diff --git a/contrib/serf/CHANGES b/contrib/serf/CHANGES index 6d39b0c5c09..fcab2d62924 100644 --- a/contrib/serf/CHANGES +++ b/contrib/serf/CHANGES @@ -1,10 +1,18 @@ +Serf 1.3.8 [2014-10-20, from /tags/1.3.8, rxxxx] +Fix issue #152: CRC calculation error for gzipped http reponses > 4GB. +Fix issue #153: SSPI CredHandle not freed when APR pool is destroyed. +Fix issue #154: Disable SSLv2 and SSLv3 as both or broken. + + Serf 1.3.7 [2014-08-11, from /tags/1.3.7, r2411] Handle NUL bytes in fields of an X.509 certificate. (r2393, r2399) + Serf 1.3.6 [2014-06-09, from /tags/1.3.6, r2372] Revert r2319 from serf 1.3.5: this change was making serf call handle_response multiple times in case of an error response, leading to unexpected behavior. + Serf 1.3.5 [2014-04-27, from /tags/1.3.5, r2355] Fix issue #125: no reverse lookup during Negotiate authentication for proxies. Fix a crash caused by incorrect reuse of the ssltunnel CONNECT request (r2316) diff --git a/contrib/serf/auth/auth_spnego_sspi.c b/contrib/serf/auth/auth_spnego_sspi.c index 2f75f7a1b40..32b719ee556 100644 --- a/contrib/serf/auth/auth_spnego_sspi.c +++ b/contrib/serf/auth/auth_spnego_sspi.c @@ -95,8 +95,8 @@ cleanup_ctx(void *data) } if (SecIsValidHandle(&ctx->sspi_credentials)) { - FreeCredentialsHandle(&ctx->sspi_context); - SecInvalidateHandle(&ctx->sspi_context); + FreeCredentialsHandle(&ctx->sspi_credentials); + SecInvalidateHandle(&ctx->sspi_credentials); } return APR_SUCCESS; diff --git a/contrib/serf/buckets/deflate_buckets.c b/contrib/serf/buckets/deflate_buckets.c index 7a8e8e4cd3c..348d70d993d 100644 --- a/contrib/serf/buckets/deflate_buckets.c +++ b/contrib/serf/buckets/deflate_buckets.c @@ -141,7 +141,6 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket, const char **data, apr_size_t *len) { deflate_context_t *ctx = bucket->data; - unsigned long compCRC, compLen; apr_status_t status; const char *private_data; apr_size_t private_len; @@ -186,17 +185,25 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket, ctx->state++; break; case STATE_VERIFY: + { + unsigned long compCRC, compLen, actualLen; + /* Do the checksum computation. */ compCRC = getLong((unsigned char*)ctx->hdr_buffer); if (ctx->crc != compCRC) { return SERF_ERROR_DECOMPRESSION_FAILED; } compLen = getLong((unsigned char*)ctx->hdr_buffer + 4); - if (ctx->zstream.total_out != compLen) { + /* The length in the trailer is module 2^32, so do the same for + the actual length. */ + actualLen = ctx->zstream.total_out; + actualLen &= 0xFFFFFFFF; + if (actualLen != compLen) { return SERF_ERROR_DECOMPRESSION_FAILED; } ctx->state++; break; + } case STATE_INIT: zRC = inflateInit2(&ctx->zstream, ctx->windowSize); if (zRC != Z_OK) { @@ -264,10 +271,14 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket, ctx->zstream.next_in = (unsigned char*)private_data; ctx->zstream.avail_in = private_len; } - zRC = Z_OK; - while (ctx->zstream.avail_in != 0) { - /* We're full, clear out our buffer, reset, and return. */ - if (ctx->zstream.avail_out == 0) { + + while (1) { + + zRC = inflate(&ctx->zstream, Z_NO_FLUSH); + + /* We're full or zlib requires more space. Either case, clear + out our buffer, reset, and return. */ + if (zRC == Z_BUF_ERROR || ctx->zstream.avail_out == 0) { serf_bucket_t *tmp; ctx->zstream.next_out = ctx->buffer; private_len = ctx->bufferSize - ctx->zstream.avail_out; @@ -283,7 +294,6 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket, ctx->zstream.avail_out = ctx->bufferSize; break; } - zRC = inflate(&ctx->zstream, Z_NO_FLUSH); if (zRC == Z_STREAM_END) { serf_bucket_t *tmp; @@ -330,9 +340,13 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket, break; } + + /* Any other error? */ if (zRC != Z_OK) { return SERF_ERROR_DECOMPRESSION_FAILED; } + + /* As long as zRC == Z_OK, just keep looping. */ } /* Okay, we've inflated. Try to read. */ status = serf_bucket_read(ctx->inflate_stream, requested, data, @@ -340,8 +354,13 @@ static apr_status_t serf_deflate_read(serf_bucket_t *bucket, /* Hide EOF. */ if (APR_STATUS_IS_EOF(status)) { status = ctx->stream_status; - /* If our stream is finished too, return SUCCESS so - * we'll iterate one more time. + + /* If the inflation wasn't finished, return APR_SUCCESS. */ + if (zRC != Z_STREAM_END) + return APR_SUCCESS; + + /* If our stream is finished too and all data was inflated, + * return SUCCESS so we'll iterate one more time. */ if (APR_STATUS_IS_EOF(status)) { /* No more data to read from the stream, and everything diff --git a/contrib/serf/buckets/ssl_buckets.c b/contrib/serf/buckets/ssl_buckets.c index d2fe51d7150..579814ec81a 100644 --- a/contrib/serf/buckets/ssl_buckets.c +++ b/contrib/serf/buckets/ssl_buckets.c @@ -1317,7 +1317,9 @@ static serf_ssl_context_t *ssl_init_context(serf_bucket_alloc_t *allocator) ssl_ctx->pool = serf_bucket_allocator_get_pool(allocator); ssl_ctx->allocator = allocator; + /* Use the best possible protocol version, but disable the broken SSLv2/3 */ ssl_ctx->ctx = SSL_CTX_new(SSLv23_client_method()); + SSL_CTX_set_options(ssl_ctx->ctx, SSL_OP_NO_SSLv2 | SSL_OP_NO_SSLv3); SSL_CTX_set_client_cert_cb(ssl_ctx->ctx, ssl_need_client_cert); ssl_ctx->cached_cert = 0; diff --git a/contrib/serf/serf.h b/contrib/serf/serf.h index f6f34a7c7dd..79504a5617e 100644 --- a/contrib/serf/serf.h +++ b/contrib/serf/serf.h @@ -1062,7 +1062,7 @@ void serf_debug__bucket_alloc_check( /* Version info */ #define SERF_MAJOR_VERSION 1 #define SERF_MINOR_VERSION 3 -#define SERF_PATCH_VERSION 7 +#define SERF_PATCH_VERSION 8 /* Version number string */ #define SERF_VERSION_STRING APR_STRINGIFY(SERF_MAJOR_VERSION) "." \