE_GETTICKCOUNT64 + /* Define to 1 if you have the <inttypes.h> header file. */ #undef HAVE_INTTYPES_H @@ -107,6 +113,9 @@ /* Define to 1 if you have the <netinet/in.h> header file. */ #undef HAVE_NETINET_IN_H +/* Define to 1 if you have the <netinet/ip.h> header file. */ +#undef HAVE_NETINET_IP_H + /* Define to 1 if you have `neverbleed` library. */ #undef HAVE_NEVERBLEED @@ -179,6 +188,9 @@ /* Define to 1 if you have `struct tm.tm_gmtoff` member. */ #undef HAVE_STRUCT_TM_TM_GMTOFF +/* Define to 1 if you have the <sysinfoapi.h> header file. */ +#undef HAVE_SYSINFOAPI_H + /* Define to 1 if you have the <syslog.h> header file. */ #undef HAVE_SYSLOG_H
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/configure -> _service:tar_scm:nghttp2-1.58.0.tar.xz/configure
Changed
@@ -1,6 +1,6 @@ #! /bin/sh # Guess values for system-dependent variables and create Makefiles. -# Generated by GNU Autoconf 2.71 for nghttp2 1.55.1. +# Generated by GNU Autoconf 2.71 for nghttp2 1.58.0. # # Report bugs to <t-tujikawa@users.sourceforge.net>. # @@ -621,8 +621,8 @@ # Identity of this package. PACKAGE_NAME='nghttp2' PACKAGE_TARNAME='nghttp2' -PACKAGE_VERSION='1.55.1' -PACKAGE_STRING='nghttp2 1.55.1' +PACKAGE_VERSION='1.58.0' +PACKAGE_STRING='nghttp2 1.58.0' PACKAGE_BUGREPORT='t-tujikawa@users.sourceforge.net' PACKAGE_URL='' @@ -1516,7 +1516,7 @@ # Omit some internal or obsolete options to make the list less imposing. # This message is too long to be a string in the A/UX 3.1 sh. cat <<_ACEOF -\`configure' configures nghttp2 1.55.1 to adapt to many kinds of systems. +\`configure' configures nghttp2 1.58.0 to adapt to many kinds of systems. Usage: $0 OPTION... VAR=VALUE... @@ -1588,7 +1588,7 @@ if test -n "$ac_init_help"; then case $ac_init_help in - short | recursive ) echo "Configuration of nghttp2 1.55.1:";; + short | recursive ) echo "Configuration of nghttp2 1.58.0:";; esac cat <<\_ACEOF @@ -1804,7 +1804,7 @@ test -n "$ac_init_help" && exit $ac_status if $ac_init_version; then cat <<\_ACEOF -nghttp2 configure 1.55.1 +nghttp2 configure 1.58.0 generated by GNU Autoconf 2.71 Copyright (C) 2021 Free Software Foundation, Inc. @@ -2722,7 +2722,7 @@ This file contains any messages produced by compilers while running configure, to aid debugging if configure makes a mistake. -It was created by nghttp2 $as_me 1.55.1, which was +It was created by nghttp2 $as_me 1.58.0, which was generated by GNU Autoconf 2.71. Invocation command line was $ $0$ac_configure_args_raw @@ -13709,7 +13709,7 @@ # Define the identity of the package. PACKAGE='nghttp2' - VERSION='1.55.1' + VERSION='1.58.0' printf "%s\n" "#define PACKAGE \"$PACKAGE\"" >>confdefs.h @@ -13984,11 +13984,11 @@ AM_BACKSLASH='\' -LT_CURRENT=38 +LT_CURRENT=39 -LT_REVISION=3 +LT_REVISION=1 -LT_AGE=24 +LT_AGE=25 major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"` @@ -19640,7 +19640,449 @@ ac_compiler_gnu=$ac_cv_cxx_compiler_gnu ac_success=no + if test x$ac_success = xno; then + for alternative in ${ax_cxx_compile_alternatives}; do + switch="-std=gnu++${alternative}" + cachevar=`printf "%s\n" "ax_cv_cxx_compile_cxx14_$switch" | $as_tr_sh` + { printf "%s\n" "$as_me:${as_lineno-$LINENO}: checking whether $CXX supports C++14 features with $switch" >&5 +printf %s "checking whether $CXX supports C++14 features with $switch... " >&6; } +if eval test \${$cachevar+y} +then : + printf %s "(cached) " >&6 +else $as_nop + ac_save_CXX="$CXX" + CXX="$CXX $switch" + cat confdefs.h - <<_ACEOF >conftest.$ac_ext +/* end confdefs.h. */ + + +// If the compiler admits that it is not ready for C++11, why torture it? +// Hopefully, this will speed up the test. + +#ifndef __cplusplus + +#error "This is not a C++ compiler" + +#elif __cplusplus < 201103L + +#error "This is not a C++11 compiler" + +#else + +namespace cxx11 +{ + + namespace test_static_assert + { + + template <typename T> + struct check + { + static_assert(sizeof(int) <= sizeof(T), "not big enough"); + }; + + } + + namespace test_final_override + { + + struct Base + { + virtual void f() {} + }; + + struct Derived : public Base + { + virtual void f() override {} + }; + + } + + namespace test_double_right_angle_brackets + { + + template < typename T > + struct check {}; + + typedef check<void> single_type; + typedef check<check<void>> double_type; + typedef check<check<check<void>>> triple_type; + typedef check<check<check<check<void>>>> quadruple_type; + + } + + namespace test_decltype + { + + int + f() + { + int a = 1; + decltype(a) b = 2; + return a + b; + } + + } + + namespace test_type_deduction + { + + template < typename T1, typename T2 > + struct is_same + { + static const bool value = false; + }; + + template < typename T > + struct is_same<T, T> + { + static const bool value = true; + }; + + template < typename T1, typename T2 > + auto + add(T1 a1, T2 a2) -> decltype(a1 + a2) + { + return a1 + a2; + } + + int + test(const int c, volatile int v) + { + static_assert(is_same<int, decltype(0)>::value == true, ""); + static_assert(is_same<int, decltype(c)>::value == false, ""); + static_assert(is_same<int, decltype(v)>::value == false, ""); + auto ac = c; + auto av = v; + auto sumi = ac + av + 'x'; + auto sumf = ac + av + 1.0; + static_assert(is_same<int, decltype(ac)>::value == true, "");
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/configure.ac -> _service:tar_scm:nghttp2-1.58.0.tar.xz/configure.ac
Changed
@@ -25,7 +25,7 @@ dnl https://www.gnu.org/software/automake/manual/html_node/Flag-Variables-Ordering.html AC_PREREQ(2.61) -AC_INIT(nghttp2, 1.55.1, t-tujikawa@users.sourceforge.net) +AC_INIT(nghttp2, 1.58.0, t-tujikawa@users.sourceforge.net) AC_CONFIG_AUX_DIR(.) AC_CONFIG_MACRO_DIR(m4) AC_CONFIG_HEADERS(config.h) @@ -44,9 +44,9 @@ dnl See versioning rule: dnl https://www.gnu.org/software/libtool/manual/html_node/Updating-version-info.html -AC_SUBST(LT_CURRENT, 38) -AC_SUBST(LT_REVISION, 3) -AC_SUBST(LT_AGE, 24) +AC_SUBST(LT_CURRENT, 39) +AC_SUBST(LT_REVISION, 1) +AC_SUBST(LT_AGE, 25) major=`echo $PACKAGE_VERSION |cut -d. -f1 | sed -e "s/^0-9//g"` minor=`echo $PACKAGE_VERSION |cut -d. -f2 | sed -e "s/^0-9//g"` @@ -233,7 +233,7 @@ save_CXXFLAGS="$CXXFLAGS" CXXFLAGS= -AX_CXX_COMPILE_STDCXX(14, noext, optional) +AX_CXX_COMPILE_STDCXX(14, , optional) CXX1XCXXFLAGS="$CXXFLAGS" CXXFLAGS="$save_CXXFLAGS" @@ -508,7 +508,7 @@ # ngtcp2 (for src) have_libngtcp2=no if test "x${request_libngtcp2}" != "xno"; then - PKG_CHECK_MODULES(LIBNGTCP2, libngtcp2 >= 0.17.0, have_libngtcp2=yes, + PKG_CHECK_MODULES(LIBNGTCP2, libngtcp2 >= 1.0.0, have_libngtcp2=yes, have_libngtcp2=no) if test "x${have_libngtcp2}" = "xno"; then AC_MSG_NOTICE($LIBNGTCP2_PKG_ERRORS) @@ -525,7 +525,7 @@ if test "x${have_ssl_is_quic}" = "xyes" && test "x${request_libngtcp2}" != "xno"; then PKG_CHECK_MODULES(LIBNGTCP2_CRYPTO_QUICTLS, - libngtcp2_crypto_quictls >= 0.17.0, + libngtcp2_crypto_quictls >= 1.0.0, have_libngtcp2_crypto_quictls=yes, have_libngtcp2_crypto_quictls=no) if test "x${have_libngtcp2_crypto_quictls}" = "xno"; then @@ -567,7 +567,7 @@ # nghttp3 (for src) have_libnghttp3=no if test "x${request_libnghttp3}" != "xno"; then - PKG_CHECK_MODULES(LIBNGHTTP3, libnghttp3 >= 0.13.0, have_libnghttp3=yes, + PKG_CHECK_MODULES(LIBNGHTTP3, libnghttp3 >= 1.0.0, have_libnghttp3=yes, have_libnghttp3=no) if test "x${have_libnghttp3}" = "xno"; then AC_MSG_NOTICE($LIBNGHTTP3_PKG_ERRORS) @@ -847,6 +847,7 @@ limits.h \ netdb.h \ netinet/in.h \ + netinet/ip.h \ pwd.h \ stddef.h \ stdint.h \ @@ -854,6 +855,7 @@ string.h \ sys/socket.h \ sys/time.h \ + sysinfoapi.h \ syslog.h \ time.h \ unistd.h \ @@ -928,6 +930,7 @@ AC_CHECK_FUNCS( \ _Exit \ accept4 \ + clock_gettime \ dup2 \ getcwd \ getpwnam \ @@ -953,6 +956,25 @@ AC_CHECK_FUNC(timerfd_create, have_timerfd_create=yes, have_timerfd_create=no) +AC_MSG_CHECKING(checking for GetTickCount64) +AC_LINK_IFELSE(AC_LANG_PROGRAM( + +#include <sysinfoapi.h> +, + +GetTickCount64(); +), +have_gettickcount64=yes, +have_gettickcount64=no) + +if test "x${have_gettickcount64}" = "xyes"; then + AC_MSG_RESULT(yes) + AC_DEFINE(HAVE_GETTICKCOUNT64, 1, + Define to 1 if you have `GetTickCount64` function.) +else + AC_MSG_RESULT(no) +fi + # For cygwin: we can link initgroups, so AC_CHECK_FUNCS succeeds, but # cygwin disables initgroups due to feature test macro magic with our # configuration. FreeBSD declares initgroups() in unistd.h.
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/Makefile.am -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/Makefile.am
Changed
@@ -75,6 +75,7 @@ nghttp2_option_set_user_recv_extension_type.rst \ nghttp2_option_set_max_outbound_ack.rst \ nghttp2_option_set_max_settings.rst \ + nghttp2_option_set_stream_reset_rate_limit.rst \ nghttp2_pack_settings_payload.rst \ nghttp2_priority_spec_check_default.rst \ nghttp2_priority_spec_default_init.rst \
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/Makefile.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/Makefile.in
Changed
@@ -430,6 +430,7 @@ nghttp2_option_set_user_recv_extension_type.rst \ nghttp2_option_set_max_outbound_ack.rst \ nghttp2_option_set_max_settings.rst \ + nghttp2_option_set_stream_reset_rate_limit.rst \ nghttp2_pack_settings_payload.rst \ nghttp2_priority_spec_check_default.rst \ nghttp2_priority_spec_default_init.rst \
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/h2load.1 -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/h2load.1
Changed
@@ -27,7 +27,7 @@ .\" new: \\nrst2man-indent\\nrst2man-indent-level .in \\nrst2man-indent\\nrst2man-indent-levelu .. -.TH "H2LOAD" "1" "Jul 14, 2023" "1.55.1" "nghttp2" +.TH "H2LOAD" "1" "Oct 27, 2023" "1.58.0" "nghttp2" .SH NAME h2load \- HTTP/2 benchmarking tool .SH SYNOPSIS
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/nghttp.1 -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/nghttp.1
Changed
@@ -27,7 +27,7 @@ .\" new: \\nrst2man-indent\\nrst2man-indent-level .in \\nrst2man-indent\\nrst2man-indent-levelu .. -.TH "NGHTTP" "1" "Jul 14, 2023" "1.55.1" "nghttp2" +.TH "NGHTTP" "1" "Oct 27, 2023" "1.58.0" "nghttp2" .SH NAME nghttp \- HTTP/2 client .SH SYNOPSIS
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/doc/nghttp2_option_set_stream_reset_rate_limit.rst
Added
@@ -0,0 +1,21 @@ + +nghttp2_option_set_stream_reset_rate_limit +========================================== + +Synopsis +-------- + +*#include <nghttp2/nghttp2.h>* + +.. function:: void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, uint64_t burst, uint64_t rate) + + + This function sets the rate limit for the incoming stream reset + (RST_STREAM frame). It is server use only. It is a token-bucket + based rate limiter. *burst* specifies the number of tokens that is + initially available. The maximum number of tokens is capped to + this value. *rate* specifies the number of tokens that are + regenerated per second. An incoming RST_STREAM consumes one token. + If there is no token available, GOAWAY is sent to tear down the + connection. *burst* and *rate* default to 1000 and 33 + respectively.
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/nghttpd.1 -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/nghttpd.1
Changed
@@ -27,7 +27,7 @@ .\" new: \\nrst2man-indent\\nrst2man-indent-level .in \\nrst2man-indent\\nrst2man-indent-levelu .. -.TH "NGHTTPD" "1" "Jul 14, 2023" "1.55.1" "nghttp2" +.TH "NGHTTPD" "1" "Oct 27, 2023" "1.58.0" "nghttp2" .SH NAME nghttpd \- HTTP/2 server .SH SYNOPSIS
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/nghttpx.1 -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/nghttpx.1
Changed
@@ -27,7 +27,7 @@ .\" new: \\nrst2man-indent\\nrst2man-indent-level .in \\nrst2man-indent\\nrst2man-indent-levelu .. -.TH "NGHTTPX" "1" "Jul 14, 2023" "1.55.1" "nghttp2" +.TH "NGHTTPX" "1" "Oct 27, 2023" "1.58.0" "nghttp2" .SH NAME nghttpx \- HTTP/2 proxy .SH SYNOPSIS @@ -1546,18 +1546,20 @@ .TP .B \-\-add\-request\-header=<HEADER> Specify additional header field to add to request header -set. This option just appends header field and won\(aqt -replace anything already set. This option can be used -several times to specify multiple header fields. +set. The field name must be lowercase. This option +just appends header field and won\(aqt replace anything +already set. This option can be used several times to +specify multiple header fields. Example: \fI\%\-\-add\-request\-header\fP=\(dqfoo: bar\(dq .UNINDENT .INDENT 0.0 .TP .B \-\-add\-response\-header=<HEADER> Specify additional header field to add to response -header set. This option just appends header field and -won\(aqt replace anything already set. This option can be -used several times to specify multiple header fields. +header set. The field name must be lowercase. This +option just appends header field and won\(aqt replace +anything already set. This option can be used several +times to specify multiple header fields. Example: \fI\%\-\-add\-response\-header\fP=\(dqfoo: bar\(dq .UNINDENT .INDENT 0.0 @@ -1832,8 +1834,8 @@ .TP .B \-\-frontend\-quic\-congestion\-controller=<CC> Specify a congestion controller algorithm for a frontend -QUIC connection. <CC> should be one of \(dqcubic\(dq, \(dqbbr\(dq, -and \(dqbbr2\(dq. +QUIC connection. <CC> should be either \(dqcubic\(dq or +\(dqbbr\(dq. .sp Default: \fBcubic\fP .UNINDENT
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/nghttpx.1.rst -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/nghttpx.1.rst
Changed
@@ -1402,17 +1402,19 @@ .. option:: --add-request-header=<HEADER> Specify additional header field to add to request header - set. This option just appends header field and won't - replace anything already set. This option can be used - several times to specify multiple header fields. + set. The field name must be lowercase. This option + just appends header field and won't replace anything + already set. This option can be used several times to + specify multiple header fields. Example: :option:`--add-request-header`\="foo: bar" .. option:: --add-response-header=<HEADER> Specify additional header field to add to response - header set. This option just appends header field and - won't replace anything already set. This option can be - used several times to specify multiple header fields. + header set. The field name must be lowercase. This + option just appends header field and won't replace + anything already set. This option can be used several + times to specify multiple header fields. Example: :option:`--add-response-header`\="foo: bar" .. option:: --request-header-field-buffer=<SIZE> @@ -1673,8 +1675,8 @@ .. option:: --frontend-quic-congestion-controller=<CC> Specify a congestion controller algorithm for a frontend - QUIC connection. <CC> should be one of "cubic", "bbr", - and "bbr2". + QUIC connection. <CC> should be either "cubic" or + "bbr". Default: ``cubic``
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/doc/sources/security.rst -> _service:tar_scm:nghttp2-1.58.0.tar.xz/doc/sources/security.rst
Changed
@@ -20,19 +20,14 @@ We make a new release with the fix at the same time when the vulnerability is disclosed to public. -At least 7 days before the public disclosure date, we will post -security advisory (which includes all the details of the vulnerability -and the possible mitigation strategies) and the patches to fix the -issue to `distros@openwall -<https://oss-security.openwall.org/wiki/mailing-lists/distros>`_ -mailing list. We also open a new issue on `nghttp2 issue tracker +At least 7 days before the public disclosure date, we open a new issue +on `nghttp2 issue tracker <https://github.com/nghttp2/nghttp2/issues>`_ which notifies that the upcoming release will have a security fix. The ``SECURITY`` label is -attached to this kind of issue. +attached to this kind of issue. The issue is not opened if a +vulnerability is already disclosed, and it is publicly known that +nghttp2 is affected by that. Before few hours of new release, we merge the fixes to the master branch (and/or a release branch if necessary) and make a new release. -Security advisory is disclosed on GitHub. We also post the -vulnerability information to `oss-security -<https://oss-security.openwall.org/wiki/mailing-lists/oss-security>`_ -mailing list. +Security advisory is disclosed on GitHub.
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/integration-tests/CMakeLists.txt -> _service:tar_scm:nghttp2-1.58.0.tar.xz/integration-tests/CMakeLists.txt
Changed
@@ -2,6 +2,7 @@ nghttpx_http1_test.go nghttpx_http2_test.go server_tester.go + server_tester_http3.go ) # XXX unused @@ -40,7 +41,11 @@ endforeach() endif() +if(ENABLE_HTTP3) + set(GO_TEST_TAGS quic) +endif() + add_custom_target(it - COMMAND sh setenv go test -v + COMMAND sh setenv go test -v --tags=${GO_TEST_TAGS} DEPENDS ${GO_BUILD_FILES} )
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/integration-tests/Makefile.am -> _service:tar_scm:nghttp2-1.58.0.tar.xz/integration-tests/Makefile.am
Changed
@@ -25,7 +25,8 @@ nghttpx_http1_test.go \ nghttpx_http2_test.go \ nghttpx_http3_test.go \ - server_tester.go + server_tester.go \ + server_tester_http3.go EXTRA_DIST = \ CMakeLists.txt \
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/integration-tests/Makefile.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/integration-tests/Makefile.in
Changed
@@ -341,7 +341,8 @@ nghttpx_http1_test.go \ nghttpx_http2_test.go \ nghttpx_http3_test.go \ - server_tester.go + server_tester.go \ + server_tester_http3.go EXTRA_DIST = \ CMakeLists.txt \
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/integration-tests/nghttpx_http1_test.go -> _service:tar_scm:nghttp2-1.58.0.tar.xz/integration-tests/nghttpx_http1_test.go
Changed
@@ -1490,3 +1490,142 @@ t.Fatal("st.http1() should fail") } } + +// TestH1H1RequestMalformedTransferEncoding tests that server rejects +// request which contains malformed transfer-encoding. +func TestH1H1RequestMalformedTransferEncoding(t *testing.T) { + opts := options{ + handler: func(w http.ResponseWriter, r *http.Request) { + t.Errorf("server should not forward bad request") + }, + } + st := newServerTester(t, opts) + defer st.Close() + + if _, err := io.WriteString(st.conn, fmt.Sprintf("GET / HTTP/1.1\r\nHost: %v\r\nTest-Case: TestH1H1RequestMalformedTransferEncoding\r\nTransfer-Encoding: ,chunked\r\n\r\n", + st.authority)); err != nil { + t.Fatalf("Error io.WriteString() = %v", err) + } + + resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil) + if err != nil { + t.Fatalf("Error http.ReadResponse() = %v", err) + } + + defer resp.Body.Close() + + if got, want := resp.StatusCode, http.StatusBadRequest; got != want { + t.Errorf("status: %v; want %v", got, want) + } +} + +// TestH1H1ResponseMalformedTransferEncoding tests a request fails if +// its response contains malformed transfer-encoding. +func TestH1H1ResponseMalformedTransferEncoding(t *testing.T) { + opts := options{ + handler: func(w http.ResponseWriter, r *http.Request) { + hj, ok := w.(http.Hijacker) + if !ok { + http.Error(w, "Could not hijack the connection", http.StatusInternalServerError) + return + } + conn, bufrw, err := hj.Hijack() + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer conn.Close() + if _, err := bufrw.WriteString("HTTP/1.1 200\r\nTransfer-Encoding: ,chunked\r\n\r\n"); err != nil { + t.Fatalf("Error bufrw.WriteString() = %v", err) + } + bufrw.Flush() + }, + } + st := newServerTester(t, opts) + defer st.Close() + + res, err := st.http1(requestParam{ + name: "TestH1H1ResponseMalformedTransferEncoding", + }) + if err != nil { + t.Fatalf("Error st.http1() = %v", err) + } + if got, want := res.status, http.StatusBadGateway; got != want { + t.Errorf("res.status: %v; want %v", got, want) + } +} + +// TestH1H1ResponseUnknownTransferEncoding tests a request succeeds if +// its response contains unknown transfer-encoding. +func TestH1H1ResponseUnknownTransferEncoding(t *testing.T) { + opts := options{ + handler: func(w http.ResponseWriter, r *http.Request) { + hj, ok := w.(http.Hijacker) + if !ok { + http.Error(w, "Could not hijack the connection", http.StatusInternalServerError) + return + } + conn, bufrw, err := hj.Hijack() + if err != nil { + http.Error(w, err.Error(), http.StatusInternalServerError) + return + } + defer conn.Close() + if _, err := bufrw.WriteString("HTTP/1.1 200\r\nTransfer-Encoding: foo\r\n\r\n"); err != nil { + t.Fatalf("Error bufrw.WriteString() = %v", err) + } + bufrw.Flush() + }, + } + st := newServerTester(t, opts) + defer st.Close() + + if _, err := io.WriteString(st.conn, fmt.Sprintf("GET / HTTP/1.1\r\nHost: %v\r\nTest-Case: TestH1H1ResponseUnknownTransferEncoding\r\n\r\n", + st.authority)); err != nil { + t.Fatalf("Error: io.WriteString() = %v", err) + } + + r := bufio.NewReader(st.conn) + + resp := make(byte, 4096) + + resplen, err := r.Read(resp) + if err != nil { + t.Fatalf("Error: r.Read() = %v", err) + } + + resp = resp:resplen + + const expect = "HTTP/1.1 200 OK\r\nTransfer-Encoding: foo\r\nConnection: close\r\nServer: nghttpx\r\nVia: 1.1 nghttpx\r\n\r\n" + + if got, want := string(resp), expect; got != want { + t.Errorf("resp = %v, want %v", got, want) + } +} + +// TestH1H1RequestHTTP10TransferEncoding tests that server rejects +// HTTP/1.0 request which contains transfer-encoding. +func TestH1H1RequestHTTP10TransferEncoding(t *testing.T) { + opts := options{ + handler: func(w http.ResponseWriter, r *http.Request) { + t.Errorf("server should not forward bad request") + }, + } + st := newServerTester(t, opts) + defer st.Close() + + if _, err := io.WriteString(st.conn, "GET / HTTP/1.0\r\nTest-Case: TestH1H1RequestHTTP10TransferEncoding\r\nTransfer-Encoding: chunked\r\n\r\n"); err != nil { + t.Fatalf("Error io.WriteString() = %v", err) + } + + resp, err := http.ReadResponse(bufio.NewReader(st.conn), nil) + if err != nil { + t.Fatalf("Error http.ReadResponse() = %v", err) + } + + defer resp.Body.Close() + + if got, want := resp.StatusCode, http.StatusBadRequest; got != want { + t.Errorf("status: %v; want %v", got, want) + } +}
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/integration-tests/server_tester.go -> _service:tar_scm:nghttp2-1.58.0.tar.xz/integration-tests/server_tester.go
Changed
@@ -22,7 +22,6 @@ "testing" "time" - "github.com/quic-go/quic-go/http3" "github.com/tatsuhiro-t/go-nghttp2" "golang.org/x/net/http2" "golang.org/x/net/http2/hpack" @@ -390,81 +389,6 @@ return res } -func (st *serverTester) http3(rp requestParam) (*serverResponse, error) { - rt := &http3.RoundTripper{ - TLSClientConfig: &tls.Config{ - InsecureSkipVerify: true, - }, - } - - defer rt.Close() - - c := &http.Client{ - Transport: rt, - } - - method := "GET" - if rp.method != "" { - method = rp.method - } - - var body io.Reader - - if rp.body != nil { - body = bytes.NewBuffer(rp.body) - } - - reqURL := st.url - - if rp.path != "" { - u, err := url.Parse(st.url) - if err != nil { - st.t.Fatalf("Error parsing URL from st.url %v: %v", st.url, err) - } - u.Path = "" - u.RawQuery = "" - reqURL = u.String() + rp.path - } - - ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) - defer cancel() - - req, err := http.NewRequestWithContext(ctx, method, reqURL, body) - if err != nil { - return nil, err - } - - for _, h := range rp.header { - req.Header.Add(h.Name, h.Value) - } - - req.Header.Add("Test-Case", rp.name) - - // TODO http3 package does not support trailer at the time of - // this writing. - - resp, err := c.Do(req) - if err != nil { - return nil, err - } - - defer resp.Body.Close() - - respBody, err := io.ReadAll(resp.Body) - if err != nil { - return nil, err - } - - res := &serverResponse{ - status: resp.StatusCode, - header: resp.Header, - body: respBody, - connClose: resp.Close, - } - - return res, nil -} - func (st *serverTester) http1(rp requestParam) (*serverResponse, error) { method := "GET" if rp.method != "" {
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/integration-tests/server_tester_http3.go
Added
@@ -0,0 +1,90 @@ +//go:build quic + +package nghttp2 + +import ( + "bytes" + "context" + "crypto/tls" + "io" + "net/http" + "net/url" + "time" + + "github.com/quic-go/quic-go/http3" +) + +func (st *serverTester) http3(rp requestParam) (*serverResponse, error) { + rt := &http3.RoundTripper{ + TLSClientConfig: &tls.Config{ + InsecureSkipVerify: true, + }, + } + + defer rt.Close() + + c := &http.Client{ + Transport: rt, + } + + method := "GET" + if rp.method != "" { + method = rp.method + } + + var body io.Reader + + if rp.body != nil { + body = bytes.NewBuffer(rp.body) + } + + reqURL := st.url + + if rp.path != "" { + u, err := url.Parse(st.url) + if err != nil { + st.t.Fatalf("Error parsing URL from st.url %v: %v", st.url, err) + } + u.Path = "" + u.RawQuery = "" + reqURL = u.String() + rp.path + } + + ctx, cancel := context.WithTimeout(context.Background(), 30*time.Second) + defer cancel() + + req, err := http.NewRequestWithContext(ctx, method, reqURL, body) + if err != nil { + return nil, err + } + + for _, h := range rp.header { + req.Header.Add(h.Name, h.Value) + } + + req.Header.Add("Test-Case", rp.name) + + // TODO http3 package does not support trailer at the time of + // this writing. + + resp, err := c.Do(req) + if err != nil { + return nil, err + } + + defer resp.Body.Close() + + respBody, err := io.ReadAll(resp.Body) + if err != nil { + return nil, err + } + + res := &serverResponse{ + status: resp.StatusCode, + header: resp.Header, + body: respBody, + connClose: resp.Close, + } + + return res, nil +}
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/CMakeLists.txt -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/CMakeLists.txt
Changed
@@ -24,6 +24,8 @@ nghttp2_http.c nghttp2_rcbuf.c nghttp2_extpri.c + nghttp2_ratelim.c + nghttp2_time.c nghttp2_debug.c sfparse.c )
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/Makefile.am -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/Makefile.am
Changed
@@ -51,6 +51,8 @@ nghttp2_http.c \ nghttp2_rcbuf.c \ nghttp2_extpri.c \ + nghttp2_ratelim.c \ + nghttp2_time.c \ nghttp2_debug.c \ sfparse.c @@ -69,6 +71,8 @@ nghttp2_http.h \ nghttp2_rcbuf.h \ nghttp2_extpri.h \ + nghttp2_ratelim.h \ + nghttp2_time.h \ nghttp2_debug.h \ sfparse.h
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/Makefile.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/Makefile.in
Changed
@@ -157,7 +157,8 @@ nghttp2_hd_huffman.lo nghttp2_hd_huffman_data.lo \ nghttp2_version.lo nghttp2_priority_spec.lo nghttp2_option.lo \ nghttp2_callbacks.lo nghttp2_mem.lo nghttp2_http.lo \ - nghttp2_rcbuf.lo nghttp2_extpri.lo nghttp2_debug.lo sfparse.lo + nghttp2_rcbuf.lo nghttp2_extpri.lo nghttp2_ratelim.lo \ + nghttp2_time.lo nghttp2_debug.lo sfparse.lo am_libnghttp2_la_OBJECTS = $(am__objects_1) $(am__objects_2) libnghttp2_la_OBJECTS = $(am_libnghttp2_la_OBJECTS) AM_V_lt = $(am__v_lt_@AM_V@) @@ -194,9 +195,10 @@ ./$(DEPDIR)/nghttp2_outbound_item.Plo \ ./$(DEPDIR)/nghttp2_pq.Plo \ ./$(DEPDIR)/nghttp2_priority_spec.Plo \ - ./$(DEPDIR)/nghttp2_queue.Plo ./$(DEPDIR)/nghttp2_rcbuf.Plo \ - ./$(DEPDIR)/nghttp2_session.Plo ./$(DEPDIR)/nghttp2_stream.Plo \ - ./$(DEPDIR)/nghttp2_submit.Plo ./$(DEPDIR)/nghttp2_version.Plo \ + ./$(DEPDIR)/nghttp2_queue.Plo ./$(DEPDIR)/nghttp2_ratelim.Plo \ + ./$(DEPDIR)/nghttp2_rcbuf.Plo ./$(DEPDIR)/nghttp2_session.Plo \ + ./$(DEPDIR)/nghttp2_stream.Plo ./$(DEPDIR)/nghttp2_submit.Plo \ + ./$(DEPDIR)/nghttp2_time.Plo ./$(DEPDIR)/nghttp2_version.Plo \ ./$(DEPDIR)/sfparse.Plo am__mv = mv -f COMPILE = $(CC) $(DEFS) $(DEFAULT_INCLUDES) $(INCLUDES) $(AM_CPPFLAGS) \ @@ -510,6 +512,8 @@ nghttp2_http.c \ nghttp2_rcbuf.c \ nghttp2_extpri.c \ + nghttp2_ratelim.c \ + nghttp2_time.c \ nghttp2_debug.c \ sfparse.c @@ -528,6 +532,8 @@ nghttp2_http.h \ nghttp2_rcbuf.h \ nghttp2_extpri.h \ + nghttp2_ratelim.h \ + nghttp2_time.h \ nghttp2_debug.h \ sfparse.h @@ -633,10 +639,12 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_pq.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_priority_spec.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_queue.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_ratelim.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_rcbuf.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_session.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_stream.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_submit.Plo@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_time.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_version.Plo@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/sfparse.Plo@am__quote@ # am--include-marker @@ -916,10 +924,12 @@ -rm -f ./$(DEPDIR)/nghttp2_pq.Plo -rm -f ./$(DEPDIR)/nghttp2_priority_spec.Plo -rm -f ./$(DEPDIR)/nghttp2_queue.Plo + -rm -f ./$(DEPDIR)/nghttp2_ratelim.Plo -rm -f ./$(DEPDIR)/nghttp2_rcbuf.Plo -rm -f ./$(DEPDIR)/nghttp2_session.Plo -rm -f ./$(DEPDIR)/nghttp2_stream.Plo -rm -f ./$(DEPDIR)/nghttp2_submit.Plo + -rm -f ./$(DEPDIR)/nghttp2_time.Plo -rm -f ./$(DEPDIR)/nghttp2_version.Plo -rm -f ./$(DEPDIR)/sfparse.Plo -rm -f Makefile @@ -985,10 +995,12 @@ -rm -f ./$(DEPDIR)/nghttp2_pq.Plo -rm -f ./$(DEPDIR)/nghttp2_priority_spec.Plo -rm -f ./$(DEPDIR)/nghttp2_queue.Plo + -rm -f ./$(DEPDIR)/nghttp2_ratelim.Plo -rm -f ./$(DEPDIR)/nghttp2_rcbuf.Plo -rm -f ./$(DEPDIR)/nghttp2_session.Plo -rm -f ./$(DEPDIR)/nghttp2_stream.Plo -rm -f ./$(DEPDIR)/nghttp2_submit.Plo + -rm -f ./$(DEPDIR)/nghttp2_time.Plo -rm -f ./$(DEPDIR)/nghttp2_version.Plo -rm -f ./$(DEPDIR)/sfparse.Plo -rm -f Makefile
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/includes/nghttp2/nghttp2.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/includes/nghttp2/nghttp2.h
Changed
@@ -2759,6 +2759,23 @@ /** * @function * + * This function sets the rate limit for the incoming stream reset + * (RST_STREAM frame). It is server use only. It is a token-bucket + * based rate limiter. |burst| specifies the number of tokens that is + * initially available. The maximum number of tokens is capped to + * this value. |rate| specifies the number of tokens that are + * regenerated per second. An incoming RST_STREAM consumes one token. + * If there is no token available, GOAWAY is sent to tear down the + * connection. |burst| and |rate| default to 1000 and 33 + * respectively. + */ +NGHTTP2_EXTERN void +nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, + uint64_t burst, uint64_t rate); + +/** + * @function + * * Initializes |*session_ptr| for client use. The all members of * |callbacks| are copied to |*session_ptr|. Therefore |*session_ptr| * does not store |callbacks|. The |user_data| is an arbitrary user
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/includes/nghttp2/nghttp2ver.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/includes/nghttp2/nghttp2ver.h
Changed
@@ -29,7 +29,7 @@ * @macro * Version number of the nghttp2 library release */ -#define NGHTTP2_VERSION "1.55.1" +#define NGHTTP2_VERSION "1.58.0" /** * @macro @@ -37,6 +37,6 @@ * release. This is a 24 bit number with 8 bits for major number, 8 bits * for minor and 8 bits for patch. Version 1.2.3 becomes 0x010203. */ -#define NGHTTP2_VERSION_NUM 0x013701 +#define NGHTTP2_VERSION_NUM 0x013a00 #endif /* NGHTTP2VER_H */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_frame.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_frame.c
Changed
@@ -418,8 +418,8 @@ nghttp2_priority_spec_init(pri_spec, dep_stream_id, weight, exclusive); } -int nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame, - const uint8_t *payload) { +void nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame, + const uint8_t *payload) { if (frame->hd.flags & NGHTTP2_FLAG_PRIORITY) { nghttp2_frame_unpack_priority_spec(&frame->pri_spec, payload); } else { @@ -428,11 +428,9 @@ frame->nva = NULL; frame->nvlen = 0; - - return 0; } -int nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame) { +void nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame) { nghttp2_buf *buf; assert(bufs->head == bufs->cur); @@ -448,8 +446,6 @@ nghttp2_frame_pack_priority_spec(buf->last, &frame->pri_spec); buf->last += NGHTTP2_PRIORITY_SPECLEN; - - return 0; } void nghttp2_frame_unpack_priority_payload(nghttp2_priority *frame, @@ -457,8 +453,8 @@ nghttp2_frame_unpack_priority_spec(&frame->pri_spec, payload); } -int nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs, - nghttp2_rst_stream *frame) { +void nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs, + nghttp2_rst_stream *frame) { nghttp2_buf *buf; assert(bufs->head == bufs->cur); @@ -473,8 +469,6 @@ nghttp2_put_uint32be(buf->last, frame->error_code); buf->last += 4; - - return 0; } void nghttp2_frame_unpack_rst_stream_payload(nghttp2_rst_stream *frame, @@ -592,16 +586,15 @@ return frame_pack_headers_shared(bufs, &frame->hd); } -int nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame, - const uint8_t *payload) { +void nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame, + const uint8_t *payload) { frame->promised_stream_id = nghttp2_get_uint32(payload) & NGHTTP2_STREAM_ID_MASK; frame->nva = NULL; frame->nvlen = 0; - return 0; } -int nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame) { +void nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame) { nghttp2_buf *buf; assert(bufs->head == bufs->cur); @@ -616,8 +609,6 @@ buf->last = nghttp2_cpymem(buf->last, frame->opaque_data, sizeof(frame->opaque_data)); - - return 0; } void nghttp2_frame_unpack_ping_payload(nghttp2_ping *frame, @@ -697,8 +688,8 @@ return 0; } -int nghttp2_frame_pack_window_update(nghttp2_bufs *bufs, - nghttp2_window_update *frame) { +void nghttp2_frame_pack_window_update(nghttp2_bufs *bufs, + nghttp2_window_update *frame) { nghttp2_buf *buf; assert(bufs->head == bufs->cur); @@ -713,8 +704,6 @@ nghttp2_put_uint32be(buf->last, (uint32_t)frame->window_size_increment); buf->last += 4; - - return 0; } void nghttp2_frame_unpack_window_update_payload(nghttp2_window_update *frame, @@ -723,7 +712,7 @@ nghttp2_get_uint32(payload) & NGHTTP2_WINDOW_SIZE_INCREMENT_MASK; } -int nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *frame) { +void nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *frame) { int rv; nghttp2_buf *buf; nghttp2_ext_altsvc *altsvc; @@ -752,8 +741,6 @@ rv = nghttp2_bufs_add(bufs, altsvc->field_value, altsvc->field_value_len); assert(rv == 0); - - return 0; } void nghttp2_frame_unpack_altsvc_payload(nghttp2_extension *frame, @@ -901,8 +888,8 @@ return 0; } -int nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs, - nghttp2_extension *frame) { +void nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs, + nghttp2_extension *frame) { int rv; nghttp2_buf *buf; nghttp2_ext_priority_update *priority_update; @@ -927,8 +914,6 @@ priority_update->field_value_len); assert(rv == 0); - - return 0; } void nghttp2_frame_unpack_priority_update_payload(nghttp2_extension *frame, @@ -1186,14 +1171,14 @@ buf->last += trail_padlen; } -int nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd, - size_t padlen, int framehd_only) { +void nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd, + size_t padlen, int framehd_only) { nghttp2_buf *buf; if (padlen == 0) { DEBUGF("send: padlen = 0, nothing to do\n"); - return 0; + return; } /* @@ -1226,6 +1211,4 @@ hd->flags |= NGHTTP2_FLAG_PADDED; DEBUGF("send: final payloadlen=%zu, padlen=%zu\n", hd->length, padlen); - - return 0; }
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_frame.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_frame.h
Changed
@@ -143,11 +143,9 @@ * Unpacks HEADERS frame byte sequence into |frame|. This function * only unapcks bytes that come before name/value header block and * after possible Pad Length field. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame, - const uint8_t *payload); +void nghttp2_frame_unpack_headers_payload(nghttp2_headers *frame, + const uint8_t *payload); /* * Packs PRIORITY frame |frame| in wire format and store it in @@ -155,10 +153,8 @@ * * The caller must make sure that nghttp2_bufs_reset(bufs) is called * before calling this function. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame); +void nghttp2_frame_pack_priority(nghttp2_bufs *bufs, nghttp2_priority *frame); /* * Unpacks PRIORITY wire format into |frame|. @@ -172,11 +168,9 @@ * * The caller must make sure that nghttp2_bufs_reset(bufs) is called * before calling this function. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs, - nghttp2_rst_stream *frame); +void nghttp2_frame_pack_rst_stream(nghttp2_bufs *bufs, + nghttp2_rst_stream *frame); /* * Unpacks RST_STREAM frame byte sequence into |frame|. @@ -265,15 +259,9 @@ * Unpacks PUSH_PROMISE frame byte sequence into |frame|. This * function only unapcks bytes that come before name/value header * block and after possible Pad Length field. - * - * This function returns 0 if it succeeds or one of the following - * negative error codes: - * - * NGHTTP2_ERR_PROTO - * TODO END_HEADERS flag is not set */ -int nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame, - const uint8_t *payload); +void nghttp2_frame_unpack_push_promise_payload(nghttp2_push_promise *frame, + const uint8_t *payload); /* * Packs PING frame |frame| in wire format and store it in @@ -281,10 +269,8 @@ * * The caller must make sure that nghttp2_bufs_reset(bufs) is called * before calling this function. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame); +void nghttp2_frame_pack_ping(nghttp2_bufs *bufs, nghttp2_ping *frame); /* * Unpacks PING wire format into |frame|. @@ -343,11 +329,9 @@ * * The caller must make sure that nghttp2_bufs_reset(bufs) is called * before calling this function. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_pack_window_update(nghttp2_bufs *bufs, - nghttp2_window_update *frame); +void nghttp2_frame_pack_window_update(nghttp2_bufs *bufs, + nghttp2_window_update *frame); /* * Unpacks WINDOW_UPDATE frame byte sequence into |frame|. @@ -361,17 +345,13 @@ * * The caller must make sure that nghttp2_bufs_reset(bufs) is called * before calling this function. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *ext); +void nghttp2_frame_pack_altsvc(nghttp2_bufs *bufs, nghttp2_extension *ext); /* * Unpacks ALTSVC wire format into |frame|. The |payload| of * |payloadlen| bytes contains frame payload. This function assumes * that frame->payload points to the nghttp2_ext_altsvc object. - * - * This function always succeeds and returns 0. */ void nghttp2_frame_unpack_altsvc_payload(nghttp2_extension *frame, size_t origin_len, uint8_t *payload, @@ -431,19 +411,15 @@ * * The caller must make sure that nghttp2_bufs_reset(bufs) is called * before calling this function. - * - * This function always succeeds and returns 0. */ -int nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs, - nghttp2_extension *ext); +void nghttp2_frame_pack_priority_update(nghttp2_bufs *bufs, + nghttp2_extension *ext); /* * Unpacks PRIORITY_UPDATE wire format into |frame|. The |payload| of * |payloadlen| bytes contains frame payload. This function assumes * that frame->payload points to the nghttp2_ext_priority_update * object. - * - * This function always succeeds and returns 0. */ void nghttp2_frame_unpack_priority_update_payload(nghttp2_extension *frame, uint8_t *payload, @@ -654,16 +630,8 @@ * |padlen| including Pad Length field. The |hd| is the frame header * for the serialized data. This function fills zeros padding region * unless framehd_only is nonzero. - * - * This function returns 0 if it succeeds, or one of the following - * negative error codes: - * - * NGHTTP2_ERR_NOMEM - * Out of memory. - * NGHTTP2_ERR_FRAME_SIZE_ERROR - * The length of the resulting frame is too large. */ -int nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd, - size_t padlen, int framehd_only); +void nghttp2_frame_add_pad(nghttp2_bufs *bufs, nghttp2_frame_hd *hd, + size_t padlen, int framehd_only); #endif /* NGHTTP2_FRAME_H */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_map.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_map.c
Changed
@@ -126,6 +126,7 @@ bkt->data = data; } +#ifndef WIN32 void nghttp2_map_print_distance(nghttp2_map *map) { uint32_t i; size_t idx; @@ -145,6 +146,7 @@ distance(map->tablelen, map->tablelenbits, bkt, idx)); } } +#endif /* !WIN32 */ static int insert(nghttp2_map_bucket *table, uint32_t tablelen, uint32_t tablelenbits, uint32_t hash,
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_map.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_map.h
Changed
@@ -131,6 +131,8 @@ int nghttp2_map_each(nghttp2_map *map, int (*func)(void *data, void *ptr), void *ptr); +#ifndef WIN32 void nghttp2_map_print_distance(nghttp2_map *map); +#endif /* !WIN32 */ #endif /* NGHTTP2_MAP_H */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_option.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_option.c
Changed
@@ -143,3 +143,10 @@ NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION; option->no_rfc9113_leading_and_trailing_ws_validation = val; } + +void nghttp2_option_set_stream_reset_rate_limit(nghttp2_option *option, + uint64_t burst, uint64_t rate) { + option->opt_set_mask |= NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT; + option->stream_reset_burst = burst; + option->stream_reset_rate = rate; +}
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_option.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_option.h
Changed
@@ -70,6 +70,7 @@ NGHTTP2_OPT_MAX_SETTINGS = 1 << 12, NGHTTP2_OPT_SERVER_FALLBACK_RFC7540_PRIORITIES = 1 << 13, NGHTTP2_OPT_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION = 1 << 14, + NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT = 1 << 15, } nghttp2_option_flag; /** @@ -77,6 +78,11 @@ */ struct nghttp2_option { /** + * NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT + */ + uint64_t stream_reset_burst; + uint64_t stream_reset_rate; + /** * NGHTTP2_OPT_MAX_SEND_HEADER_BLOCK_LENGTH */ size_t max_send_header_block_length;
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_ratelim.c
Added
@@ -0,0 +1,75 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2023 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#include "nghttp2_ratelim.h" +#include "nghttp2_helper.h" + +void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate) { + rl->val = rl->burst = burst; + rl->rate = rate; + rl->tstamp = 0; +} + +void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp) { + uint64_t d, gain; + + if (tstamp == rl->tstamp) { + return; + } + + if (tstamp > rl->tstamp) { + d = tstamp - rl->tstamp; + } else { + d = 1; + } + + rl->tstamp = tstamp; + + if (UINT64_MAX / d < rl->rate) { + rl->val = rl->burst; + + return; + } + + gain = rl->rate * d; + + if (UINT64_MAX - gain < rl->val) { + rl->val = rl->burst; + + return; + } + + rl->val += gain; + rl->val = nghttp2_min(rl->val, rl->burst); +} + +int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n) { + if (rl->val < n) { + return -1; + } + + rl->val -= n; + + return 0; +}
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_ratelim.h
Added
@@ -0,0 +1,57 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2023 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP2_RATELIM_H +#define NGHTTP2_RATELIM_H + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif /* HAVE_CONFIG_H */ + +#include <nghttp2/nghttp2.h> + +typedef struct nghttp2_ratelim { + /* burst is the maximum value of val. */ + uint64_t burst; + /* rate is the amount of value that is regenerated per 1 tstamp. */ + uint64_t rate; + /* val is the amount of value available to drain. */ + uint64_t val; + /* tstamp is the last timestamp in second resolution that is known + to this object. */ + uint64_t tstamp; +} nghttp2_ratelim; + +/* nghttp2_ratelim_init initializes |rl| with the given parameters. */ +void nghttp2_ratelim_init(nghttp2_ratelim *rl, uint64_t burst, uint64_t rate); + +/* nghttp2_ratelim_update updates rl->val with the current |tstamp| + given in second resolution. */ +void nghttp2_ratelim_update(nghttp2_ratelim *rl, uint64_t tstamp); + +/* nghttp2_ratelim_drain drains |n| from rl->val. It returns 0 if it + succeeds, or -1. */ +int nghttp2_ratelim_drain(nghttp2_ratelim *rl, uint64_t n); + +#endif /* NGHTTP2_RATELIM_H */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_session.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_session.c
Changed
@@ -37,6 +37,7 @@ #include "nghttp2_http.h" #include "nghttp2_pq.h" #include "nghttp2_extpri.h" +#include "nghttp2_time.h" #include "nghttp2_debug.h" /* @@ -475,6 +476,10 @@ (*session_ptr)->pending_enable_push = 1; (*session_ptr)->pending_no_rfc7540_priorities = UINT8_MAX; + nghttp2_ratelim_init(&(*session_ptr)->stream_reset_ratelim, + NGHTTP2_DEFAULT_STREAM_RESET_BURST, + NGHTTP2_DEFAULT_STREAM_RESET_RATE); + if (server) { (*session_ptr)->server = 1; } @@ -573,6 +578,12 @@ (*session_ptr)->opt_flags |= NGHTTP2_OPTMASK_NO_RFC9113_LEADING_AND_TRAILING_WS_VALIDATION; } + + if (option->opt_set_mask & NGHTTP2_OPT_STREAM_RESET_RATE_LIMIT) { + nghttp2_ratelim_init(&(*session_ptr)->stream_reset_ratelim, + option->stream_reset_burst, + option->stream_reset_rate); + } } rv = nghttp2_hd_deflate_init2(&(*session_ptr)->hd_deflater, @@ -937,8 +948,8 @@ return 0; } -static int session_ob_data_remove(nghttp2_session *session, - nghttp2_stream *stream) { +static void session_ob_data_remove(nghttp2_session *session, + nghttp2_stream *stream) { uint32_t urgency; assert(stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES); @@ -951,8 +962,6 @@ nghttp2_pq_remove(&session->schedurgency.ob_data, &stream->pq_entry); stream->queued = 0; - - return 0; } static int session_attach_stream_item(nghttp2_session *session, @@ -972,38 +981,28 @@ return session_ob_data_push(session, stream); } -static int session_detach_stream_item(nghttp2_session *session, - nghttp2_stream *stream) { - int rv; - - rv = nghttp2_stream_detach_item(stream); - if (rv != 0) { - return rv; - } +static void session_detach_stream_item(nghttp2_session *session, + nghttp2_stream *stream) { + nghttp2_stream_detach_item(stream); if (!(stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES) || !stream->queued) { - return 0; + return; } - return session_ob_data_remove(session, stream); + session_ob_data_remove(session, stream); } -static int session_defer_stream_item(nghttp2_session *session, - nghttp2_stream *stream, uint8_t flags) { - int rv; - - rv = nghttp2_stream_defer_item(stream, flags); - if (rv != 0) { - return rv; - } +static void session_defer_stream_item(nghttp2_session *session, + nghttp2_stream *stream, uint8_t flags) { + nghttp2_stream_defer_item(stream, flags); if (!(stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES) || !stream->queued) { - return 0; + return; } - return session_ob_data_remove(session, stream); + session_ob_data_remove(session, stream); } static int session_resume_deferred_stream_item(nghttp2_session *session, @@ -1476,11 +1475,7 @@ item = stream->item; - rv = session_detach_stream_item(session, stream); - - if (rv != 0) { - return rv; - } + session_detach_stream_item(session, stream); /* If item is queued, it will be deleted when it is popped (nghttp2_session_prep_frame() will fail). If session->aob.item @@ -2221,7 +2216,6 @@ frame->push_promise has also padlen in the same position. */ static int session_headers_add_pad(nghttp2_session *session, nghttp2_frame *frame) { - int rv; ssize_t padded_payloadlen; nghttp2_active_outbound_item *aob; nghttp2_bufs *framebufs; @@ -2246,11 +2240,7 @@ DEBUGF("send: padding selected: payloadlen=%zd, padlen=%zu\n", padded_payloadlen, padlen); - rv = nghttp2_frame_add_pad(framebufs, &frame->hd, padlen, 0); - - if (rv != 0) { - return rv; - } + nghttp2_frame_add_pad(framebufs, &frame->hd, padlen, 0); frame->headers.padlen = padlen; @@ -2333,13 +2323,7 @@ // Search stream including closed again. stream = nghttp2_session_get_stream_raw(session, frame->hd.stream_id); if (stream) { - int rv2; - - rv2 = session_detach_stream_item(session, stream); - - if (nghttp2_is_fatal(rv2)) { - return rv2; - } + session_detach_stream_item(session, stream); } return rv; @@ -2354,12 +2338,8 @@ queue when session->remote_window_size > 0 */ assert(session->remote_window_size > 0); - rv = session_defer_stream_item(session, stream, - NGHTTP2_STREAM_FLAG_DEFERRED_FLOW_CONTROL); - - if (nghttp2_is_fatal(rv)) { - return rv; - } + session_defer_stream_item(session, stream, + NGHTTP2_STREAM_FLAG_DEFERRED_FLOW_CONTROL); session->aob.item = NULL; active_outbound_item_reset(&session->aob, mem); @@ -2373,23 +2353,15 @@ return rv; } if (rv == NGHTTP2_ERR_DEFERRED) { - rv = session_defer_stream_item(session, stream, - NGHTTP2_STREAM_FLAG_DEFERRED_USER); - - if (nghttp2_is_fatal(rv)) { - return rv; - } + session_defer_stream_item(session, stream, + NGHTTP2_STREAM_FLAG_DEFERRED_USER); session->aob.item = NULL; active_outbound_item_reset(&session->aob, mem); return NGHTTP2_ERR_DEFERRED; } if (rv == NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE) { - rv = session_detach_stream_item(session, stream); - - if (nghttp2_is_fatal(rv)) { - return rv; - } + session_detach_stream_item(session, stream); rv = nghttp2_session_add_rst_stream(session, frame->hd.stream_id, NGHTTP2_INTERNAL_ERROR); @@ -2399,13 +2371,7 @@ return NGHTTP2_ERR_TEMPORAL_CALLBACK_FAILURE; } if (rv != 0) { - int rv2; - - rv2 = session_detach_stream_item(session, stream); -
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_session.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_session.h
Changed
@@ -39,6 +39,7 @@ #include "nghttp2_buf.h" #include "nghttp2_callbacks.h" #include "nghttp2_mem.h" +#include "nghttp2_ratelim.h" /* The global variable for tests where we want to disable strict preface handling. */ @@ -105,6 +106,10 @@ /* The default value of maximum number of concurrent streams. */ #define NGHTTP2_DEFAULT_MAX_CONCURRENT_STREAMS 0xffffffffu +/* The default values for stream reset rate limiter. */ +#define NGHTTP2_DEFAULT_STREAM_RESET_BURST 1000 +#define NGHTTP2_DEFAULT_STREAM_RESET_RATE 33 + /* Internal state when receiving incoming frame */ typedef enum { /* Receiving frame header */ @@ -178,7 +183,9 @@ /* Flag means GOAWAY was sent */ NGHTTP2_GOAWAY_SENT = 0x4, /* Flag means GOAWAY was received */ - NGHTTP2_GOAWAY_RECV = 0x8 + NGHTTP2_GOAWAY_RECV = 0x8, + /* Flag means GOAWAY has been submitted at least once */ + NGHTTP2_GOAWAY_SUBMITTED = 0x10 } nghttp2_goaway_flag; /* nghttp2_inflight_settings stores the SETTINGS entries which local @@ -235,6 +242,9 @@ /* Queue of In-flight SETTINGS values. SETTINGS bearing ACK is not considered as in-flight. */ nghttp2_inflight_settings *inflight_settings_head; + /* Stream reset rate limiter. If receiving excessive amount of + stream resets, GOAWAY will be sent. */ + nghttp2_ratelim stream_reset_ratelim; /* Sequential number across all streams to process streams in FIFO. */ uint64_t stream_seq;
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_stream.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_stream.c
Changed
@@ -465,14 +465,12 @@ return 0; } -static int stream_update_dep_on_detach_item(nghttp2_stream *stream) { +static void stream_update_dep_on_detach_item(nghttp2_stream *stream) { if (nghttp2_pq_empty(&stream->obq)) { stream_obq_remove(stream); } validate_tree(stream); - - return 0; } int nghttp2_stream_attach_item(nghttp2_stream *stream, @@ -503,20 +501,20 @@ return 0; } -int nghttp2_stream_detach_item(nghttp2_stream *stream) { +void nghttp2_stream_detach_item(nghttp2_stream *stream) { DEBUGF("stream: stream=%d detach item=%p\n", stream->stream_id, stream->item); stream->item = NULL; stream->flags = (uint8_t)(stream->flags & ~NGHTTP2_STREAM_FLAG_DEFERRED_ALL); if (stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES) { - return 0; + return; } - return stream_update_dep_on_detach_item(stream); + stream_update_dep_on_detach_item(stream); } -int nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags) { +void nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags) { assert(stream->item); DEBUGF("stream: stream=%d defer item=%p cause=%02x\n", stream->stream_id, @@ -525,10 +523,10 @@ stream->flags |= flags; if (stream->flags & NGHTTP2_STREAM_FLAG_NO_RFC7540_PRIORITIES) { - return 0; + return; } - return stream_update_dep_on_detach_item(stream); + stream_update_dep_on_detach_item(stream); } int nghttp2_stream_resume_deferred_item(nghttp2_stream *stream, uint8_t flags) {
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/lib/nghttp2_stream.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_stream.h
Changed
@@ -258,14 +258,8 @@ * more of NGHTTP2_STREAM_FLAG_DEFERRED_USER and * NGHTTP2_STREAM_FLAG_DEFERRED_FLOW_CONTROL. The |flags| indicates * the reason of this action. - * - * This function returns 0 if it succeeds, or one of the following - * negative error codes: - * - * NGHTTP2_ERR_NOMEM - * Out of memory */ -int nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags); +void nghttp2_stream_defer_item(nghttp2_stream *stream, uint8_t flags); /* * Put back deferred data in this stream to active state. The |flags| @@ -379,14 +373,8 @@ /* * Detaches |stream->item|. This function does not free * |stream->item|. The caller must free it. - * - * This function returns 0 if it succeeds, or one of the following - * negative error codes: - * - * NGHTTP2_ERR_NOMEM - * Out of memory */ -int nghttp2_stream_detach_item(nghttp2_stream *stream); +void nghttp2_stream_detach_item(nghttp2_stream *stream); /* * Makes the |stream| depend on the |dep_stream|. This dependency is
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_time.c
Added
@@ -0,0 +1,62 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2023 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#include "nghttp2_time.h" + +#ifdef HAVE_TIME_H +# include <time.h> +#endif /* HAVE_TIME_H */ + +#ifdef HAVE_SYSINFOAPI_H +# include <sysinfoapi.h> +#endif /* HAVE_SYSINFOAPI_H */ + +#if !defined(HAVE_GETTICKCOUNT64) || defined(__CYGWIN__) +static uint64_t time_now_sec(void) { + time_t t = time(NULL); + + if (t == -1) { + return 0; + } + + return (uint64_t)t; +} +#endif /* !HAVE_GETTICKCOUNT64 || __CYGWIN__ */ + +#if defined(HAVE_GETTICKCOUNT64) && !defined(__CYGWIN__) +uint64_t nghttp2_time_now_sec(void) { return GetTickCount64() / 1000; } +#elif defined(HAVE_CLOCK_GETTIME) +uint64_t nghttp2_time_now_sec(void) { + struct timespec tp; + int rv = clock_gettime(CLOCK_MONOTONIC, &tp); + + if (rv == -1) { + return time_now_sec(); + } + + return (uint64_t)tp.tv_sec; +} +#else /* (!HAVE_CLOCK_GETTIME || __CYGWIN__) && !HAVE_GETTICKCOUNT64 */ +uint64_t nghttp2_time_now_sec(void) { return time_now_sec(); } +#endif /* (!HAVE_CLOCK_GETTIME || __CYGWIN__) && !HAVE_GETTICKCOUNT64 */
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/lib/nghttp2_time.h
Added
@@ -0,0 +1,38 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2023 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP2_TIME_H +#define NGHTTP2_TIME_H + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif /* HAVE_CONFIG_H */ + +#include <nghttp2/nghttp2.h> + +/* nghttp2_time_now_sec returns seconds from implementation-specific + timepoint. If it is unable to get seconds, it returns 0. */ +uint64_t nghttp2_time_now_sec(void); + +#endif /* NGHTTP2_TIME_H */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/ltmain.sh -> _service:tar_scm:nghttp2-1.58.0.tar.xz/ltmain.sh
Changed
@@ -31,7 +31,7 @@ PROGRAM=libtool PACKAGE=libtool -VERSION="2.4.7 Debian-2.4.7-5" +VERSION="2.4.7 Debian-2.4.7-7" package_revision=2.4.7 @@ -572,27 +572,15 @@ # --------------------- # Append VALUE onto the existing contents of VAR. - # We should try to minimise forks, especially on Windows where they are - # unreasonably slow, so skip the feature probes when bash or zsh are - # being used: - if test set = "${BASH_VERSION+set}${ZSH_VERSION+set}"; then - : ${_G_HAVE_ARITH_OP="yes"} - : ${_G_HAVE_XSI_OPS="yes"} - # The += operator was introduced in bash 3.1 - case $BASH_VERSION in - 12.* | 3.0 | 3.0*) ;; - *) - : ${_G_HAVE_PLUSEQ_OP="yes"} - ;; - esac - fi - # _G_HAVE_PLUSEQ_OP # Can be empty, in which case the shell is probed, "yes" if += is # useable or anything else if it does not work. - test -z "$_G_HAVE_PLUSEQ_OP" \ - && (eval 'x=a; x+=" b"; test "a b" = "$x"') 2>/dev/null \ - && _G_HAVE_PLUSEQ_OP=yes + if test -z "$_G_HAVE_PLUSEQ_OP" && \ + __PLUSEQ_TEST="a" && \ + __PLUSEQ_TEST+=" b" 2>/dev/null && \ + test "a b" = "$__PLUSEQ_TEST"; then + _G_HAVE_PLUSEQ_OP=yes + fi if test yes = "$_G_HAVE_PLUSEQ_OP" then @@ -2308,7 +2296,7 @@ compiler: $LTCC compiler flags: $LTCFLAGS linker: $LD (gnu? $with_gnu_ld) - version: $progname $scriptversion Debian-2.4.7-5 + version: $progname $scriptversion Debian-2.4.7-7 automake: `($AUTOMAKE --version) 2>/dev/null |$SED 1q` autoconf: `($AUTOCONF --version) 2>/dev/null |$SED 1q`
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/HttpServer.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/HttpServer.cc
Changed
@@ -754,37 +754,37 @@ ERR_clear_error(); - for (;;) { - auto rv = SSL_read(ssl_, buf.data(), buf.size()); - - if (rv <= 0) { - auto err = SSL_get_error(ssl_, rv); - switch (err) { - case SSL_ERROR_WANT_READ: - return write_(*this); - case SSL_ERROR_WANT_WRITE: - // renegotiation started - return -1; - default: - return -1; - } + auto rv = SSL_read(ssl_, buf.data(), buf.size()); + + if (rv <= 0) { + auto err = SSL_get_error(ssl_, rv); + switch (err) { + case SSL_ERROR_WANT_READ: + return write_(*this); + case SSL_ERROR_WANT_WRITE: + // renegotiation started + return -1; + default: + return -1; } + } - auto nread = rv; + auto nread = rv; - if (get_config()->hexdump) { - util::hexdump(stdout, buf.data(), nread); - } + if (get_config()->hexdump) { + util::hexdump(stdout, buf.data(), nread); + } - rv = nghttp2_session_mem_recv(session_, buf.data(), nread); - if (rv < 0) { - if (rv != NGHTTP2_ERR_BAD_CLIENT_MAGIC) { - std::cerr << "nghttp2_session_mem_recv() returned error: " - << nghttp2_strerror(rv) << std::endl; - } - return -1; + rv = nghttp2_session_mem_recv(session_, buf.data(), nread); + if (rv < 0) { + if (rv != NGHTTP2_ERR_BAD_CLIENT_MAGIC) { + std::cerr << "nghttp2_session_mem_recv() returned error: " + << nghttp2_strerror(rv) << std::endl; } + return -1; } + + return write_(*this); } int Http2Handler::write_tls() {
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/h2load.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/h2load.cc
Changed
@@ -1469,7 +1469,8 @@ cm->cmsg_level = SOL_UDP; cm->cmsg_type = UDP_SEGMENT; cm->cmsg_len = CMSG_LEN(sizeof(uint16_t)); - *(reinterpret_cast<uint16_t *>(CMSG_DATA(cm))) = gso_size; + uint16_t n = gso_size; + memcpy(CMSG_DATA(cm), &n, sizeof(n)); } # endif // UDP_SEGMENT
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/http2.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/http2.cc
Changed
@@ -1044,12 +1044,39 @@ switch (*first) { case '"': return first; + // quoted-pair case '\\': ++first; if (first == last) { return first; } + + switch (*first) { + case '\t': + case ' ': + break; + default: + if ((0x21 <= *first && *first <= 0x7e) /* VCHAR */ || + (0x80 <= *first && *first <= 0xff) /* obs-text */) { + break; + } + + return last; + } + + break; + // qdtext + case '\t': + case ' ': + case '!': break; + default: + if ((0x23 <= *first && *first <= 0x5b) || + (0x5d <= *first && *first <= 0x7e)) { + break; + } + + return last; } ++first; } @@ -1957,6 +1984,108 @@ return major <= 0 || (major == 1 && minor == 0); } +bool check_transfer_encoding(const StringRef &s) { + if (s.empty()) { + return false; + } + + auto it = std::begin(s); + + for (;;) { + // token + if (!util::in_token(*it)) { + return false; + } + + ++it; + + for (; it != std::end(s) && util::in_token(*it); ++it) + ; + + if (it == std::end(s)) { + return true; + } + + for (;;) { + // OWS + it = skip_lws(it, std::end(s)); + if (it == std::end(s)) { + return false; + } + + if (*it == ',') { + ++it; + + it = skip_lws(it, std::end(s)); + if (it == std::end(s)) { + return false; + } + + break; + } + + if (*it != ';') { + return false; + } + + ++it; + + // transfer-parameter follows + + // OWS + it = skip_lws(it, std::end(s)); + if (it == std::end(s)) { + return false; + } + + // token + if (!util::in_token(*it)) { + return false; + } + + ++it; + + for (; it != std::end(s) && util::in_token(*it); ++it) + ; + + if (it == std::end(s)) { + return false; + } + + // No BWS allowed + if (*it != '=') { + return false; + } + + ++it; + + if (util::in_token(*it)) { + // token + ++it; + + for (; it != std::end(s) && util::in_token(*it); ++it) + ; + } else if (*it == '"') { + // quoted-string + ++it; + + it = skip_to_right_dquote(it, std::end(s)); + if (it == std::end(s)) { + return false; + } + + ++it; + } else { + return false; + } + + if (it == std::end(s)) { + return true; + } + } + } +} + } // namespace http2 } // namespace nghttp2
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/http2.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/http2.h
Changed
@@ -444,6 +444,11 @@ // HTTP/0.9 or HTTP/1.0). bool legacy_http1(int major, int minor); +// Returns true if transfer-encoding field value |s| conforms RFC +// strictly. This function does not allow empty value, BWS, and empty +// list elements. +bool check_transfer_encoding(const StringRef &s); + } // namespace http2 } // namespace nghttp2
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/http2_test.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/http2_test.cc
Changed
@@ -1189,4 +1189,61 @@ CU_ASSERT(http2::contains_trailers(StringRef::from_lit(",trailers"))); } +void test_http2_check_transfer_encoding(void) { + CU_ASSERT(http2::check_transfer_encoding(StringRef::from_lit("chunked"))); + CU_ASSERT(http2::check_transfer_encoding(StringRef::from_lit("foo,chunked"))); + CU_ASSERT( + http2::check_transfer_encoding(StringRef::from_lit("foo, chunked"))); + CU_ASSERT( + http2::check_transfer_encoding(StringRef::from_lit("foo , chunked"))); + CU_ASSERT( + http2::check_transfer_encoding(StringRef::from_lit("chunked;foo=bar"))); + CU_ASSERT( + http2::check_transfer_encoding(StringRef::from_lit("chunked ; foo=bar"))); + CU_ASSERT(http2::check_transfer_encoding( + StringRef::from_lit(R"(chunked;foo="bar")"))); + CU_ASSERT(http2::check_transfer_encoding( + StringRef::from_lit(R"(chunked;foo="\bar\"";FOO=BAR)"))); + CU_ASSERT( + http2::check_transfer_encoding(StringRef::from_lit(R"(chunked;foo="")"))); + CU_ASSERT(http2::check_transfer_encoding( + StringRef::from_lit(R"(chunked;foo="bar" , gzip)"))); + + CU_ASSERT(!http2::check_transfer_encoding(StringRef{})); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit(",chunked"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit("chunked,"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit("chunked, "))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit("foo,,chunked"))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit("chunked;foo"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit("chunked;"))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit("chunked;foo=bar;"))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit("chunked;?=bar"))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit("chunked;=bar"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit("chunked;;"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit("chunked?"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit(","))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit(" "))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit(";"))); + CU_ASSERT(!http2::check_transfer_encoding(StringRef::from_lit("\""))); + CU_ASSERT(!http2::check_transfer_encoding( + StringRef::from_lit(R"(chunked;foo="bar)"))); + CU_ASSERT(!http2::check_transfer_encoding( + StringRef::from_lit(R"(chunked;foo="bar\)"))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit(R"(chunked;foo="bar\)" + "\x0a" + R"(")"))); + CU_ASSERT( + !http2::check_transfer_encoding(StringRef::from_lit(R"(chunked;foo=")" + "\x0a" + R"(")"))); + CU_ASSERT(!http2::check_transfer_encoding( + StringRef::from_lit(R"(chunked;foo="bar",,gzip)"))); +} + } // namespace shrpx
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/http2_test.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/http2_test.h
Changed
@@ -47,6 +47,7 @@ void test_http2_get_pure_path_component(void); void test_http2_construct_push_component(void); void test_http2_contains_trailers(void); +void test_http2_check_transfer_encoding(void); } // namespace shrpx
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx-unittest.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx-unittest.cc
Changed
@@ -109,6 +109,8 @@ shrpx::test_http2_construct_push_component) || !CU_add_test(pSuite, "http2_contains_trailers", shrpx::test_http2_contains_trailers) || + !CU_add_test(pSuite, "http2_check_transfer_encoding", + shrpx::test_http2_check_transfer_encoding) || !CU_add_test(pSuite, "downstream_field_store_append_last_header", shrpx::test_downstream_field_store_append_last_header) || !CU_add_test(pSuite, "downstream_field_store_header",
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx.cc
Changed
@@ -1675,10 +1675,10 @@ } #endif // ENABLE_HTTP3 - close(worker_process_ready_ipc_fd0); - shutdown_worker_process_ready_ipc_watcher(EV_DEFAULT); - if (!config->single_process) { + close(worker_process_ready_ipc_fd0); + shutdown_worker_process_ready_ipc_watcher(EV_DEFAULT); + shutdown_signal_watchers(EV_DEFAULT); } @@ -3324,15 +3324,17 @@ in HTTP/2 frontend. --add-request-header=<HEADER> Specify additional header field to add to request header - set. This option just appends header field and won't - replace anything already set. This option can be used - several times to specify multiple header fields. + set. The field name must be lowercase. This option + just appends header field and won't replace anything + already set. This option can be used several times to + specify multiple header fields. Example: --add-request-header="foo: bar" --add-response-header=<HEADER> Specify additional header field to add to response - header set. This option just appends header field and - won't replace anything already set. This option can be - used several times to specify multiple header fields. + header set. The field name must be lowercase. This + option just appends header field and won't replace + anything already set. This option can be used several + times to specify multiple header fields. Example: --add-response-header="foo: bar" --request-header-field-buffer=<SIZE> Set maximum buffer size for incoming HTTP request header @@ -3520,15 +3522,12 @@ NEW_TOKEN frame in the previous connection. --frontend-quic-congestion-controller=<CC> Specify a congestion controller algorithm for a frontend - QUIC connection. <CC> should be one of "cubic", "bbr", - and "bbr2". + QUIC connection. <CC> should be either "cubic" or + "bbr". Default: )" << (config->quic.upstream.congestion_controller == NGTCP2_CC_ALGO_CUBIC ? "cubic" - : (config->quic.upstream.congestion_controller == - NGTCP2_CC_ALGO_BBR - ? "bbr" - : "bbr2")) + : "bbr") << R"( --frontend-quic-secret-file=<PATH> Path to file that contains secure random data to be used
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_config.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_config.cc
Changed
@@ -4116,10 +4116,8 @@ config->quic.upstream.congestion_controller = NGTCP2_CC_ALGO_CUBIC; } else if (util::strieq_l("bbr", optarg)) { config->quic.upstream.congestion_controller = NGTCP2_CC_ALGO_BBR; - } else if (util::strieq_l("bbr2", optarg)) { - config->quic.upstream.congestion_controller = NGTCP2_CC_ALGO_BBR2; } else { - LOG(ERROR) << opt << ": must be one of cubic, bbr, and bbr2"; + LOG(ERROR) << opt << ": must be either cubic or bbr"; return -1; } #endif // ENABLE_HTTP3
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_connection.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_connection.cc
Changed
@@ -1019,6 +1019,10 @@ tls.last_readlen = 0; } + auto &tlsconf = get_config()->tls; + auto via_bio = + tls.server_handshake && !tlsconf.session_cache.memcached.host.empty(); + #if OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL) if (!tls.early_data_finish) { // TLSv1.3 handshake is still going on. @@ -1056,6 +1060,11 @@ // We may have stopped write watcher in write_tls. wlimit.startw(); } + + if (!via_bio) { + rlimit.drain(nread); + } + return nread; } #endif // OPENSSL_1_1_1_API && !defined(OPENSSL_IS_BORINGSSL) @@ -1088,6 +1097,10 @@ } } + if (!via_bio) { + rlimit.drain(rv); + } + return rv; }
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_downstream.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_downstream.cc
Changed
@@ -864,9 +864,6 @@ auto transfer_encoding = req_.fs.header(http2::HD_TRANSFER_ENCODING); if (transfer_encoding) { req_.fs.content_length = -1; - if (util::iends_with_l(transfer_encoding->value, "chunked")) { - chunked_request_ = true; - } } auto expect = req_.fs.header(http2::HD_EXPECT); @@ -879,9 +876,6 @@ auto transfer_encoding = resp_.fs.header(http2::HD_TRANSFER_ENCODING); if (transfer_encoding) { resp_.fs.content_length = -1; - if (util::iends_with_l(transfer_encoding->value, "chunked")) { - chunked_response_ = true; - } } }
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_http3_upstream.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_http3_upstream.cc
Changed
@@ -421,7 +421,7 @@ void *stream_user_data) { auto upstream = static_cast<Http3Upstream *>(user_data); - if (upstream->http_shutdown_stream_read(stream_id) != 0) { + if (upstream->stream_reset(stream_id) != 0) { return NGTCP2_ERR_CALLBACK_FAILURE; } @@ -429,6 +429,24 @@ } } // namespace +int Http3Upstream::stream_reset(int64_t stream_id) { + if (http_shutdown_stream_read(stream_id) != 0) { + return -1; + } + + if (ngtcp2_is_bidi_stream(stream_id)) { + auto rv = ngtcp2_conn_shutdown_stream_write(conn_, 0, stream_id, + NGHTTP3_H3_NO_ERROR); + if (rv != 0) { + ULOG(ERROR, this) << "ngtcp2_conn_shutdown_stream_write: " + << ngtcp2_strerror(rv); + return -1; + } + } + + return 0; +} + int Http3Upstream::http_shutdown_stream_read(int64_t stream_id) { if (!httpconn_) { return 0; @@ -551,7 +569,7 @@ const Address &local_addr, const ngtcp2_pkt_hd &initial_hd, const ngtcp2_cid *odcid, const uint8_t *token, - size_t tokenlen) { + size_t tokenlen, ngtcp2_token_type token_type) { int rv; auto worker = handler_->get_worker(); @@ -638,6 +656,7 @@ settings.rand_ctx.native_handle = &worker->get_randgen(); settings.token = token; settings.tokenlen = tokenlen; + settings.token_type = token_type; settings.initial_pkt_num = std::uniform_int_distribution<uint32_t>( 0, std::numeric_limits<int32_t>::max())(worker->get_randgen()); @@ -1559,9 +1578,7 @@ auto cw = std::make_unique<CloseWait>(worker, std::move(scids), std::move(conn_close_), d); - quic_conn_handler->add_close_wait(cw.get()); - - cw.release(); + quic_conn_handler->add_close_wait(cw.release()); } int Http3Upstream::on_downstream_reset(Downstream *downstream, bool no_retry) {
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_http3_upstream.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_http3_upstream.h
Changed
@@ -89,7 +89,8 @@ int init(const UpstreamAddr *faddr, const Address &remote_addr, const Address &local_addr, const ngtcp2_pkt_hd &initial_hd, - const ngtcp2_cid *odcid, const uint8_t *token, size_t tokenlen); + const ngtcp2_cid *odcid, const uint8_t *token, size_t tokenlen, + ngtcp2_token_type token_type); int on_read(const UpstreamAddr *faddr, const Address &remote_addr, const Address &local_addr, const ngtcp2_pkt_info &pi, @@ -124,6 +125,7 @@ void consume(int64_t stream_id, size_t nconsumed); void remove_downstream(Downstream *downstream); int stream_close(int64_t stream_id, uint64_t app_error_code); + int stream_reset(int64_t stream_id); void log_response_headers(Downstream *downstream, const std::vector<nghttp3_nv> &nva) const; int http_acked_stream_data(Downstream *downstream, uint64_t datalen);
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_http_downstream_connection.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_http_downstream_connection.cc
Changed
@@ -929,6 +929,11 @@ for (auto &kv : resp.fs.headers()) { kv.value = util::rstrip(balloc, kv.value); + + if (kv.token == http2::HD_TRANSFER_ENCODING && + !http2::check_transfer_encoding(kv.value)) { + return -1; + } } auto config = get_config(); @@ -1004,6 +1009,16 @@ resp.connection_close = !llhttp_should_keep_alive(htp); downstream->set_response_state(DownstreamState::HEADER_COMPLETE); downstream->inspect_http1_response(); + + if (htp->flags & F_CHUNKED) { + downstream->set_chunked_response(true); + } + + auto transfer_encoding = resp.fs.header(http2::HD_TRANSFER_ENCODING); + if (transfer_encoding && !downstream->get_chunked_response()) { + resp.connection_close = true; + } + if (downstream->get_upgraded()) { // content-length must be ignored for upgraded connection. resp.fs.content_length = -1;
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_https_upstream.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_https_upstream.cc
Changed
@@ -345,6 +345,11 @@ for (auto &kv : req.fs.headers()) { kv.value = util::rstrip(balloc, kv.value); + + if (kv.token == http2::HD_TRANSFER_ENCODING && + !http2::check_transfer_encoding(kv.value)) { + return -1; + } } auto lgconf = log_config(); @@ -414,6 +419,16 @@ downstream->inspect_http1_request(); + if (htp->flags & F_CHUNKED) { + downstream->set_chunked_request(true); + } + + auto transfer_encoding = req.fs.header(http2::HD_TRANSFER_ENCODING); + if (transfer_encoding && + http2::legacy_http1(req.http_major, req.http_minor)) { + return -1; + } + auto faddr = handler->get_upstream_addr(); auto config = get_config();
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_quic.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_quic.cc
Changed
@@ -66,11 +66,11 @@ msg.msg_iov = &msg_iov; msg.msg_iovlen = 1; - uint8_t msg_ctrl + uint8_t msg_ctrlCMSG_SPACE(sizeof(int)) + #ifdef UDP_SEGMENT - CMSG_SPACE(sizeof(uint16_t)) + + CMSG_SPACE(sizeof(uint16_t)) + #endif // UDP_SEGMENT - CMSG_SPACE(sizeof(in6_pktinfo)); + CMSG_SPACE(sizeof(in6_pktinfo)); memset(msg_ctrl, 0, sizeof(msg_ctrl)); @@ -87,11 +87,12 @@ cm->cmsg_level = IPPROTO_IP; cm->cmsg_type = IP_PKTINFO; cm->cmsg_len = CMSG_LEN(sizeof(in_pktinfo)); - auto pktinfo = reinterpret_cast<in_pktinfo *>(CMSG_DATA(cm)); - memset(pktinfo, 0, sizeof(in_pktinfo)); + in_pktinfo pktinfo{}; auto addrin = reinterpret_cast<sockaddr_in *>(const_cast<sockaddr *>(local_sa)); - pktinfo->ipi_spec_dst = addrin->sin_addr; + pktinfo.ipi_spec_dst = addrin->sin_addr; + memcpy(CMSG_DATA(cm), &pktinfo, sizeof(pktinfo)); + break; } case AF_INET6: { @@ -99,11 +100,12 @@ cm->cmsg_level = IPPROTO_IPV6; cm->cmsg_type = IPV6_PKTINFO; cm->cmsg_len = CMSG_LEN(sizeof(in6_pktinfo)); - auto pktinfo = reinterpret_cast<in6_pktinfo *>(CMSG_DATA(cm)); - memset(pktinfo, 0, sizeof(in6_pktinfo)); + in6_pktinfo pktinfo{}; auto addrin = reinterpret_cast<sockaddr_in6 *>(const_cast<sockaddr *>(local_sa)); - pktinfo->ipi6_addr = addrin->sin6_addr; + pktinfo.ipi6_addr = addrin->sin6_addr; + memcpy(CMSG_DATA(cm), &pktinfo, sizeof(pktinfo)); + break; } default: @@ -117,13 +119,33 @@ cm->cmsg_level = SOL_UDP; cm->cmsg_type = UDP_SEGMENT; cm->cmsg_len = CMSG_LEN(sizeof(uint16_t)); - *(reinterpret_cast<uint16_t *>(CMSG_DATA(cm))) = gso_size; + uint16_t n = gso_size; + memcpy(CMSG_DATA(cm), &n, sizeof(n)); } #endif // UDP_SEGMENT - msg.msg_controllen = controllen; + controllen += CMSG_SPACE(sizeof(int)); + cm = CMSG_NXTHDR(&msg, cm); + cm->cmsg_len = CMSG_LEN(sizeof(int)); + unsigned int tos = pi.ecn; + memcpy(CMSG_DATA(cm), &tos, sizeof(tos)); + + switch (local_sa->sa_family) { + case AF_INET: + cm->cmsg_level = IPPROTO_IP; + cm->cmsg_type = IP_TOS; - util::fd_set_send_ecn(faddr->fd, local_sa->sa_family, pi.ecn); + break; + case AF_INET6: + cm->cmsg_level = IPPROTO_IPV6; + cm->cmsg_type = IPV6_TCLASS; + + break; + default: + assert(0); + } + + msg.msg_controllen = controllen; ssize_t nwrite;
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_quic_connection_handler.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_quic_connection_handler.cc
Changed
@@ -172,6 +172,7 @@ ngtcp2_cid odcid, *podcid = nullptr; const uint8_t *token = nullptr; size_t tokenlen = 0; + ngtcp2_token_type token_type = NGTCP2_TOKEN_TYPE_UNKNOWN; switch (ngtcp2_accept(&hd, data, datalen)) { case 0: { @@ -249,6 +250,7 @@ podcid = &odcid; token = hd.token; tokenlen = hd.tokenlen; + token_type = NGTCP2_TOKEN_TYPE_RETRY; break; } @@ -303,6 +305,7 @@ token = hd.token; tokenlen = hd.tokenlen; + token_type = NGTCP2_TOKEN_TYPE_NEW_TOKEN; break; } @@ -342,7 +345,7 @@ } handler = handle_new_connection(faddr, remote_addr, local_addr, hd, podcid, - token, tokenlen); + token, tokenlen, token_type); if (handler == nullptr) { return 0; } @@ -364,7 +367,7 @@ ClientHandler *QUICConnectionHandler::handle_new_connection( const UpstreamAddr *faddr, const Address &remote_addr, const Address &local_addr, const ngtcp2_pkt_hd &hd, const ngtcp2_cid *odcid, - const uint8_t *token, size_t tokenlen) { + const uint8_t *token, size_t tokenlen, ngtcp2_token_type token_type) { std::array<char, NI_MAXHOST> host; std::array<char, NI_MAXSERV> service; int rv; @@ -415,8 +418,8 @@ StringRef{service.data()}, remote_addr.su.sa.sa_family, faddr); auto upstream = std::make_unique<Http3Upstream>(handler.get()); - if (upstream->init(faddr, remote_addr, local_addr, hd, odcid, token, - tokenlen) != 0) { + if (upstream->init(faddr, remote_addr, local_addr, hd, odcid, token, tokenlen, + token_type) != 0) { return nullptr; } @@ -526,9 +529,7 @@ auto cw = std::make_unique<CloseWait>(worker_, std::vector<ngtcp2_cid>{idcid}, std::move(buf), d); - add_close_wait(cw.get()); - - cw.release(); + add_close_wait(cw.release()); return 0; }
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_quic_connection_handler.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_quic_connection_handler.h
Changed
@@ -116,12 +116,11 @@ const Address &remote_addr, const Address &local_addr, uint64_t error_code, size_t max_pktlen); - ClientHandler *handle_new_connection(const UpstreamAddr *faddr, - const Address &remote_addr, - const Address &local_addr, - const ngtcp2_pkt_hd &hd, - const ngtcp2_cid *odcid, - const uint8_t *token, size_t tokenlen); + ClientHandler * + handle_new_connection(const UpstreamAddr *faddr, const Address &remote_addr, + const Address &local_addr, const ngtcp2_pkt_hd &hd, + const ngtcp2_cid *odcid, const uint8_t *token, + size_t tokenlen, ngtcp2_token_type token_type); void add_connection_id(const ngtcp2_cid &cid, ClientHandler *handler); void remove_connection_id(const ngtcp2_cid &cid);
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/shrpx_quic_listener.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/shrpx_quic_listener.cc
Changed
@@ -59,8 +59,7 @@ msg.msg_iov = &msg_iov; msg.msg_iovlen = 1; - uint8_t msg_ctrlCMSG_SPACE(sizeof(uint8_t)) + - CMSG_SPACE(sizeof(in6_pktinfo)) + + uint8_t msg_ctrlCMSG_SPACE(sizeof(int)) + CMSG_SPACE(sizeof(in6_pktinfo)) + CMSG_SPACE(sizeof(uint16_t)); msg.msg_control = msg_ctrl;
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/util.cc -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/util.cc
Changed
@@ -41,6 +41,9 @@ #ifdef HAVE_NETINET_IN_H # include <netinet/in.h> #endif // HAVE_NETINET_IN_H +#ifdef HAVE_NETINET_IP_H +# include <netinet/ip.h> +#endif // HAVE_NETINET_IP_H #include <netinet/udp.h> #ifdef _WIN32 # include <ws2tcpip.h> @@ -102,17 +105,34 @@ const char UPPER_XDIGITS = "0123456789ABCDEF"; bool in_rfc3986_unreserved_chars(const char c) { - static constexpr char unreserved = {'-', '.', '_', '~'}; - return is_alpha(c) || is_digit(c) || - std::find(std::begin(unreserved), std::end(unreserved), c) != - std::end(unreserved); + switch (c) { + case '-': + case '.': + case '_': + case '~': + return true; + } + + return is_alpha(c) || is_digit(c); } bool in_rfc3986_sub_delims(const char c) { - static constexpr char sub_delims = {'!', '$', '&', '\'', '(', ')', - '*', '+', ',', ';', '='}; - return std::find(std::begin(sub_delims), std::end(sub_delims), c) != - std::end(sub_delims); + switch (c) { + case '!': + case '$': + case '&': + case '\'': + case '(': + case ')': + case '*': + case '+': + case ',': + case ';': + case '=': + return true; + } + + return false; } std::string percent_encode(const unsigned char *target, size_t len) { @@ -137,16 +157,37 @@ } bool in_token(char c) { - static constexpr char extra = {'!', '#', '$', '%', '&', '\'', '*', '+', - '-', '.', '^', '_', '`', '|', '~'}; - return is_alpha(c) || is_digit(c) || - std::find(std::begin(extra), std::end(extra), c) != std::end(extra); + switch (c) { + case '!': + case '#': + case '$': + case '%': + case '&': + case '\'': + case '*': + case '+': + case '-': + case '.': + case '^': + case '_': + case '`': + case '|': + case '~': + return true; + } + + return is_alpha(c) || is_digit(c); } bool in_attr_char(char c) { - static constexpr char bad = {'*', '\'', '%'}; - return util::in_token(c) && - std::find(std::begin(bad), std::end(bad), c) == std::end(bad); + switch (c) { + case '*': + case '\'': + case '%': + return false; + } + + return util::in_token(c); } StringRef percent_encode_token(BlockAllocator &balloc, @@ -1680,11 +1721,12 @@ case AF_INET: for (auto cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_PKTINFO) { - auto pktinfo = reinterpret_cast<in_pktinfo *>(CMSG_DATA(cmsg)); + in_pktinfo pktinfo; + memcpy(&pktinfo, CMSG_DATA(cmsg), sizeof(pktinfo)); dest.len = sizeof(dest.su.in); auto &sa = dest.su.in; sa.sin_family = AF_INET; - sa.sin_addr = pktinfo->ipi_addr; + sa.sin_addr = pktinfo.ipi_addr; return 0; } @@ -1694,11 +1736,12 @@ case AF_INET6: for (auto cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_PKTINFO) { - auto pktinfo = reinterpret_cast<in6_pktinfo *>(CMSG_DATA(cmsg)); + in6_pktinfo pktinfo; + memcpy(&pktinfo, CMSG_DATA(cmsg), sizeof(pktinfo)); dest.len = sizeof(dest.su.in6); auto &sa = dest.su.in6; sa.sin6_family = AF_INET6; - sa.sin6_addr = pktinfo->ipi6_addr; + sa.sin6_addr = pktinfo.ipi6_addr; return 0; } } @@ -1709,13 +1752,18 @@ return -1; } -unsigned int msghdr_get_ecn(msghdr *msg, int family) { +uint8_t msghdr_get_ecn(msghdr *msg, int family) { switch (family) { case AF_INET: for (auto cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { - if (cmsg->cmsg_level == IPPROTO_IP && cmsg->cmsg_type == IP_TOS && - cmsg->cmsg_len) { - return *reinterpret_cast<uint8_t *>(CMSG_DATA(cmsg)); + if (cmsg->cmsg_level == IPPROTO_IP && +# ifdef __APPLE__ + cmsg->cmsg_type == IP_RECVTOS +# else // !__APPLE__ + cmsg->cmsg_type == IP_TOS +# endif // !__APPLE__ + && cmsg->cmsg_len) { + return *reinterpret_cast<uint8_t *>(CMSG_DATA(cmsg)) & IPTOS_ECN_MASK; } } @@ -1724,7 +1772,11 @@ for (auto cmsg = CMSG_FIRSTHDR(msg); cmsg; cmsg = CMSG_NXTHDR(msg, cmsg)) { if (cmsg->cmsg_level == IPPROTO_IPV6 && cmsg->cmsg_type == IPV6_TCLASS && cmsg->cmsg_len) { - return *reinterpret_cast<uint8_t *>(CMSG_DATA(cmsg)); + unsigned int tos; + + memcpy(&tos, CMSG_DATA(cmsg), sizeof(tos)); + + return tos & IPTOS_ECN_MASK; } } @@ -1749,27 +1801,6 @@ return gso_size; } - -int fd_set_send_ecn(int fd, int family, unsigned int ecn) { - switch (family) { - case AF_INET: - if (setsockopt(fd, IPPROTO_IP, IP_TOS, &ecn, - static_cast<socklen_t>(sizeof(ecn))) == -1) { - return -1; - } - - return 0; - case AF_INET6: - if (setsockopt(fd, IPPROTO_IPV6, IPV6_TCLASS, &ecn, - static_cast<socklen_t>(sizeof(ecn))) == -1) { - return -1; - } - - return 0; - } - - return -1; -} #endif // ENABLE_HTTP3 } // namespace util
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/src/util.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/src/util.h
Changed
@@ -957,13 +957,11 @@ #ifdef ENABLE_HTTP3 int msghdr_get_local_addr(Address &dest, msghdr *msg, int family); -unsigned int msghdr_get_ecn(msghdr *msg, int family); +uint8_t msghdr_get_ecn(msghdr *msg, int family); // msghdr_get_udp_gro returns UDP_GRO value from |msg|. If UDP_GRO is // not found, or UDP_GRO is not supported, this function returns 0. size_t msghdr_get_udp_gro(msghdr *msg); - -int fd_set_send_ecn(int fd, int family, unsigned int ecn); #endif // ENABLE_HTTP3 } // namespace util
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/CMakeLists.txt -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/CMakeLists.txt
Changed
@@ -22,6 +22,7 @@ nghttp2_buf_test.c nghttp2_http_test.c nghttp2_extpri_test.c + nghttp2_ratelim_test.c ) add_executable(main EXCLUDE_FROM_ALL
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/Makefile.am -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/Makefile.am
Changed
@@ -42,7 +42,8 @@ nghttp2_helper_test.c \ nghttp2_buf_test.c \ nghttp2_http_test.c \ - nghttp2_extpri_test.c + nghttp2_extpri_test.c \ + nghttp2_ratelim_test.c HFILES = nghttp2_pq_test.h nghttp2_map_test.h nghttp2_queue_test.h \ nghttp2_session_test.h \ @@ -51,7 +52,8 @@ nghttp2_test_helper.h \ nghttp2_buf_test.h \ nghttp2_http_test.h \ - nghttp2_extpri_test.h + nghttp2_extpri_test.h \ + nghttp2_ratelim_test.h main_SOURCES = $(HFILES) $(OBJECTS) @@ -79,6 +81,7 @@ -I${top_srcdir}/lib/includes \ -I${top_builddir}/lib/includes \ -DBUILDING_NGHTTP2 \ + -DNGHTTP2_STATICLIB \ @CUNIT_CFLAGS@ @DEFS@ TESTS = main
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/Makefile.in -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/Makefile.in
Changed
@@ -151,12 +151,12 @@ nghttp2_frame_test.h nghttp2_stream_test.h nghttp2_hd_test.h \ nghttp2_npn_test.h nghttp2_helper_test.h nghttp2_test_helper.h \ nghttp2_buf_test.h nghttp2_http_test.h nghttp2_extpri_test.h \ - main.c nghttp2_pq_test.c nghttp2_map_test.c \ - nghttp2_queue_test.c nghttp2_test_helper.c \ + nghttp2_ratelim_test.h main.c nghttp2_pq_test.c \ + nghttp2_map_test.c nghttp2_queue_test.c nghttp2_test_helper.c \ nghttp2_frame_test.c nghttp2_stream_test.c \ nghttp2_session_test.c nghttp2_hd_test.c nghttp2_npn_test.c \ nghttp2_helper_test.c nghttp2_buf_test.c nghttp2_http_test.c \ - nghttp2_extpri_test.c + nghttp2_extpri_test.c nghttp2_ratelim_test.c am__objects_1 = @HAVE_CUNIT_TRUE@am__objects_2 = main.$(OBJEXT) \ @HAVE_CUNIT_TRUE@ nghttp2_pq_test.$(OBJEXT) \ @@ -171,7 +171,8 @@ @HAVE_CUNIT_TRUE@ nghttp2_helper_test.$(OBJEXT) \ @HAVE_CUNIT_TRUE@ nghttp2_buf_test.$(OBJEXT) \ @HAVE_CUNIT_TRUE@ nghttp2_http_test.$(OBJEXT) \ -@HAVE_CUNIT_TRUE@ nghttp2_extpri_test.$(OBJEXT) +@HAVE_CUNIT_TRUE@ nghttp2_extpri_test.$(OBJEXT) \ +@HAVE_CUNIT_TRUE@ nghttp2_ratelim_test.$(OBJEXT) @HAVE_CUNIT_TRUE@am_main_OBJECTS = $(am__objects_1) $(am__objects_2) main_OBJECTS = $(am_main_OBJECTS) @ENABLE_STATIC_FALSE@@HAVE_CUNIT_TRUE@main_DEPENDENCIES = ${top_builddir}/lib/.libs/*.o \ @@ -207,6 +208,7 @@ ./$(DEPDIR)/nghttp2_map_test.Po \ ./$(DEPDIR)/nghttp2_npn_test.Po ./$(DEPDIR)/nghttp2_pq_test.Po \ ./$(DEPDIR)/nghttp2_queue_test.Po \ + ./$(DEPDIR)/nghttp2_ratelim_test.Po \ ./$(DEPDIR)/nghttp2_session_test.Po \ ./$(DEPDIR)/nghttp2_stream_test.Po \ ./$(DEPDIR)/nghttp2_test_helper.Po @@ -710,7 +712,8 @@ @HAVE_CUNIT_TRUE@ nghttp2_helper_test.c \ @HAVE_CUNIT_TRUE@ nghttp2_buf_test.c \ @HAVE_CUNIT_TRUE@ nghttp2_http_test.c \ -@HAVE_CUNIT_TRUE@ nghttp2_extpri_test.c +@HAVE_CUNIT_TRUE@ nghttp2_extpri_test.c \ +@HAVE_CUNIT_TRUE@ nghttp2_ratelim_test.c @HAVE_CUNIT_TRUE@HFILES = nghttp2_pq_test.h nghttp2_map_test.h nghttp2_queue_test.h \ @HAVE_CUNIT_TRUE@ nghttp2_session_test.h \ @@ -719,7 +722,8 @@ @HAVE_CUNIT_TRUE@ nghttp2_test_helper.h \ @HAVE_CUNIT_TRUE@ nghttp2_buf_test.h \ @HAVE_CUNIT_TRUE@ nghttp2_http_test.h \ -@HAVE_CUNIT_TRUE@ nghttp2_extpri_test.h +@HAVE_CUNIT_TRUE@ nghttp2_extpri_test.h \ +@HAVE_CUNIT_TRUE@ nghttp2_ratelim_test.h @HAVE_CUNIT_TRUE@main_SOURCES = $(HFILES) $(OBJECTS) # With static lib disabled and symbol hiding enabled, we have to link object @@ -740,6 +744,7 @@ @HAVE_CUNIT_TRUE@ -I${top_srcdir}/lib/includes \ @HAVE_CUNIT_TRUE@ -I${top_builddir}/lib/includes \ @HAVE_CUNIT_TRUE@ -DBUILDING_NGHTTP2 \ +@HAVE_CUNIT_TRUE@ -DNGHTTP2_STATICLIB \ @HAVE_CUNIT_TRUE@ @CUNIT_CFLAGS@ @DEFS@ all: all-recursive @@ -813,6 +818,7 @@ @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_npn_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_pq_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_queue_test.Po@am__quote@ # am--include-marker +@AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_ratelim_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_session_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_stream_test.Po@am__quote@ # am--include-marker @AMDEP_TRUE@@am__include@ @am__quote@./$(DEPDIR)/nghttp2_test_helper.Po@am__quote@ # am--include-marker @@ -1239,6 +1245,7 @@ -rm -f ./$(DEPDIR)/nghttp2_npn_test.Po -rm -f ./$(DEPDIR)/nghttp2_pq_test.Po -rm -f ./$(DEPDIR)/nghttp2_queue_test.Po + -rm -f ./$(DEPDIR)/nghttp2_ratelim_test.Po -rm -f ./$(DEPDIR)/nghttp2_session_test.Po -rm -f ./$(DEPDIR)/nghttp2_stream_test.Po -rm -f ./$(DEPDIR)/nghttp2_test_helper.Po @@ -1301,6 +1308,7 @@ -rm -f ./$(DEPDIR)/nghttp2_npn_test.Po -rm -f ./$(DEPDIR)/nghttp2_pq_test.Po -rm -f ./$(DEPDIR)/nghttp2_queue_test.Po + -rm -f ./$(DEPDIR)/nghttp2_ratelim_test.Po -rm -f ./$(DEPDIR)/nghttp2_session_test.Po -rm -f ./$(DEPDIR)/nghttp2_stream_test.Po -rm -f ./$(DEPDIR)/nghttp2_test_helper.Po
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/main.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/main.c
Changed
@@ -42,6 +42,7 @@ #include "nghttp2_buf_test.h" #include "nghttp2_http_test.h" #include "nghttp2_extpri_test.h" +#include "nghttp2_ratelim_test.h" extern int nghttp2_enable_strict_preface; @@ -343,6 +344,8 @@ test_nghttp2_session_no_rfc7540_priorities) || !CU_add_test(pSuite, "session_server_fallback_rfc7540_priorities", test_nghttp2_session_server_fallback_rfc7540_priorities) || + !CU_add_test(pSuite, "session_stream_reset_ratelim", + test_nghttp2_session_stream_reset_ratelim) || !CU_add_test(pSuite, "http_mandatory_headers", test_nghttp2_http_mandatory_headers) || !CU_add_test(pSuite, "http_content_length", @@ -449,7 +452,9 @@ !CU_add_test(pSuite, "bufs_realloc", test_nghttp2_bufs_realloc) || !CU_add_test(pSuite, "http_parse_priority", test_nghttp2_http_parse_priority) || - !CU_add_test(pSuite, "extpri_to_uint8", test_nghttp2_extpri_to_uint8)) { + !CU_add_test(pSuite, "extpri_to_uint8", test_nghttp2_extpri_to_uint8) || + !CU_add_test(pSuite, "ratelim_update", test_nghttp2_ratelim_update) || + !CU_add_test(pSuite, "ratelim_drain", test_nghttp2_ratelim_drain)) { CU_cleanup_registry(); return (int)CU_get_error(); }
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/nghttp2_frame_test.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/nghttp2_frame_test.c
Changed
@@ -210,7 +210,6 @@ nghttp2_priority frame, oframe; nghttp2_bufs bufs; nghttp2_priority_spec pri_spec; - int rv; frame_pack_bufs_init(&bufs); @@ -218,9 +217,8 @@ nghttp2_priority_spec_init(&pri_spec, 1000000009, 12, 1); nghttp2_frame_priority_init(&frame, 1000000007, &pri_spec); - rv = nghttp2_frame_pack_priority(&bufs, &frame); + nghttp2_frame_pack_priority(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(NGHTTP2_FRAME_HDLEN + 5 == nghttp2_bufs_len(&bufs)); CU_ASSERT(0 == unpack_framebuf((nghttp2_frame *)&oframe, &bufs)); check_frame_header(5, NGHTTP2_PRIORITY, NGHTTP2_FLAG_NONE, 1000000007, @@ -240,14 +238,12 @@ void test_nghttp2_frame_pack_rst_stream(void) { nghttp2_rst_stream frame, oframe; nghttp2_bufs bufs; - int rv; frame_pack_bufs_init(&bufs); nghttp2_frame_rst_stream_init(&frame, 1000000007, NGHTTP2_PROTOCOL_ERROR); - rv = nghttp2_frame_pack_rst_stream(&bufs, &frame); + nghttp2_frame_pack_rst_stream(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(NGHTTP2_FRAME_HDLEN + 4 == nghttp2_bufs_len(&bufs)); CU_ASSERT(0 == unpack_framebuf((nghttp2_frame *)&oframe, &bufs)); check_frame_header(4, NGHTTP2_RST_STREAM, NGHTTP2_FLAG_NONE, 1000000007, @@ -259,9 +255,8 @@ /* Unknown error code is passed to callback as is */ frame.error_code = 1000000009; - rv = nghttp2_frame_pack_rst_stream(&bufs, &frame); + nghttp2_frame_pack_rst_stream(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(0 == unpack_framebuf((nghttp2_frame *)&oframe, &bufs)); check_frame_header(4, NGHTTP2_RST_STREAM, NGHTTP2_FLAG_NONE, 1000000007, @@ -365,14 +360,12 @@ nghttp2_ping frame, oframe; nghttp2_bufs bufs; const uint8_t opaque_data = "01234567"; - int rv; frame_pack_bufs_init(&bufs); nghttp2_frame_ping_init(&frame, NGHTTP2_FLAG_ACK, opaque_data); - rv = nghttp2_frame_pack_ping(&bufs, &frame); + nghttp2_frame_pack_ping(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(NGHTTP2_FRAME_HDLEN + 8 == nghttp2_bufs_len(&bufs)); CU_ASSERT(0 == unpack_framebuf((nghttp2_frame *)&oframe, &bufs)); check_frame_header(8, NGHTTP2_PING, NGHTTP2_FLAG_ACK, 0, &oframe.hd); @@ -435,14 +428,12 @@ void test_nghttp2_frame_pack_window_update(void) { nghttp2_window_update frame, oframe; nghttp2_bufs bufs; - int rv; frame_pack_bufs_init(&bufs); nghttp2_frame_window_update_init(&frame, NGHTTP2_FLAG_NONE, 1000000007, 4096); - rv = nghttp2_frame_pack_window_update(&bufs, &frame); + nghttp2_frame_pack_window_update(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(NGHTTP2_FRAME_HDLEN + 4 == nghttp2_bufs_len(&bufs)); CU_ASSERT(0 == unpack_framebuf((nghttp2_frame *)&oframe, &bufs)); check_frame_header(4, NGHTTP2_WINDOW_UPDATE, NGHTTP2_FLAG_NONE, 1000000007, @@ -485,9 +476,8 @@ payloadlen = 2 + sizeof(origin) - 1 + sizeof(field_value) - 1; - rv = nghttp2_frame_pack_altsvc(&bufs, &frame); + nghttp2_frame_pack_altsvc(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(NGHTTP2_FRAME_HDLEN + payloadlen == nghttp2_bufs_len(&bufs)); rv = unpack_framebuf((nghttp2_frame *)&oframe, &bufs); @@ -618,9 +608,8 @@ payloadlen = 4 + sizeof(field_value) - 1; - rv = nghttp2_frame_pack_priority_update(&bufs, &frame); + nghttp2_frame_pack_priority_update(&bufs, &frame); - CU_ASSERT(0 == rv); CU_ASSERT(NGHTTP2_FRAME_HDLEN + payloadlen == nghttp2_bufs_len(&bufs)); rv = unpack_framebuf((nghttp2_frame *)&oframe, &bufs);
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/tests/nghttp2_ratelim_test.c
Added
@@ -0,0 +1,101 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2023 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#include "nghttp2_ratelim_test.h" + +#include <stdio.h> + +#include <CUnit/CUnit.h> + +#include "nghttp2_ratelim.h" + +void test_nghttp2_ratelim_update(void) { + nghttp2_ratelim rl; + + nghttp2_ratelim_init(&rl, 1000, 21); + + CU_ASSERT(1000 == rl.val); + CU_ASSERT(1000 == rl.burst); + CU_ASSERT(21 == rl.rate); + CU_ASSERT(0 == rl.tstamp); + + nghttp2_ratelim_update(&rl, 999); + + CU_ASSERT(1000 == rl.val); + CU_ASSERT(999 == rl.tstamp); + + nghttp2_ratelim_drain(&rl, 100); + + CU_ASSERT(900 == rl.val); + + nghttp2_ratelim_update(&rl, 1000); + + CU_ASSERT(921 == rl.val); + + nghttp2_ratelim_update(&rl, 1002); + + CU_ASSERT(963 == rl.val); + + nghttp2_ratelim_update(&rl, 1004); + + CU_ASSERT(1000 == rl.val); + CU_ASSERT(1004 == rl.tstamp); + + /* timer skew */ + nghttp2_ratelim_init(&rl, 1000, 21); + nghttp2_ratelim_update(&rl, 1); + + CU_ASSERT(1000 == rl.val); + + nghttp2_ratelim_update(&rl, 0); + + CU_ASSERT(1000 == rl.val); + + /* rate * duration overflow */ + nghttp2_ratelim_init(&rl, 1000, 100); + nghttp2_ratelim_drain(&rl, 999); + + CU_ASSERT(1 == rl.val); + + nghttp2_ratelim_update(&rl, UINT64_MAX); + + CU_ASSERT(1000 == rl.val); + + /* val + rate * duration overflow */ + nghttp2_ratelim_init(&rl, UINT64_MAX - 1, 2); + nghttp2_ratelim_update(&rl, 1); + + CU_ASSERT(UINT64_MAX - 1 == rl.val); +} + +void test_nghttp2_ratelim_drain(void) { + nghttp2_ratelim rl; + + nghttp2_ratelim_init(&rl, 100, 7); + + CU_ASSERT(-1 == nghttp2_ratelim_drain(&rl, 101)); + CU_ASSERT(0 == nghttp2_ratelim_drain(&rl, 51)); + CU_ASSERT(0 == nghttp2_ratelim_drain(&rl, 49)); + CU_ASSERT(-1 == nghttp2_ratelim_drain(&rl, 1)); +}
View file
_service:tar_scm:nghttp2-1.58.0.tar.xz/tests/nghttp2_ratelim_test.h
Added
@@ -0,0 +1,35 @@ +/* + * nghttp2 - HTTP/2 C Library + * + * Copyright (c) 2023 nghttp2 contributors + * + * Permission is hereby granted, free of charge, to any person obtaining + * a copy of this software and associated documentation files (the + * "Software"), to deal in the Software without restriction, including + * without limitation the rights to use, copy, modify, merge, publish, + * distribute, sublicense, and/or sell copies of the Software, and to + * permit persons to whom the Software is furnished to do so, subject to + * the following conditions: + * + * The above copyright notice and this permission notice shall be + * included in all copies or substantial portions of the Software. + * + * THE SOFTWARE IS PROVIDED "AS IS", WITHOUT WARRANTY OF ANY KIND, + * EXPRESS OR IMPLIED, INCLUDING BUT NOT LIMITED TO THE WARRANTIES OF + * MERCHANTABILITY, FITNESS FOR A PARTICULAR PURPOSE AND + * NONINFRINGEMENT. IN NO EVENT SHALL THE AUTHORS OR COPYRIGHT HOLDERS BE + * LIABLE FOR ANY CLAIM, DAMAGES OR OTHER LIABILITY, WHETHER IN AN ACTION + * OF CONTRACT, TORT OR OTHERWISE, ARISING FROM, OUT OF OR IN CONNECTION + * WITH THE SOFTWARE OR THE USE OR OTHER DEALINGS IN THE SOFTWARE. + */ +#ifndef NGHTTP2_RATELIM_TEST_H +#define NGHTTP2_RATELIM_TEST_H + +#ifdef HAVE_CONFIG_H +# include <config.h> +#endif /* HAVE_CONFIG_H */ + +void test_nghttp2_ratelim_update(void); +void test_nghttp2_ratelim_drain(void); + +#endif /* NGHTTP2_RATELIM_TEST_H */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/nghttp2_session_test.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/nghttp2_session_test.c
Changed
@@ -729,9 +729,7 @@ /* Receive PRIORITY */ nghttp2_frame_priority_init(&frame.priority, 5, &pri_spec_default); - rv = nghttp2_frame_pack_priority(&bufs, &frame.priority); - - CU_ASSERT(0 == rv); + nghttp2_frame_pack_priority(&bufs, &frame.priority); nghttp2_frame_priority_free(&frame.priority); @@ -755,9 +753,7 @@ /* Receive PING with too large payload */ nghttp2_frame_ping_init(&frame.ping, NGHTTP2_FLAG_NONE, NULL); - rv = nghttp2_frame_pack_ping(&bufs, &frame.ping); - - CU_ASSERT(0 == rv); + nghttp2_frame_pack_ping(&bufs, &frame.ping); /* Add extra 16 bytes */ nghttp2_bufs_seek_last_present(&bufs); @@ -1410,9 +1406,8 @@ nghttp2_frame_priority_init(&frame.priority, 1, &pri_spec); nghttp2_bufs_reset(&bufs); - rv = nghttp2_frame_pack_priority(&bufs, &frame.priority); + nghttp2_frame_pack_priority(&bufs, &frame.priority); - CU_ASSERT(0 == rv); CU_ASSERT(nghttp2_bufs_len(&bufs) > 0); memcpy(data + datalen, buf->pos, nghttp2_buf_len(buf)); @@ -4406,8 +4401,7 @@ CU_ASSERT(NGHTTP2_INITIAL_WINDOW_SIZE + 16 * 1024 == stream->remote_window_size); - CU_ASSERT(0 == nghttp2_stream_defer_item( - stream, NGHTTP2_STREAM_FLAG_DEFERRED_FLOW_CONTROL)); + nghttp2_stream_defer_item(stream, NGHTTP2_STREAM_FLAG_DEFERRED_FLOW_CONTROL); CU_ASSERT(0 == nghttp2_session_on_window_update_received(session, &frame)); CU_ASSERT(2 == user_data.frame_recv_cb_called); @@ -9673,9 +9667,7 @@ /* Create idle stream by PRIORITY frame */ nghttp2_frame_priority_init(&frame.priority, 7, &pri_spec_default); - rv = nghttp2_frame_pack_priority(&bufs, &frame.priority); - - CU_ASSERT(0 == rv); + nghttp2_frame_pack_priority(&bufs, &frame.priority); nghttp2_frame_priority_free(&frame.priority); @@ -11881,9 +11873,7 @@ nghttp2_priority_spec_init(&pri_spec, 5, 1, 0); nghttp2_frame_priority_init(&frame.priority, 1, &pri_spec); nghttp2_bufs_reset(&bufs); - rv = nghttp2_frame_pack_priority(&bufs, &frame.priority); - - CU_ASSERT(0 == rv); + nghttp2_frame_pack_priority(&bufs, &frame.priority); nghttp2_frame_priority_free(&frame.priority); @@ -11978,6 +11968,109 @@ nghttp2_bufs_free(&bufs); } +void test_nghttp2_session_stream_reset_ratelim(void) { + nghttp2_session *session; + nghttp2_session_callbacks callbacks; + nghttp2_frame frame; + ssize_t rv; + nghttp2_bufs bufs; + nghttp2_buf *buf; + nghttp2_mem *mem; + size_t i; + nghttp2_hd_deflater deflater; + size_t nvlen; + nghttp2_nv *nva; + int32_t stream_id; + nghttp2_outbound_item *item; + nghttp2_option *option; + + mem = nghttp2_mem_default(); + frame_pack_bufs_init(&bufs); + + memset(&callbacks, 0, sizeof(nghttp2_session_callbacks)); + callbacks.send_callback = null_send_callback; + + nghttp2_option_new(&option); + nghttp2_option_set_stream_reset_rate_limit( + option, NGHTTP2_DEFAULT_STREAM_RESET_BURST, 0); + + nghttp2_session_server_new2(&session, &callbacks, NULL, option); + + nghttp2_frame_settings_init(&frame.settings, NGHTTP2_FLAG_NONE, NULL, 0); + rv = nghttp2_frame_pack_settings(&bufs, &frame.settings); + + CU_ASSERT(0 == rv); + + nghttp2_frame_settings_free(&frame.settings, mem); + + buf = &bufs.head->buf; + rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); + + CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); + + /* Send SETTINGS ACK */ + rv = nghttp2_session_send(session); + + CU_ASSERT(0 == rv); + + nghttp2_hd_deflate_init(&deflater, mem); + + for (i = 0; i < NGHTTP2_DEFAULT_STREAM_RESET_BURST + 2; ++i) { + stream_id = (int32_t)(i * 2 + 1); + + nghttp2_bufs_reset(&bufs); + + /* HEADERS */ + nvlen = ARRLEN(reqnv); + nghttp2_nv_array_copy(&nva, reqnv, nvlen, mem); + nghttp2_frame_headers_init(&frame.headers, NGHTTP2_FLAG_END_HEADERS, + stream_id, NGHTTP2_HCAT_HEADERS, NULL, nva, + nvlen); + rv = nghttp2_frame_pack_headers(&bufs, &frame.headers, &deflater); + + CU_ASSERT(0 == rv); + + nghttp2_frame_headers_free(&frame.headers, mem); + + buf = &bufs.head->buf; + rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); + + CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); + + nghttp2_bufs_reset(&bufs); + + /* RST_STREAM */ + nghttp2_frame_rst_stream_init(&frame.rst_stream, stream_id, + NGHTTP2_NO_ERROR); + nghttp2_frame_pack_rst_stream(&bufs, &frame.rst_stream); + nghttp2_frame_rst_stream_free(&frame.rst_stream); + + buf = &bufs.head->buf; + rv = nghttp2_session_mem_recv(session, buf->pos, nghttp2_buf_len(buf)); + + CU_ASSERT((ssize_t)nghttp2_buf_len(buf) == rv); + + if (i < NGHTTP2_DEFAULT_STREAM_RESET_BURST) { + CU_ASSERT(0 == nghttp2_outbound_queue_size(&session->ob_reg)); + + continue; + } + + CU_ASSERT(1 == nghttp2_outbound_queue_size(&session->ob_reg)); + + item = nghttp2_session_get_next_ob_item(session); + + CU_ASSERT(NGHTTP2_GOAWAY == item->frame.hd.type); + CU_ASSERT(NGHTTP2_DEFAULT_STREAM_RESET_BURST * 2 + 1 == + item->frame.goaway.last_stream_id); + } + + nghttp2_hd_deflate_free(&deflater); + nghttp2_session_del(session); + nghttp2_bufs_free(&bufs); + nghttp2_option_del(option); +} + static void check_nghttp2_http_recv_headers_fail( nghttp2_session *session, nghttp2_hd_deflater *deflater, int32_t stream_id, int stream_state, const nghttp2_nv *nva, size_t nvlen) {
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/nghttp2_session_test.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/nghttp2_session_test.h
Changed
@@ -168,6 +168,7 @@ void test_nghttp2_session_set_stream_user_data(void); void test_nghttp2_session_no_rfc7540_priorities(void); void test_nghttp2_session_server_fallback_rfc7540_priorities(void); +void test_nghttp2_session_stream_reset_ratelim(void); void test_nghttp2_http_mandatory_headers(void); void test_nghttp2_http_content_length(void); void test_nghttp2_http_content_length_mismatch(void);
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/tests/nghttp2_test_helper.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/tests/nghttp2_test_helper.c
Changed
@@ -54,8 +54,7 @@ switch (frame->hd.type) { case NGHTTP2_HEADERS: payloadoff = ((frame->hd.flags & NGHTTP2_FLAG_PADDED) > 0); - rv = nghttp2_frame_unpack_headers_payload(&frame->headers, - payload + payloadoff); + nghttp2_frame_unpack_headers_payload(&frame->headers, payload + payloadoff); break; case NGHTTP2_PRIORITY: nghttp2_frame_unpack_priority_payload(&frame->priority, payload); @@ -68,8 +67,7 @@ &frame->settings.iv, &frame->settings.niv, payload, payloadlen, mem); break; case NGHTTP2_PUSH_PROMISE: - rv = nghttp2_frame_unpack_push_promise_payload(&frame->push_promise, - payload); + nghttp2_frame_unpack_push_promise_payload(&frame->push_promise, payload); break; case NGHTTP2_PING: nghttp2_frame_unpack_ping_payload(&frame->ping, payload);
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/third-party/llhttp/include/llhttp.h -> _service:tar_scm:nghttp2-1.58.0.tar.xz/third-party/llhttp/include/llhttp.h
Changed
@@ -1,14 +1,11 @@ + #ifndef INCLUDE_LLHTTP_H_ #define INCLUDE_LLHTTP_H_ -#define LLHTTP_VERSION_MAJOR 8 -#define LLHTTP_VERSION_MINOR 1 +#define LLHTTP_VERSION_MAJOR 9 +#define LLHTTP_VERSION_MINOR 0 #define LLHTTP_VERSION_PATCH 1 -#ifndef LLHTTP_STRICT_MODE -# define LLHTTP_STRICT_MODE 0 -#endif - #ifndef INCLUDE_LLHTTP_ITSELF_H_ #define INCLUDE_LLHTTP_ITSELF_H_ #ifdef __cplusplus @@ -50,6 +47,7 @@ #endif #endif /* INCLUDE_LLHTTP_ITSELF_H_ */ + #ifndef LLLLHTTP_C_HEADERS_ #define LLLLHTTP_C_HEADERS_ #ifdef __cplusplus @@ -114,7 +112,10 @@ LENIENT_CHUNKED_LENGTH = 0x2, LENIENT_KEEP_ALIVE = 0x4, LENIENT_TRANSFER_ENCODING = 0x8, - LENIENT_VERSION = 0x10 + LENIENT_VERSION = 0x10, + LENIENT_DATA_AFTER_CLOSE = 0x20, + LENIENT_OPTIONAL_LF_AFTER_CR = 0x40, + LENIENT_OPTIONAL_CRLF_AFTER_CHUNK = 0x80 }; typedef enum llhttp_lenient_flags llhttp_lenient_flags_t; @@ -534,6 +535,7 @@ #endif #endif /* LLLLHTTP_C_HEADERS_ */ + #ifndef INCLUDE_LLHTTP_API_H_ #define INCLUDE_LLHTTP_API_H_ #ifdef __cplusplus @@ -759,7 +761,8 @@ * `HPE_INVALID_HEADER_TOKEN` will be raised for incorrect header values when * lenient parsing is "on". * - * **(USE AT YOUR OWN RISK)** + * **Enabling this flag can pose a security issue since you will be exposed to + * request smuggling attacks. USE WITH CAUTION!** */ LLHTTP_EXPORT void llhttp_set_lenient_headers(llhttp_t* parser, int enabled); @@ -773,7 +776,8 @@ * request smuggling, but may be less desirable for small number of cases * involving legacy servers. * - * **(USE AT YOUR OWN RISK)** + * **Enabling this flag can pose a security issue since you will be exposed to + * request smuggling attacks. USE WITH CAUTION!** */ LLHTTP_EXPORT void llhttp_set_lenient_chunked_length(llhttp_t* parser, int enabled); @@ -788,7 +792,8 @@ * but might interact badly with outdated and insecure clients. With this flag * the extra request/response will be parsed normally. * - * **(USE AT YOUR OWN RISK)** + * **Enabling this flag can pose a security issue since you will be exposed to + * poisoning attacks. USE WITH CAUTION!** */ LLHTTP_EXPORT void llhttp_set_lenient_keep_alive(llhttp_t* parser, int enabled); @@ -802,14 +807,65 @@ * avoid request smuggling. * With this flag the extra value will be parsed normally. * - * **(USE AT YOUR OWN RISK)** + * **Enabling this flag can pose a security issue since you will be exposed to + * request smuggling attacks. USE WITH CAUTION!** */ LLHTTP_EXPORT void llhttp_set_lenient_transfer_encoding(llhttp_t* parser, int enabled); +/* Enables/disables lenient handling of HTTP version. + * + * Normally `llhttp` would error when the HTTP version in the request or status line + * is not `0.9`, `1.0`, `1.1` or `2.0`. + * With this flag the invalid value will be parsed normally. + * + * **Enabling this flag can pose a security issue since you will allow unsupported + * HTTP versions. USE WITH CAUTION!** + */ +LLHTTP_EXPORT +void llhttp_set_lenient_version(llhttp_t* parser, int enabled); + +/* Enables/disables lenient handling of additional data received after a message ends + * and keep-alive is disabled. + * + * Normally `llhttp` would error when additional unexpected data is received if the message + * contains the `Connection` header with `close` value. + * With this flag the extra data will discarded without throwing an error. + * + * **Enabling this flag can pose a security issue since you will be exposed to + * poisoning attacks. USE WITH CAUTION!** + */ +LLHTTP_EXPORT +void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled); + +/* Enables/disables lenient handling of incomplete CRLF sequences. + * + * Normally `llhttp` would error when a CR is not followed by LF when terminating the + * request line, the status line, the headers or a chunk header. + * With this flag only a CR is required to terminate such sections. + * + * **Enabling this flag can pose a security issue since you will be exposed to + * request smuggling attacks. USE WITH CAUTION!** + */ +LLHTTP_EXPORT +void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled); + +/* Enables/disables lenient handling of chunks not separated via CRLF. + * + * Normally `llhttp` would error when after a chunk data a CRLF is missing before + * starting a new chunk. + * With this flag the new chunk can start immediately after the previous one. + * + * **Enabling this flag can pose a security issue since you will be exposed to + * request smuggling attacks. USE WITH CAUTION!** + */ +LLHTTP_EXPORT +void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled); + #ifdef __cplusplus } /* extern "C" */ #endif #endif /* INCLUDE_LLHTTP_API_H_ */ + #endif /* INCLUDE_LLHTTP_H_ */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/third-party/llhttp/src/api.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/third-party/llhttp/src/api.c
Changed
@@ -283,6 +283,38 @@ } } +void llhttp_set_lenient_version(llhttp_t* parser, int enabled) { + if (enabled) { + parser->lenient_flags |= LENIENT_VERSION; + } else { + parser->lenient_flags &= ~LENIENT_VERSION; + } +} + +void llhttp_set_lenient_data_after_close(llhttp_t* parser, int enabled) { + if (enabled) { + parser->lenient_flags |= LENIENT_DATA_AFTER_CLOSE; + } else { + parser->lenient_flags &= ~LENIENT_DATA_AFTER_CLOSE; + } +} + +void llhttp_set_lenient_optional_lf_after_cr(llhttp_t* parser, int enabled) { + if (enabled) { + parser->lenient_flags |= LENIENT_OPTIONAL_LF_AFTER_CR; + } else { + parser->lenient_flags &= ~LENIENT_OPTIONAL_LF_AFTER_CR; + } +} + +void llhttp_set_lenient_optional_crlf_after_chunk(llhttp_t* parser, int enabled) { + if (enabled) { + parser->lenient_flags |= LENIENT_OPTIONAL_CRLF_AFTER_CHUNK; + } else { + parser->lenient_flags &= ~LENIENT_OPTIONAL_CRLF_AFTER_CHUNK; + } +} + /* Callbacks */
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/third-party/llhttp/src/llhttp.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/third-party/llhttp/src/llhttp.c
Changed
@@ -1,5 +1,3 @@ -#if LLHTTP_STRICT_MODE - #include <stdlib.h> #include <stdint.h> #include <string.h> @@ -332,8 +330,6 @@ s_n_llhttp__internal__n_closed, s_n_llhttp__internal__n_invoke_llhttp__after_message_complete, s_n_llhttp__internal__n_pause_1, - s_n_llhttp__internal__n_invoke_is_equal_upgrade, - s_n_llhttp__internal__n_invoke_llhttp__on_message_complete_2, s_n_llhttp__internal__n_chunk_data_almost_done, s_n_llhttp__internal__n_consume_content_length, s_n_llhttp__internal__n_span_start_llhttp__on_body, @@ -358,14 +354,16 @@ s_n_llhttp__internal__n_chunk_size, s_n_llhttp__internal__n_chunk_size_digit, s_n_llhttp__internal__n_invoke_update_content_length_1, + s_n_llhttp__internal__n_invoke_is_equal_upgrade, + s_n_llhttp__internal__n_invoke_llhttp__on_message_complete_2, s_n_llhttp__internal__n_consume_content_length_1, s_n_llhttp__internal__n_span_start_llhttp__on_body_1, s_n_llhttp__internal__n_eof, s_n_llhttp__internal__n_span_start_llhttp__on_body_2, s_n_llhttp__internal__n_invoke_llhttp__after_headers_complete, + s_n_llhttp__internal__n_error_5, s_n_llhttp__internal__n_headers_almost_done, s_n_llhttp__internal__n_header_field_colon_discard_ws, - s_n_llhttp__internal__n_error_33, s_n_llhttp__internal__n_invoke_llhttp__on_header_value_complete, s_n_llhttp__internal__n_span_start_llhttp__on_header_value, s_n_llhttp__internal__n_header_value_discard_lws, @@ -414,16 +412,16 @@ s_n_llhttp__internal__n_url_skip_lf_to_http09_1, s_n_llhttp__internal__n_url_skip_lf_to_http09, s_n_llhttp__internal__n_req_pri_upgrade, - s_n_llhttp__internal__n_req_http_complete_1, + s_n_llhttp__internal__n_req_http_complete_crlf, s_n_llhttp__internal__n_req_http_complete, s_n_llhttp__internal__n_invoke_load_method_1, s_n_llhttp__internal__n_invoke_llhttp__on_version_complete, s_n_llhttp__internal__n_error_51, - s_n_llhttp__internal__n_error_56, - s_n_llhttp__internal__n_req_http_minor, s_n_llhttp__internal__n_error_57, - s_n_llhttp__internal__n_req_http_dot, + s_n_llhttp__internal__n_req_http_minor, s_n_llhttp__internal__n_error_58, + s_n_llhttp__internal__n_req_http_dot, + s_n_llhttp__internal__n_error_59, s_n_llhttp__internal__n_req_http_major, s_n_llhttp__internal__n_span_start_llhttp__on_version, s_n_llhttp__internal__n_req_http_start_1, @@ -525,7 +523,6 @@ s_n_llhttp__internal__n_after_start_req_63, s_n_llhttp__internal__n_after_start_req, s_n_llhttp__internal__n_span_start_llhttp__on_method_1, - s_n_llhttp__internal__n_invoke_llhttp__on_status_complete, s_n_llhttp__internal__n_res_line_almost_done, s_n_llhttp__internal__n_res_status, s_n_llhttp__internal__n_span_start_llhttp__on_status, @@ -672,14 +669,7 @@ return (state->lenient_flags & 1) == 1; } -int llhttp__internal__c_test_flags( - llhttp__internal_t* state, - const unsigned char* p, - const unsigned char* endp) { - return (state->flags & 128) == 128; -} - -int llhttp__on_chunk_complete( +int llhttp__after_headers_complete( llhttp__internal_t* s, const unsigned char* p, const unsigned char* endp); @@ -687,13 +677,6 @@ llhttp__internal_t* s, const unsigned char* p, const unsigned char* endp); -int llhttp__internal__c_is_equal_upgrade( - llhttp__internal_t* state, - const unsigned char* p, - const unsigned char* endp) { - return state->upgrade == 1; -} - int llhttp__after_message_complete( llhttp__internal_t* s, const unsigned char* p, const unsigned char* endp); @@ -722,39 +705,20 @@ return 0; } -int llhttp__internal__c_test_lenient_flags_1( +int llhttp__internal__c_test_lenient_flags_2( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { return (state->lenient_flags & 4) == 4; } -int llhttp__internal__c_test_flags_1( - llhttp__internal_t* state, - const unsigned char* p, - const unsigned char* endp) { - return (state->flags & 544) == 544; -} - -int llhttp__internal__c_test_lenient_flags_2( +int llhttp__internal__c_test_lenient_flags_3( llhttp__internal_t* state, const unsigned char* p, const unsigned char* endp) { - return (state->lenient_flags & 2) == 2; + return (state->lenient_flags & 32) == 32; } -int llhttp__before_headers_complete( - llhttp__internal_t* s, const unsigned char* p, - const unsigned char* endp); - -int llhttp__on_headers_complete( - llhttp__internal_t* s, const unsigned char* p, - const unsigned char* endp); - -int llhttp__after_headers_complete( - llhttp__internal_t* s, const unsigned char* p, - const unsigned char* endp); - int llhttp__internal__c_mul_add_content_length( llhttp__internal_t* state, const unsigned char* p, @@ -792,6 +756,17 @@ return state->content_length == 0; } +int llhttp__on_chunk_complete( + llhttp__internal_t* s, const unsigned char* p, + const unsigned char* endp); + +int llhttp__internal__c_test_lenient_flags_4( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { + return (state->lenient_flags & 128) == 128; +} + int llhttp__internal__c_or_flags( llhttp__internal_t* state, const unsigned char* p, @@ -800,6 +775,13 @@ return 0; } +int llhttp__internal__c_test_lenient_flags_5( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { + return (state->lenient_flags & 64) == 64; +} + int llhttp__on_chunk_extension_name_complete( llhttp__internal_t* s, const unsigned char* p, const unsigned char* endp); @@ -808,6 +790,13 @@ llhttp__internal_t* s, const unsigned char* p, const unsigned char* endp); +int llhttp__internal__c_is_equal_upgrade( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { + return state->upgrade == 1; +} + int llhttp__internal__c_update_finish_3( llhttp__internal_t* state, const unsigned char* p, @@ -816,6 +805,35 @@ return 0; } +int llhttp__internal__c_test_flags( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { + return (state->flags & 128) == 128; +} + +int llhttp__internal__c_test_flags_1( + llhttp__internal_t* state, + const unsigned char* p, + const unsigned char* endp) { + return (state->flags & 544) == 544; +} + +int llhttp__internal__c_test_lenient_flags_6(
View file
_service:tar_scm:nghttp2-1.55.1.tar.xz/third-party/neverbleed/neverbleed.c -> _service:tar_scm:nghttp2-1.58.0.tar.xz/third-party/neverbleed/neverbleed.c
Changed
@@ -49,6 +49,9 @@ #include <priv.h> #endif +/* to maximize code-reuse between different stacks, we intentionally use API declared by OpenSSL as legacy */ +#define OPENSSL_SUPPRESS_DEPRECATED + #include <openssl/opensslconf.h> #include <openssl/opensslv.h> @@ -142,6 +145,28 @@ int fd; }; +/** + * a variant of pthread_once, that does not require you to declare a callback, nor have a global variable + */ +#define NEVERBLEED_MULTITHREAD_ONCE(block) \ + do { \ + static volatile int lock = 0; \ + int lock_loaded = lock; \ + __sync_synchronize(); \ + if (!lock_loaded) { \ + static pthread_mutex_t mutex = PTHREAD_MUTEX_INITIALIZER; \ + pthread_mutex_lock(&mutex); \ + if (!lock) { \ + do { \ + block \ + } while (0); \ + __sync_synchronize(); \ + lock = 1; \ + } \ + pthread_mutex_unlock(&mutex); \ + } \ + } while (0) + static void warnvf(const char *fmt, va_list args) { char errbuf256; @@ -236,7 +261,7 @@ static void iobuf_reserve(neverbleed_iobuf_t *buf, size_t extra) { - char *n; + size_t start_off, end_off; if (extra <= buf->buf - buf->end + buf->capacity) return; @@ -245,11 +270,20 @@ buf->capacity = 4096; while (buf->buf - buf->end + buf->capacity < extra) buf->capacity *= 2; - if ((n = realloc(buf->buf, buf->capacity)) == NULL) + + if (buf->buf != NULL) { + start_off = buf->start - buf->buf; + end_off = buf->end - buf->buf; + } else { + /* C99 forbids us doing `buf->start - buf->buf` when both are NULL (undefined behavior) */ + start_off = 0; + end_off = 0; + } + + if ((buf->buf = realloc(buf->buf, buf->capacity)) == NULL) dief("realloc failed"); - buf->start = n + (buf->start - buf->buf); - buf->end = n + (buf->end - buf->buf); - buf->buf = n; + buf->start = buf->buf + start_off; + buf->end = buf->buf + end_off; } static void iobuf_push_num(neverbleed_iobuf_t *buf, size_t v) @@ -504,12 +538,46 @@ iobuf_transaction_write(buf, thdata); } +static void do_exdata_free_callback(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) +{ + /* when other engines are used, this callback gets called without neverbleed data */ + if (ptr == NULL) + return; + struct st_neverbleed_rsa_exdata_t *exdata = ptr; + struct st_neverbleed_thread_data_t *thdata = get_thread_data(exdata->nb); + + neverbleed_iobuf_t buf = {NULL}; + iobuf_push_str(&buf, "del_pkey"); + iobuf_push_num(&buf, exdata->key_index); + // "del_pkey" command is fire-and-forget, it cannot fail, so doesn't have a response + iobuf_transaction_no_response(&buf, thdata); + + free(exdata); +} + +static int get_rsa_exdata_idx(void); +static void rsa_exdata_free_callback(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) +{ + assert(idx == get_rsa_exdata_idx()); + do_exdata_free_callback(parent, ptr, ad, idx, argl, argp); +} + +static int get_rsa_exdata_idx(void) +{ + static volatile int index; + NEVERBLEED_MULTITHREAD_ONCE({ + index = RSA_get_ex_new_index(0, NULL, NULL, NULL, rsa_exdata_free_callback); + }); + return index; +} static void get_privsep_data(const RSA *rsa, struct st_neverbleed_rsa_exdata_t **exdata, struct st_neverbleed_thread_data_t **thdata) { - *exdata = RSA_get_ex_data(rsa, 0); - if (*exdata == NULL) - return; + *exdata = RSA_get_ex_data(rsa, get_rsa_exdata_idx()); + if (*exdata == NULL) { + errno = 0; + dief("invalid internal ref"); + } *thdata = get_thread_data((*exdata)->nb); } @@ -567,10 +635,11 @@ #endif }; -static void free_req(struct engine_request *req) +static void offload_free_request(struct engine_request *req) { #ifdef OPENSSL_IS_BORINGSSL bssl_qat_async_finish_job(req->async_ctx); + RSA_free(req->data.rsa); #else ASYNC_WAIT_CTX_free(req->async.ctx); #endif @@ -834,7 +903,7 @@ exdata->key_index = key_index; rsa = RSA_new_method(nb->engine); - RSA_set_ex_data(rsa, 0, exdata); + RSA_set_ex_data(rsa, get_rsa_exdata_idx(), exdata); if (BN_hex2bn(&e, ebuf) == 0) { fprintf(stderr, "failed to parse e:%s\n", ebuf); abort(); @@ -899,12 +968,30 @@ return 0; } +static int get_ecdsa_exdata_idx(void); +static void ecdsa_exdata_free_callback(void *parent, void *ptr, CRYPTO_EX_DATA *ad, int idx, long argl, void *argp) +{ + assert(idx == get_ecdsa_exdata_idx()); + do_exdata_free_callback(parent, ptr, ad, idx, argl, argp); +} + +static int get_ecdsa_exdata_idx(void) +{ + static volatile int index; + NEVERBLEED_MULTITHREAD_ONCE({ + index = EC_KEY_get_ex_new_index(0, NULL, NULL, NULL, ecdsa_exdata_free_callback); + }); + return index; +} + static void ecdsa_get_privsep_data(const EC_KEY *ec_key, struct st_neverbleed_rsa_exdata_t **exdata, struct st_neverbleed_thread_data_t **thdata) { - *exdata = EC_KEY_get_ex_data(ec_key, 0); - if (*exdata == NULL) - return; + *exdata = EC_KEY_get_ex_data(ec_key, get_ecdsa_exdata_idx()); + if (*exdata == NULL) { + errno = 0; + dief("invalid internal ref"); + } *thdata = get_thread_data((*exdata)->nb); } @@ -960,7 +1047,7 @@ exdata->key_index = key_index; ec_key = EC_KEY_new_method(nb->engine); - EC_KEY_set_ex_data(ec_key, 0, exdata); + EC_KEY_set_ex_data(ec_key, get_ecdsa_exdata_idx(), exdata); ec_group = EC_GROUP_new_by_curve_name(curve_name); if (!ec_group) { @@ -988,23 +1075,6 @@ return pkey; } -static void priv_ecdsa_finish(EC_KEY *key) -{ - struct st_neverbleed_rsa_exdata_t *exdata; - struct st_neverbleed_thread_data_t *thdata; - - ecdsa_get_privsep_data(key, &exdata, &thdata); - if (exdata == NULL) - return;
Locations
Projects
Search
Status Monitor
Help
Open Build Service
OBS Manuals
API Documentation
OBS Portal
Reporting a Bug
Contact
Mailing List
Forums
Chat (IRC)
Twitter
Open Build Service (OBS)
is an
openSUSE project
.
浙ICP备2022010568号-2