1
0
Fork 0
mirror of https://github.com/warmcat/libwebsockets.git synced 2025-03-16 00:00:07 +01:00
Commit graph

4583 commits

Author SHA1 Message Date
Andy Green
0995c27f50 coverity: fixes plugin error path leak and logging method sign check
Broadened the checking config to

cmake .. -DCMAKE_BUILD_TYPE=DEBUG \
         -DLWS_WITH_SYS_ASYNC_DNS=1 \
         -DLWS_WITH_SYS_NTPCLIENT=1 \
         -DLWS_WITH_SYS_DHCP_CLIENT=1 \
         -DLWS_WITH_GENCRYPTO=1 \
         -DLWS_WITH_DETAILED_LATENCY=1 \
         -DLWS_IPV6=1 \
         -DLWS_WITH_FTS=1 \
         -DLWS_WITH_LWSWS=1 \
         -DLWS_UNIX_SOCK=1 \
         -DLWS_WITH_HTTP_PROXY=1 \
         -DLWS_WITH_MINIMAL_EXAMPLES=1
2020-01-14 08:23:25 +00:00
Andy Green
157acfc906 windows: clean type warnings
There are some minor public api type improvements rather than cast everywhere
inside lws and user code to work around them... these changed from int to
size_t

 - lws_buflist_use_segment() return
 - lws_tokenize_t .len and .token_len
 - lws_tokenize_cstr() length
 - lws_get_peer_simple() namelen
 - lws_get_peer_simple_fd() namelen, int fd -> lws_sockfd_type fd
 - lws_write_numeric_address() len
 - lws_sa46_write_numeric_address() len

These changes are typically a NOP for user code
2020-01-11 14:04:50 +00:00
Andy Green
86fe71fdf3 lws_get_random: change length to size_t for coverity 2020-01-11 07:58:37 +00:00
Andy Green
60d7daccd2 client: change all remaining AWAITING_TIMEOUT to use context timeout_secs
https://github.com/warmcat/libwebsockets/issues/1822
2020-01-10 13:37:19 +00:00
Andy Green
673f90d076 client: fix wrong tls disable 2020-01-10 11:52:50 +00:00
Andy Green
e9c8cee5d5 client: lws_client_reset option to keep ws
With this, ws connection to https://libwebsockets.org/redir-testserver (which redirects to
https://libwebsockets.org/testserver) can work OK.

https://github.com/warmcat/libwebsockets/issues/1820
2020-01-10 11:49:49 +00:00
Andy Green
bc0ab4b656 http server: favour redirect over ws upgrade 2020-01-10 11:03:00 +00:00
Andy Green
db15061e87 ah: simple_create an empty string removes header entry
Length is zero either way

https://github.com/warmcat/libwebsockets/issues/1820
2020-01-10 10:05:35 +00:00
Christian Thießen
6555d4d51c http client: Fix overwite of addrlen for connect if binding to iface
The addrlen argument to connect() was overwritten by the
lws_socket_bind() result, which is a port number.
Fixes https://github.com/warmcat/libwebsockets/issues/1817
2020-01-10 05:55:25 +00:00
Jaco Kroon
04ec3d6f73 build options: fix SOCKS5 and WITHOUT_CLIENT
Signed-off-by: Jaco Kroon <jaco@iewc.co.za>
2020-01-08 16:41:52 +00:00
Andy Green
0bfd39135e cleaning 2020-01-05 22:17:58 +00:00
Andy Green
7dcb4eeaa6 reverse-proxy: allow proxying rfc8441 ws CONNECT
Take the opportunity to provide public method index constants
2020-01-05 22:17:58 +00:00
Andy Green
2b456e734a client: make sure h2 direct mux get ESTABLISHED_CLIENT_HTTP 2020-01-05 22:17:58 +00:00
Andy Green
fc2e659864 buflist: linear copy must account for LWS_PRE 2020-01-05 22:17:58 +00:00
Andy Green
2f204d559a tokenize: SLASH_NONTERM 2020-01-05 22:17:58 +00:00
Andy Green
d8ccfc2370 lws_system: helpers for attaching to existing event loop from other threads
In the case code is composed into a single process, but it isn't monolithic in the
sense it's made up of modular "applications" that are written separate projects,
provide a way for the "applications" to request a callback from the lws event loop
thread context safely.

From the callback the applications can set up their operations on the lws event
loop and drop their own thread.

Since it requires system-specific locking to be threadsafe, provide a non-threadsafe
helper and then indirect the actual usage through a user-defined lws_system ops
function pointer that wraps the unsafe api with the system locking to make it safe.
2020-01-05 22:17:58 +00:00
Fabrice Fontaine
6e35da95e5 openssl: detect apis correctly when pthreads not available
Since version 3.1.0 and commit aa4143aebd,
-pthread is unconditionally added to CMAKE_REQUIRED_FLAGS even if
pthread.h is not found, this will result in a build failure with openssl
if the toolchain doesn't support threads:

[  5%] Building C object CMakeFiles/websockets_shared.dir/lib/core/lws_dll2.c.o
In file included from /home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/include/libwebsockets.h:570,
                 from /home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/lib/core/private.h:130,
                 from /home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/lib/core/lws_dll2.c:22:
/home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/include/libwebsockets/lws-genhash.h:79:18: error: field 'ctx' has incomplete type
         HMAC_CTX ctx;
                  ^~~

This build failure is raised because openssl functions are not correcly
detected:

Determining if the function SSL_CTX_set1_param exists failed with the following output:
Change Dir: /home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/CMakeFiles/CMakeTmp

Run Build Command(s):/usr/bin/make cmTC_06946/fast && make[1]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/CMakeFiles/CMakeTmp'
/usr/bin/make -f CMakeFiles/cmTC_06946.dir/build.make CMakeFiles/cmTC_06946.dir/build
make[2]: Entering directory '/home/buildroot/autobuild/instance-2/output-1/build/libwebsockets-3.2.0/CMakeFiles/CMakeTmp'
Building C object CMakeFiles/cmTC_06946.dir/CheckFunctionExists.c.o
/home/buildroot/autobuild/instance-2/output-1/host/bin/arm-linux-gcc --sysroot=/home/buildroot/autobuild/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabihf/sysroot -DKEYWORD=__inline  -Wall -Wsign-compare -Wuninitialized -Werror  -Wundef  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os  -DCHECK_FUNCTION_EXISTS=SSL_CTX_set1_param -pthread  -DNDEBUG   -o CMakeFiles/cmTC_06946.dir/CheckFunctionExists.c.o   -c /home/buildroot/autobuild/instance-2/output-1/host/share/cmake-3.15/Modules/CheckFunctionExists.c
Linking C executable cmTC_06946
/home/buildroot/autobuild/instance-2/output-1/host/bin/cmake -E cmake_link_script CMakeFiles/cmTC_06946.dir/link.txt --verbose=1
/home/buildroot/autobuild/instance-2/output-1/host/bin/arm-linux-gcc --sysroot=/home/buildroot/autobuild/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabihf/sysroot -Wall -Wsign-compare -Wuninitialized -Werror  -Wundef  -D_LARGEFILE_SOURCE -D_LARGEFILE64_SOURCE -D_FILE_OFFSET_BITS=64 -Os  -DCHECK_FUNCTION_EXISTS=SSL_CTX_set1_param -pthread  -DNDEBUG    CMakeFiles/cmTC_06946.dir/CheckFunctionExists.c.o  -o cmTC_06946 /home/buildroot/autobuild/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib/libssl.so /home/buildroot/autobuild/instance-2/output-1/host/arm-buildroot-linux-uclibcgnueabihf/sysroot/usr/lib/libcrypto.so -lssl -lcrypto -lm -lcap
/home/buildroot/autobuild/instance-2/output-1/host/opt/ext-toolchain/bin/../lib/gcc/arm-buildroot-linux-uclibcgnueabihf/8.3.0/../../../../arm-buildroot-linux-uclibcgnueabihf/bin/ld: cannot find -lpthread
collect2: error: ld returned 1 exit status
CMakeFiles/cmTC_06946.dir/build.make:88: recipe for target 'cmTC_06946' failed

Fixes:
 - http://autobuild.buildroot.org/results/6186b4718db285edadf7203d00ed72f8d76a31e4

Signed-off-by: Fabrice Fontaine <fontaine.fabrice@gmail.com>
2020-01-05 22:17:58 +00:00
Andy Green
9cb4f25476 h2: LCCSCF_H2_MANUAL_RXFLOW and refactor txcr
This changes the approach of tx credit management to set the
initial stream tx credit window to zero.  This is the only way
with RFC7540 to gain the ability to selectively precisely rx
flow control incoming streams.

At the time the headers are sent, a WINDOW_UPDATE is sent with
the initial tx credit towards us for that specific stream.  By
default, this acts as before with a 256KB window added for both
the stream and the nwsi, and additional window management sent
as stuff is received.

It's now also possible to set a member in the client info
struct and a new option LCCSCF_H2_MANUAL_RXFLOW to precisely
manage both the initial tx credit for a specific stream and
the ongoing rate limit by meting out further tx credit
manually.

Add another minimal example http-client-h2-rxflow demonstrating how
to force a connection's peer's initial budget to transmit to us
and control it during the connection lifetime to restrict the amount
of incoming data we have to buffer.
2020-01-02 08:31:02 +00:00
Andy Green
f33b3443e3 logs: use single nonmonotonic usec count 2020-01-02 08:30:54 +00:00
Chris Hiszpanski
2236859188 logs: user to default bold
With light-on-dark terminal color schemes, 'black bold' (i.e. [30;1m) for
LLL_USER is illegible. I think this would be better as 'default bold' (i.e. [0;1m)
2020-01-02 08:30:43 +00:00
Andy Green
22a6a0073d safari: update default CSP to specify ws and wss schema
https://github.com/warmcat/libwebsockets/issues/1806
2019-12-29 19:59:16 +00:00
Andy Green
7221bc57b5 mux children: generalize helpers out of h2 implementation
This should be a NOP for h2 support and only affects internal
apis.  But it lets us reuse the working and reliable h2 mux
arrangements directly in other protocols later, and share code
so building for h2 + new protocols can take advantage of common
mux child handling struct and code.

Break out common mux handling struct into its own type.

Convert all uses of members that used to be in wsi->h2 to wsi->mux

Audit all references to the members and break out generic helpers
for anything that is useful for other mux-capable protocols to
reuse wsi->mux related features.
2019-12-29 19:59:16 +00:00
Andy Green
1eb4d335d2 active_conns: move out dependency on ah 2019-12-23 09:25:56 +00:00
Andy Green
36de0ada7d http client basic auth add helper and example 2019-12-22 18:17:45 +00:00
Andy Green
c4ab815aaf _GNU_SOURCE: only define if not already defined
https://github.com/warmcat/libwebsockets/issues/1803
2019-12-22 18:17:45 +00:00
Andy Green
c327c7fdb7 vhost destruction: dont allow all wsi closures to kill vh we are already in process of destroying
Saw this on travis selftests during context destroy

==18895== Invalid read of size 8
==18895==    at 0x415909: __lws_vhost_destroy2 (vhost.c:1063)
==18895==    by 0x40E65B: lws_context_destroy2 (context.c:929)
==18895==    by 0x40EBE5: lws_context_destroy (context.c:1128)
==18895==    by 0x40CC41: main (minimal-http-client-post.c:267)
==18895==  Address 0x6168688 is 728 bytes inside a block of size 792 free'd
==18895==    at 0x4C2BDEC: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==18895==    by 0x45B29E: _realloc (alloc.c:120)
==18895==    by 0x45B2D6: lws_realloc (alloc.c:130)
==18895==    by 0x415ED7: __lws_vhost_destroy2 (vhost.c:1204)
==18895==    by 0x419164: lws_vhost_unbind_wsi (wsi.c:82)
==18895==    by 0x41236B: __lws_free_wsi (close.c:154)
==18895==    by 0x4134CF: __lws_close_free_wsi_final (close.c:650)
==18895==    by 0x4133BA: __lws_close_free_wsi (close.c:610)
==18895==    by 0x413528: lws_close_free_wsi (close.c:660)
==18895==    by 0x4158C7: __lws_vhost_destroy2 (vhost.c:1053)
==18895==    by 0x40E65B: lws_context_destroy2 (context.c:929)
==18895==    by 0x40EBE5: lws_context_destroy (context.c:1128)

Removing the last wsi from the vhost we started to destroy finalized the
vhost destruction, which is aimed at libuv async close cleanup.  But if
we already entered __lws_vhost_destroy2, we will definitely destroy the vhost
ourselves at the end of that function already.  So defeat the wsi close
triggering it.
2019-12-22 18:17:45 +00:00
Andy Green
d911bce379 spa: report 0-length FINAL_CONTENT
https://github.com/warmcat/libwebsockets/issues/1468

Just always report FINAL_CONTENT at the end, a zero length one
is okay.
2019-12-22 18:17:45 +00:00
Andy Green
c21f2dbe46 lextable: fix x-forwarded-for
https://github.com/warmcat/libwebsockets/issues/1801
2019-12-20 18:42:29 +00:00
Andy Green
8b0dee426e README.coding: update libev section 2019-12-20 18:39:07 +00:00
Wojtek Kaniewski
ea50c8722c openssl: handle negotiation errors handling in client
If a client connects to a SSL server and the server sends handshake
alert (e.g. no matching ciphers) SSL_connect() fails, but because
SSL_ERROR_SSL return value is not handled, it's not considered a
failure. SSL_want_read() will return 1 and the client will happily wait
for more data from the server. Now if the server closes connection after
sending handshake alert, POLLIN event will be triggered,
lws_tls_client_connect() called again, but SSL_connect() will fail
without calling read(), so the client will end up consuming 100% CPU
because POLLIN will be triggered repeatedly.

Similar error handling is used in lws_tls_server_accept() and the
condition checks for SSL_ERROR_SSL. Using the same condition in
lws_tls_client_connect() fixes the problem.

Tested with OpenSSL 1.0.2k.
2019-12-19 21:30:09 +00:00
Andy Green
fb1b2842fd lws_strexp: flexible string expansion helper 2019-12-16 18:16:01 +00:00
Dane
10290048b0 basic auth: add callback option
Allow an http mount to specify it wants to check Basic Auth
requests via a protocol callback instead of a text file.
2019-12-14 23:55:28 +00:00
Jerry Jacobs
6879574d8d close.c: close reason length wrong
The string length is actually 25... solve it by measuring the same
string.
2019-12-14 23:55:28 +00:00
Andy Green
392dfe186b LWS_ERRNO: audit uses for case logging may destroy errno
On some platforms, it's possible that logging flow may reset errno.  In the case where
we try to log errno on those platforms and afterwards try to query it, we will get a
nasty surprise that the logged errno is destroyed by the time we come to test it.

In the two cases of this in the tree at the moment, sample errno into a temp and
log and test the temp.

Thanks to Sakthi Ramabadran for finding this.
2019-12-14 23:55:28 +00:00
Andy Green
fb54b590c7 adopt: pass wsi opaque so its set from the start 2019-12-09 14:48:54 +00:00
Andy Green
8c2114a430 minimal-raw-serial
Add a minimal example showing how to set up, send and receive on a
serial tty in the event loop.
2019-12-09 14:48:54 +00:00
Andy Green
fb25b64b83 minimal http client multi: rename struct user so it cant conflict 2019-12-09 14:48:54 +00:00
Andy Green
2eeec91d3d tls: lws_system per-connection client certs
Now the generic lws_system blobs can cover client certs + key, let's
add support for applying one of the blob sets to a specific client
connection (rather than doing it via the vhost).
2019-12-09 14:48:54 +00:00
Andy Green
c1a3defb88 lws_system generic blobs
Remove the auth lws_system stuff and redo it using generic blobs
with separate namespaces.  Support pointing to already-in-memory
blobs without using heap as well as multi-fragment appened blobs
eg, parsed out of JSON chunk by chunk and chained in heap.

Support auth the new way, along with client cert + key in DER
namespaces.
2019-12-08 14:28:43 +00:00
Micon Frink
fdbfafd1b5 async dns: android: fix build error
https://github.com/warmcat/libwebsockets/issues/1783
2019-12-08 14:28:40 +00:00
Andy Green
cb2b0e88b2 fail paths: deregister notifier and be sure adopt returns NULL
Notifiers may also have scoped lifecycles, support deregister
2019-12-06 17:14:28 +00:00
Andy Green
3abc972190 sul: export sul-specific internal apis for special cases
Normally these apis are wrapped by the other public exports, but in the case
your code wants to use lws_sul standalone and may or may not be linked to lws
itself, the internal api level is more suited.
2019-12-03 10:47:05 +00:00
Andy Green
efbab4c602 minimal client: add --path option 2019-12-03 07:33:19 +00:00
Andy Green
68de449093 raw: client: make sure we get CONNECT and opaque_user_data before RX 2019-12-02 11:19:32 +00:00
Andy Green
277d0e5e4c license: fix up last mentions of lgpl outside of the source file license grant part 2019-12-02 11:19:30 +00:00
Andy Green
b4449e9f12 semmle: char comparison is actually constrained
It looks to semmle like the int size can be bigger than the char loop var.
But the size is the size of the IPv4 or IPv6 address, so it cannot make
a problem.
2019-12-01 18:04:19 +00:00
Olivier Langlois
6a40a3ba43 logs: with LWS_MAX_SMP more than 1 processess lws logs using larger stack buffer 2019-12-01 18:01:06 +00:00
Olivier Langlois
de8bb9ade7 pmd: create_context: warn if info.extensions non-NULL if built without EXTENSIONS 2019-12-01 17:48:05 +00:00
Andy Green
bca993f7ed ntpclient: update for udp adopt interface binding
https://github.com/warmcat/libwebsockets/issues/1781

Build this in travis so I could find this earlier
2019-11-28 05:23:50 +00:00
Andy Green
938540723c async dns: format string for pointer arithmetic
https://github.com/warmcat/libwebsockets/issues/1780
2019-11-28 05:17:23 +00:00