svn commit: r286505 - in head/contrib/serf: . auth buckets

Peter Wemm peter at FreeBSD.org
Sun Aug 9 05:16:16 UTC 2015 

Author: peter
Date: Sun Aug  9 05:16:14 2015
New Revision: 286505
URL: https://svnweb.freebsd.org/changeset/base/286505

Log:
  Update serf from 1.3.7 to 1.3.8.  Mostly disables sslv2 and sslv3.

Modified:
  head/contrib/serf/CHANGES
  head/contrib/serf/auth/auth_spnego_sspi.c
  head/contrib/serf/buckets/deflate_buckets.c
  head/contrib/serf/buckets/ssl_buckets.c
  head/contrib/serf/serf.h
Directory Properties:
  head/contrib/serf/   (props changed)

Modified: head/contrib/serf/CHANGES
==============================================================================
--- head/contrib/serf/CHANGES	Sun Aug  9 05:15:28 2015	(r286504)
+++ head/contrib/serf/CHANGES	Sun Aug  9 05:16:14 2015	(r286505)
@@ -1,10 +1,18 @@
+Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx]
+Fix issue #152: CRC calculation error for gzipped http reponses > 4GB.
+Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed.
+Fix issue #154: Disable SSLv2 and SSLv3 as both or broken.
+
+
 Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411]
   Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399)
 
+
 Serf 1.3.6 [2014-06-09, from /tags/1.3.6, r2372]
   Revert r2319 from serf 1.3.5: this change was making serf call handle_response
     multiple times in case of an error response, leading to unexpected behavior.
 
+
 Serf 1.3.5 [2014-04-27, from /tags/1.3.5, r2355]
   Fix issue #125: no reverse lookup during Negotiate authentication for proxies.
   Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request (r2316)

Modified: head/contrib/serf/auth/auth_spnego_sspi.c
==============================================================================
--- head/contrib/serf/auth/auth_spnego_sspi.c	Sun Aug  9 05:15:28 2015	(r286504)
+++ head/contrib/serf/auth/auth_spnego_sspi.c	Sun Aug  9 05:16:14 2015	(r286505)
@@ -95,8 +95,8 @@ cleanup_ctx(void *data)
     }
 
     if (SecIsValidHandle(&ctx->sspi_credentials)) {
-        FreeCredentialsHandle(&ctx->sspi_context);
-        SecInvalidateHandle(&ctx->sspi_context);
+        FreeCredentialsHandle(&ctx->sspi_credentials);
+        SecInvalidateHandle(&ctx->sspi_credentials);
     }
 
     return APR_SUCCESS;

Modified: head/contrib/serf/buckets/deflate_buckets.c
==============================================================================
--- head/contrib/serf/buckets/deflate_buckets.c	Sun Aug  9 05:15:28 2015	(r286504)
+++ head/contrib/serf/buckets/deflate_buckets.c	Sun Aug  9 05:16:14 2015	(r286505)
@@ -141,7 +141,6 @@ static apr_status_t serf_deflate_read(se
                                       const char **data, apr_size_t *len)
 {
     deflate_context_t *ctx = bucket->data;
-    unsigned long compCRC, compLen;
     apr_status_t status;
     const char *private_data;
     apr_size_t private_len;
@@ -186,17 +185,25 @@ static apr_status_t serf_deflate_read(se
             ctx->state++;
             break;
         case STATE_VERIFY:
+        {
+            unsigned long compCRC, compLen, actualLen;
+
             /* Do the checksum computation. */
             compCRC = getLong((unsigned char*)ctx->hdr_buffer);
             if (ctx->crc != compCRC) {
                 return SERF_ERROR_DECOMPRESSION_FAILED;
             }
             compLen = getLong((unsigned char*)ctx->hdr_buffer + 4);
-            if (ctx->zstream.total_out != compLen) {
+            /* The length in the trailer is module 2^32, so do the same for
+               the actual length. */
+            actualLen = ctx->zstream.total_out;
+            actualLen &= 0xFFFFFFFF;
+            if (actualLen != compLen) {
                 return SERF_ERROR_DECOMPRESSION_FAILED;
             }
             ctx->state++;
             break;
+        }
         case STATE_INIT:
             zRC = inflateInit2(&ctx->zstream, ctx->windowSize);
             if (zRC != Z_OK) {
@@ -264,10 +271,14 @@ static apr_status_t serf_deflate_read(se
                 ctx->zstream.next_in = (unsigned char*)private_data;
                 ctx->zstream.avail_in = private_len;
             }
-            zRC = Z_OK;
-            while (ctx->zstream.avail_in != 0) {
-                /* We're full, clear out our buffer, reset, and return. */
-                if (ctx->zstream.avail_out == 0) {
+
+            while (1) {
+
+                zRC = inflate(&ctx->zstream, Z_NO_FLUSH);
+
+                /* We're full or zlib requires more space. Either case, clear
+                   out our buffer, reset, and return. */
+                if (zRC == Z_BUF_ERROR || ctx->zstream.avail_out == 0) {
                     serf_bucket_t *tmp;
                     ctx->zstream.next_out = ctx->buffer;
                     private_len = ctx->bufferSize - ctx->zstream.avail_out;
@@ -283,7 +294,6 @@ static apr_status_t serf_deflate_read(se
                     ctx->zstream.avail_out = ctx->bufferSize;
                     break;
                 }
-                zRC = inflate(&ctx->zstream, Z_NO_FLUSH);
 
                 if (zRC == Z_STREAM_END) {
                     serf_bucket_t *tmp;
@@ -330,9 +340,13 @@ static apr_status_t serf_deflate_read(se
 
                     break;
                 }
+
+                /* Any other error? */
                 if (zRC != Z_OK) {
                     return SERF_ERROR_DECOMPRESSION_FAILED;
                 }
+
+                /* As long as zRC == Z_OK, just keep looping. */
             }
             /* Okay, we've inflated.  Try to read. */
             status = serf_bucket_read(ctx->inflate_stream, requested, data,
@@ -340,8 +354,13 @@ static apr_status_t serf_deflate_read(se
             /* Hide EOF. */
             if (APR_STATUS_IS_EOF(status)) {
                 status = ctx->stream_status;
-                /* If our stream is finished too, return SUCCESS so
-                 * we'll iterate one more time.
+
+                /* If the inflation wasn't finished, return APR_SUCCESS. */
+                if (zRC != Z_STREAM_END)
+                    return APR_SUCCESS;
+
+                /* If our stream is finished too and all data was inflated,
+                 * return SUCCESS so we'll iterate one more time.
                  */
                 if (APR_STATUS_IS_EOF(status)) {
                     /* No more data to read from the stream, and everything

Modified: head/contrib/serf/buckets/ssl_buckets.c
==============================================================================
--- head/contrib/serf/buckets/ssl_buckets.c	Sun Aug  9 05:15:28 2015	(r286504)
+++ head/contrib/serf/buckets/ssl_buckets.c	Sun Aug  9 05:16:14 2015	(r286505)
@@ -1317,7 +1317,9 @@ static serf_ssl_context_t *ssl_init_cont
     ssl_ctx->pool = serf_bucket_allocator_get_pool(allocator);
     ssl_ctx->allocator = allocator;
 
+    /* Use the best possible protocol version, but disable the broken SSLv2/3 */
     ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method());
+    SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3);
 
     SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert);
     ssl_ctx->cached_cert = 0;

Modified: head/contrib/serf/serf.h
==============================================================================
--- head/contrib/serf/serf.h	Sun Aug  9 05:15:28 2015	(r286504)
+++ head/contrib/serf/serf.h	Sun Aug  9 05:16:14 2015	(r286505)
@@ -1062,7 +1062,7 @@ void serf_debug__bucket_alloc_check(
 /* Version info */
 #define SERF_MAJOR_VERSION 1
 #define SERF_MINOR_VERSION 3
-#define SERF_PATCH_VERSION 7
+#define SERF_PATCH_VERSION 8
 
 /* Version number string */
 #define SERF_VERSION_STRING APR_STRINGIFY(SERF_MAJOR_VERSION) "." \

More information about the svn-src-all mailing list