kmx git

Commit	Date	Message
a0912e32	2012-07-26T10:39:05	Check more setsockopt return values when binding sockets. Found by coverity
11c8b317	2012-07-17T11:08:25	Fix a memory leak on error in evhttp_uriencode If we ran out of memory in evhttp_uriencode when allocating the output buffer, we would neglect to call evbuffer_free() on our temporary buffer. Now we always free the temporary buffer. Fixes sourceforge issue 3539887. Thanks to Andrew Cox for reporting this one.
e49e2891	2012-02-10T17:29:53	Update copyright notices to 2012
790f6b3b	2012-01-10T18:33:58	Force strict validation of HTTP version in response. This sometimes accepted invalid versions like 'ICY' (n = 0, major = undefined, sometimes > 1).
da70fa70	2011-12-14T16:17:19	Backport evhttp_connection_get_bufferevent to Libevent 2.0 Backport by Arno Bakker; original implementation in 8d3a8500f4
3c824bd3	2011-10-24T13:18:09	Update copyright dates to 2011.
3203f88c	2011-06-08T17:18:03	Use the correct printf args when formatting size_t Based on a patch from Mansour Moufid
446cc7a0	2011-05-27T18:40:31	Check if the `evhttp_new_object' function in `http.c' returns NULL.
203ba274	2011-05-27T15:08:25	Fix a couple of signed/unsigned warnings in http.c
dbb3c652	2011-05-26T17:43:17	Fix compilation.
1814ae96	2011-05-25T18:52:07	updated EV_S(s)IZE definitions
84560fc4	2011-05-25T14:31:09	Added overflow checks in evhttp_read_body and evhttp_get_body
a2792722	2011-05-25T12:58:59	Added several checks for under/overflow conditions in evhttp_handle_chunked_read
06c51cdf	2011-05-23T18:01:24	Prevent size_t overflow in evhttp_htmlescape. Modified the `html_replace' function so that it returns the length of the replacement string instead of the string itself. This is used to easily check for overflows of the `new_size' variable in the first for loop of the `evhttp_htmlescape' function, and thus potential out of bounds writes in the second for loop (if an overflow occurs in new_size, then new_size < old_size). Also check that new_size + 1 doesn't overflow in mm_malloc(new_size + 1). Removed the `scratch_space' variable from the `evhttp_htmlescape' function since it wasn't actually used; also removed the `buf' variable from the `evhttp_htmlescape' function since it was only used by `scratch_space'.
0848814a	2011-05-20T23:23:44	Fix failing assertion introducd in commit 0d6622e Patch in question: - Fix the case when failed evhttp_make_request() leaved request in the queue. - http://levent.git.sourceforge.net/git/gitweb.cgi?p=levent/libevent;a=commit;h=0d6622e The above patch introduces a failing assertion in evhttp_connection_fail(). This happens because the patch defers the assignment of the outstanding request to the evcon->requests list, while evhttp_connection_fail() assumes that the request lies in the list. One scenario in which this can happen is when the request list is empty and a connection is made to an unreachable host. The assertion will then fail after bufferevent_socket_connect() errors out (with ENETUNREACH in my case).
e49e64e7	2011-04-26T23:42:01	Fix clang warning when resetting connection This was a regression on 2.0.10-stable: clang was warning about values that were unused (because event_debug wasn't using them unless USE_DEBUG was defined). Found by Sebastian Hahn.
12311ff4	2011-03-14T04:13:55	Add a forgotten NULL check to evhttp_parse_headers Issue detected by the clang static analyzer
0d6622e2	2011-03-31T19:11:10	Fix the case when failed evhttp_make_request() leaved request in the queue.
218cf197	2011-03-24T15:52:34	Fix subtle recursion in evhttp_connection_cb_cleanup().
272823f8	2011-03-23T12:05:33	Reset outgoing connection when read data in idle state. Imagine server side is buggy and miscalculates Content-Length: in the reply. Data arriving in idle state shouldn't make us crash, instead we can just reset the connection.
c8baac90	2011-03-07T21:55:47	Followup for Tomash Brechko's http patch This patch makes bufferevent_disable_hard() non-public, and adds a comment about what it's for and why it's used.
5dc56628	2011-02-24T12:30:40	Workaround libevent bug https://sourceforge.net/tracker/index.php?func=detail&aid=3078187&group_id=50884&atid=461324 The problem is that bufferevent_disable() doesn't disable EV_WRITE when 'connecting' flag is set. However from evhttp_connection_reset() we want to disable EV_WRITE for sure (we are closing the socket next). So we add bufferevent_disable_hard(), which acts like bufferevent_disable(), but resets 'connecting' flag before the call to the actual handler. TODO: bufferevent_disable_hard() shouldn't be public, remove it from event2/bufferevent.h.
5dc200b7	2011-02-22T18:53:55	Merge branch '20_uri_nonconformant' into patches-2.0
10c834c4	2011-02-13T01:22:25	Include arpa/inet.h as needed on HPUX
63a715e1	2011-02-21T23:25:13	Correctly detect and stop non-chunked http requests when the body is too long Based on analysis and code from Bas Verhoeven and from Constantine Verutin.
95060b54	2011-02-13T00:41:22	Make URI parser able to tolerate nonconformant URIs. If the EVHTTP_URI_NONCONFORMANT flag is passed in (which it is when parsing URIs we get over the wire), then we relax our checks a lot. Specifically, we do nothing to check for correct characters in the path, query, and fragment parts of such a URI. We could do much more here: we could relax our hostname requirements, deal with spaces differently/better, trap some errors but not others, etc. But this should solve the worst user-agent compatibility issues for now; the other issues can wait for a later release.
3f8d22a1	2010-12-18T02:40:22	Use event_err() only if the failure is truly unrecoverable.
666b0966	2010-12-18T01:07:27	Detect and handle more allocation failures.
bb0d2b4e	2010-12-09T11:47:54	Consistentize tabs
22f4af65	2010-12-09T11:43:12	Remove end-of-line whitespace
7011f9ec	2010-12-07T11:45:14	Fix a signed/unsigned comparison in the last commit
d23839fc	2010-12-07T11:43:52	Reject overlong http requests early when Expect:100-continue is set
04861d5e	2010-11-30T00:05:54	Correctly detect timeouts during http connects
0faaa395	2010-11-29T22:44:18	Try to fix an assertion failure related to close detection f700566c removed a line from evhttp_connection_stop_detectclose that cleared the EVHTTP_CON_CLOSEDETECT flag. I think this was an accident, and suspect that it may be the cause of bug 3069555.
fa9305f8	2010-11-29T18:25:04	Preliminary support for Continue expectation in evhttp.
a12839b0	2010-11-29T14:25:33	Merge remote branch 'chrisd/http_fixes2'
aab8c38b	2010-11-05T11:17:07	Add evhttp server alias interface, correct flagging of proxy requests. evhttp needs to be mindful of all hostnames and addresses that clients use to contact the main server and vhosts to know the difference between proxy requests and non-proxy requests.
ec5c5aec	2010-11-23T20:31:28	Handle evhttp PUT/POST requests with an empty body When we call evhttp_get_bodylen() [when transfer-encoding isn't set], having req->ntoread == -1 means that we have no content-length. But a request with no content-length has no body! We were treating the absent content-length as meaning "read till closed", which only holds for replies, not requests. This patch also allows PATCH requests to have a body.
8faf223a	2010-11-17T00:09:10	Fix a memory leak in evhttp_uri_free.
5c8a59e8	2010-11-09T10:19:05	Merge remote branches 'github/20_evdns_cancel_segfault_v2', 'github/20_http_close_detect', 'github/20_http_versions', 'github/20_more_http_methods', 'github/20_shutdown_iocp_listener' and 'github/20_win64_fixes'
a38140be	2010-11-09T10:14:32	Refactor http version parsing into a single function Based on a suggestion by Chris Davis to make evhttp_parse_response_line tolerate odd versions too.
05124879	2010-11-04T14:05:08	Never call evhttp_readcb while writing.
c76640b5	2010-06-01T04:45:55	Don't disable reading from the HTTP connection after sending the request to be notified of connection-close in time
536311a4	2010-11-04T12:39:41	evhttp: Return 501 when we get an unrecognized method, not 400.
f5b391e2	2010-11-04T11:53:34	Tweak interface for allowed methods
75a73414	2010-11-04T11:25:35	Define enumerators for all HTTP methods, including PATCH from RFC5789 This patch defines enumerators for all HTTP methods that exist (including PATCH introduced in RFC 5789). It also makes them bit-masky (that's not a word, is it?), breaking binary- but not source-code compatibility. evhttp now stores a bitmask specifying for which methods requests to dispatch and which ones to reject with "405 Method Not Allowed". By default that's the ones we currently have (GET, POST, HEAD, PUT, DELETE), thereby keeping functional compatibility (besides the minor change that one of the other methods will now cause 405 instead of 400. But I believe that could even be considered a bug-fix). evhttp is extended by evhttp_set_allowed_methods() with which the user can change that bitmask. no regressions here and my test-app still works. Haven't yet actually tested any of the new methods. What's obviously missing here is the special logic for the methods: OPTIONS: We should be fine here - I believe our current dispatch logic should work fine. Some convenience functions would be fine though. TRACE: I'm pretty certain we should never dispatch this to the callbacks and simply implement the necessary functionality built-in. CONNECT: Pretty straight-forward to implement (and considering the framework in which we implement it very efficient too). Should probably go built-in. PATCH: Except for checking the RFC against our pre-dispatch logic (there just might be some "MUST not have Some-Header" lurking somewhere) there is nothing to be done here, this is completely up to the user. Nothing to do.
78762383	2010-11-03T15:18:34	Merge branch 'http_nolegacy_v2'
22e0a9b2	2010-11-03T15:12:08	Add evhttp_response_code to remove one more reason to include http_struct.h
647e094c	2010-11-02T15:19:12	Replace exact-version checks for HTTP/1.1 with >= or < checks
aa5f55fa	2010-11-02T13:50:57	reset "chunked" flag when sending non-chunked reply
74a91e5a	2010-11-01T14:16:39	fix signed/unsigned warnings in http.c
545a6114	2010-11-01T13:59:04	Fix even more win64 warnings: buffer, event_tagging, http, evdns, evrpc
84a7053e	2010-10-26T21:33:22	Merge remote branch 'github/20_http_read_after_write'
a4063c06	2010-10-26T10:38:30	Note that 2.0.9 will break the ABI, and make changes we were postponing. We had to turn a couple of 32-bit size arguments into 64-bit arguments or size_t arguments (since otherwise we would have had to do it post 2.0.x-stable, and that would be worse).
74c0e862	2010-10-25T21:53:15	Avoid missed-request bug when entire http request arrives before data is flushed The trigger for starting to read the first line of a request used to be, "When data has arrived and we're looking for the first line." But that's not good enough: if the entire next request gets read into our bufev->inbuf while we're still processing the current request, we'll never see any more data arrive, and so will never process it. So the fix is to make sure that whenever we hit evhttp_send_done, we call evhttp_read_cb. We can't call it directly, though, since evhttp_send_done is reachable from the user API, and evhttp_read_cb can invoke user functions, and we don't want to force everyone to have reentrant callbacks. So, we use a deferred_cb. Found by Ivan Andropov. This is bug 3008344.
8e342e56	2010-10-25T16:09:11	Correctly count req->body_size on http usage without Content-Length There was a dumb bug where we would look at the length of the input buffer immediately _after_ we drained it.
58a1cc6b	2010-10-25T16:00:47	Fix a bug where we would read too much data in HTTP bodies or requests. We were using evbuffer_add_buffer, which moved the entire buffer contents. But if we had a valid content_length, we only wanted to move up to the amount of data remaining in ntoread. Our bug would make us put our ntoread in the negative, which would in turn make us read all data until the connection closed. Found by Denis Bilenko. Should fix bug 2963172.
525da3e1	2010-10-25T15:49:42	Fix Content-Length when trying send more than 100GB of data (!) on an evhttp.
006efa7d	2010-10-25T11:50:51	Functions to actually use evhttp_bound_socket with/as evconnlistener.
bf11e7dd	2010-10-21T15:33:13	Merge branch 'http_uri_parse'
45f6869c	2010-10-21T14:41:12	Make evhttp_uri non-public, and give it accessor functions.
2a3b5872	2010-10-21T12:23:10	Merge branch 'http_small_tweaks' Conflicts: http-internal.h
cd00079b	2010-10-21T12:19:28	Add evhttp_connection_get_base() to get the event_base from an http connection Based on a patch by Mark Ellzey from 27 July 2010. Closes ticket 3052406
2075fbcf	2010-10-19T13:15:48	Add evhttp_parse_query_str to be used with evhttp_uri_parse. The old evhttp_parse_query() doesn't work well with struct evhttp_uri.query, since it expects to get whole URIs, rather than just the query portion.
a5a76e68	2010-10-19T12:35:50	Add a huge pile of tests for the new URI functions, and make them pass.
eaa5f1d9	2010-10-19T11:26:59	Revise evhttp_uri_parse implementation to handle more of RFC3986
fadbfd4e	2010-10-18T14:43:54	Clean up error handling in uri_parse a little
7d45431e	2010-10-18T14:38:48	Do not silently truncate URIs in evhttp_uri_join. Also avoid evbuffer_pullup.
86212341	2010-10-18T14:34:20	Make evhttp_uri_parse and friends conform to memory management standards
86dd720a	2010-08-08T16:46:39	Introduce absolute URI parsing helpers. See evhttp_uri_parse(), evhttp_uri_free() and evhttp_uri_join() for details.
49f4bf7c	2010-10-18T13:58:02	Add evhttp_request_get_command so code can tell GET from POST without peeking at the struct.
a8148ced	2010-10-08T13:05:13	New evhttp_uri(encode\|decode) functions to handle + and NUL characters right The old evhttp_decode_uri() function would act as tough it was doing an (illegal, undefined) decode operation on a whole URL at once, and treat + characters following a ? as different from + characters preceding one. But that's not useful: If you are decoding a URI before splitting off query parameters, you are begging to fail as soon as somebody gives you a value with an encoded & in it. The new evhttp_uridecode() function takes an argument that says whether to decode + signs. Both uridecode and uriencode also now support encoding or decoding to strings with internal 0-valued characters.
2e63a604	2010-10-08T12:57:11	evhttp_encode_uri encodes all reserved characters, including !$'()+,/:=@ Perviously, some characters not listed as "unreserved" by RFC 3986 (notably "!$'()+,/:=@") were not encoded by evhttp_encode_uri. This made trouble, especially when encoding path components (where @ and / are bad news) and parameters (where + should get encoded so it doesn't later decode into a space). Spotted by Bas Verhoeven.
3b844893	2010-10-06T12:35:38	Tweak evhttp_parse_query hack to avoid breaking abi
b1756d01	2010-10-06T11:48:52	Let evhttp_parse_query return -1 on failure We already detected certain malformed queries, but we responded by aborting the query-parsing process half-way through without telling the user. Now, if query-parsing fails, no headers are returned, and evhttp_parse_query returns -1.
145f221e	2010-10-05T13:06:32	Define symbolic constants to use in place of SHUT_RD etc
e0fd8708	2010-10-05T13:01:54	Send a shutdown(SHUT_WR) before closing an http connection This avoids getting an ECONNRESET from the TCP stack. Fixes bug 2928690
9c8db0f8	2010-09-23T22:45:55	Fix all warnings in the main codebase flagged by -Wsigned-compare Remember, the code int is_less_than(int a, unsigned b) { return a < b; } is buggy, since the C integer promotion rules basically turn it into int is_less_than(int a, unsigned b) { return ((unsigned)a) < b; } and we really want something closer to int is_less_than(int a, unsigned b) { return a < 0 \|\| ((unsigned)a) < b; } . Suggested by an example from Ralph Castain
90b3ed5b	2010-08-09T13:25:50	Add some comments to http.c and make a few functions static.
ec347b92	2010-07-07T16:45:03	Move event-config.h to include/event2 This change means that all required include files are in event2, and all files not in event2/* are optional.
29b2e233	2010-05-30T03:17:48	Fix possible nullptr dereference in evhttp_send_reply_end() (The existing implementation had sanity-checking code for the case where its argument was NULL, but it erroneously dereferenced it before actually doing the sanity-check. --nickm)
39906698	2010-05-26T12:58:02	Let evhttp_send_error infer the right error reasons
06bd0563	2010-05-26T12:50:59	Fix the default HTTP error template The current template... <HTML><HEAD><TITLE>%s</TITLE> </HEAD><BODY> <H1>Method Not Implemented</H1> Invalid method in request<P> </BODY></HTML> is highly confusing. The given title is easily overlooked and the hard-coded content is just plain wrong in most cases (I really read this as "the server did not understand the requested HTTP method) This patch changes the template to include the error reason in the body as well as in the header, and to infer the proper reason from the status code whenever the reason argument is NULL. This patch also removes a redundant evhttp_add_header from evhttp_send_error; evhttp_send_page already adds a "Connection: close" header.
caca2f45	2010-05-14T14:36:49	Replace (safe) use of strcpy with memcpy to appease OpenBSD If Libevent uses strcpy, even safely, it seems OpenBSD's linker will complain every time a library links Libevent. It's easier just not to use the old thing, even when it's safe to do so.
c1cd32a1	2010-05-08T22:21:52	Define _REENTRANT as needed on Solaris, elsewhere It turns out that _REENTRANT isn't only needed to make certain functions visible; we also need it to make pthreads work properly some places (like Solaris, where forgetting _REENTRANT basically means that all threads are sharing the same errno). Fortunately, our ACX_PTHREAD() configure macro already gives us a PTHREAD_CFLAG variable, so all we have to do is use it.
953e2290	2010-05-03T11:29:22	Refuse null keys in evhttp_parse_query() evhttp_parse_query() currently accepts empty keys, that don't make any sense. -Frank [From sourceforge patch 2995183] -Nick
bd1ed5f3	2010-05-02T12:51:35	Fix a compile warning introduced in 739e688
739e6882	2010-04-28T21:33:13	Allow empty reason line in HTTP status
9d8edf2f	2010-04-23T18:59:22	do not leak the request object on persistent connections
899c1dcc	2010-04-14T15:42:57	Replace EVUTIL_CLOSESOCKET macro with a function The EVUTIL_CLOSESOCKET() macro required you to include unistd.h in your source for POSIX. We might as well turn it into a function: an extra function call is going to be cheap in comparison with the system call. We retain the EVUTIL_CLOSESOCKET() macro as an alias for the new evutil_closesocket() function. (commit message from email by Nick and Sebastian)
13e4f3bd	2010-03-08T13:46:48	Avoid errors in http.c when building with VC 2003 .NET
c7cf6f00	2010-03-05T12:47:46	Replace users of "int fd" with "evutil_socket_t fd" in portable code Remeber, win32 has a socket type that's actually a handle, so if there's a chance that code is run on win32, we can't use "int" as the socket type. This isn't a blind search-and-replace: sometimes an fd is really in fact for a file, and not a socket at all.
17efc1cd	2010-03-04T01:25:51	Update all our copyright notices to say "2010"
e5cf9879	2010-02-18T17:46:56	Clean up formatting: remove trailing spaces
e5bbd40a	2010-02-18T17:41:15	Clean up formatting: use tabs, not 8-spaces, to indent.
8fdf09c0	2010-02-18T17:08:50	Clean up formatting: Disallow space-before-tab.
cfe7a9ff	2010-02-04T10:15:39	Merge remote branch 'niels/http_chunk'
39781801	2010-02-03T16:54:18	make evhttp_send() safe against terminated connections, too
e2d15d81	2010-02-03T17:52:55	Merge remote branch 'niels/http_chunk'
93d73691	2010-02-03T14:34:56	do not fail while sending on http connections the client closed. when sending chunked requests via multiple calls to evhttp_send_reply_chunk, the client may close the connection before the server is done sending. this used to cause a crash. we introduce a new function evhttp_request_get_connection() that allows the server to determine if the request is still associated with a connection. If it's not, evhttp_request_free() needs to be called explicitly or the user can call evhttp_send_reply_end() which just frees the request, too.

a0912e32

2012-07-26T10:39:05

Check more setsockopt return values when binding sockets. Found by coverity

11c8b317

2012-07-17T11:08:25

Fix a memory leak on error in evhttp_uriencode If we ran out of memory in evhttp_uriencode when allocating the output buffer, we would neglect to call evbuffer_free() on our temporary buffer. Now we always free the temporary buffer. Fixes sourceforge issue 3539887. Thanks to Andrew Cox for reporting this one.

e49e2891

2012-02-10T17:29:53

Update copyright notices to 2012

790f6b3b

2012-01-10T18:33:58

Force strict validation of HTTP version in response. This sometimes accepted invalid versions like 'ICY' (n = 0, major = undefined, sometimes > 1).

da70fa70

2011-12-14T16:17:19

Backport evhttp_connection_get_bufferevent to Libevent 2.0 Backport by Arno Bakker; original implementation in 8d3a8500f4

3c824bd3

2011-10-24T13:18:09

Update copyright dates to 2011.

3203f88c

2011-06-08T17:18:03

Use the correct printf args when formatting size_t Based on a patch from Mansour Moufid

446cc7a0

2011-05-27T18:40:31

Check if the `evhttp_new_object' function in `http.c' returns NULL.

203ba274

2011-05-27T15:08:25

Fix a couple of signed/unsigned warnings in http.c

dbb3c652

2011-05-26T17:43:17

Fix compilation.

1814ae96

2011-05-25T18:52:07

updated EV_S(s)IZE definitions

84560fc4

2011-05-25T14:31:09

Added overflow checks in evhttp_read_body and evhttp_get_body

a2792722

2011-05-25T12:58:59

Added several checks for under/overflow conditions in evhttp_handle_chunked_read

06c51cdf

2011-05-23T18:01:24

Prevent size_t overflow in evhttp_htmlescape. Modified the `html_replace' function so that it returns the length of the replacement string instead of the string itself. This is used to easily check for overflows of the `new_size' variable in the first for loop of the `evhttp_htmlescape' function, and thus potential out of bounds writes in the second for loop (if an overflow occurs in new_size, then new_size < old_size). Also check that new_size + 1 doesn't overflow in mm_malloc(new_size + 1). Removed the `scratch_space' variable from the `evhttp_htmlescape' function since it wasn't actually used; also removed the `buf' variable from the `evhttp_htmlescape' function since it was only used by `scratch_space'.

0848814a

2011-05-20T23:23:44

Fix failing assertion introducd in commit 0d6622e Patch in question: - Fix the case when failed evhttp_make_request() leaved request in the queue. - http://levent.git.sourceforge.net/git/gitweb.cgi?p=levent/libevent;a=commit;h=0d6622e The above patch introduces a failing assertion in evhttp_connection_fail(). This happens because the patch defers the assignment of the outstanding request to the evcon->requests list, while evhttp_connection_fail() assumes that the request lies in the list. One scenario in which this can happen is when the request list is empty and a connection is made to an unreachable host. The assertion will then fail after bufferevent_socket_connect() errors out (with ENETUNREACH in my case).

e49e64e7

2011-04-26T23:42:01

Fix clang warning when resetting connection This was a regression on 2.0.10-stable: clang was warning about values that were unused (because event_debug wasn't using them unless USE_DEBUG was defined). Found by Sebastian Hahn.

12311ff4

2011-03-14T04:13:55

Add a forgotten NULL check to evhttp_parse_headers Issue detected by the clang static analyzer

0d6622e2

2011-03-31T19:11:10

Fix the case when failed evhttp_make_request() leaved request in the queue.

218cf197

2011-03-24T15:52:34

Fix subtle recursion in evhttp_connection_cb_cleanup().

272823f8

2011-03-23T12:05:33

Reset outgoing connection when read data in idle state. Imagine server side is buggy and miscalculates Content-Length: in the reply. Data arriving in idle state shouldn't make us crash, instead we can just reset the connection.

c8baac90

2011-03-07T21:55:47

Followup for Tomash Brechko's http patch This patch makes bufferevent_disable_hard() non-public, and adds a comment about what it's for and why it's used.

5dc56628

2011-02-24T12:30:40

Workaround libevent bug https://sourceforge.net/tracker/index.php?func=detail&aid=3078187&group_id=50884&atid=461324 The problem is that bufferevent_disable() doesn't disable EV_WRITE when 'connecting' flag is set. However from evhttp_connection_reset() we want to disable EV_WRITE for sure (we are closing the socket next). So we add bufferevent_disable_hard(), which acts like bufferevent_disable(), but resets 'connecting' flag before the call to the actual handler. TODO: bufferevent_disable_hard() shouldn't be public, remove it from event2/bufferevent.h.

5dc200b7

2011-02-22T18:53:55

Merge branch '20_uri_nonconformant' into patches-2.0

10c834c4

2011-02-13T01:22:25

Include arpa/inet.h as needed on HPUX

63a715e1

2011-02-21T23:25:13

Correctly detect and stop non-chunked http requests when the body is too long Based on analysis and code from Bas Verhoeven and from Constantine Verutin.

95060b54

2011-02-13T00:41:22

Make URI parser able to tolerate nonconformant URIs. If the EVHTTP_URI_NONCONFORMANT flag is passed in (which it is when parsing URIs we get over the wire), then we relax our checks a lot. Specifically, we do nothing to check for correct characters in the path, query, and fragment parts of such a URI. We could do much more here: we could relax our hostname requirements, deal with spaces differently/better, trap some errors but not others, etc. But this should solve the worst user-agent compatibility issues for now; the other issues can wait for a later release.

3f8d22a1

2010-12-18T02:40:22

Use event_err() only if the failure is truly unrecoverable.

666b0966

2010-12-18T01:07:27

Detect and handle more allocation failures.

bb0d2b4e

2010-12-09T11:47:54

Consistentize tabs

22f4af65

2010-12-09T11:43:12

Remove end-of-line whitespace

7011f9ec

2010-12-07T11:45:14

Fix a signed/unsigned comparison in the last commit

d23839fc

2010-12-07T11:43:52

Reject overlong http requests early when Expect:100-continue is set

04861d5e

2010-11-30T00:05:54

Correctly detect timeouts during http connects

0faaa395

2010-11-29T22:44:18

Try to fix an assertion failure related to close detection f700566c removed a line from evhttp_connection_stop_detectclose that cleared the EVHTTP_CON_CLOSEDETECT flag. I think this was an accident, and suspect that it may be the cause of bug 3069555.

fa9305f8

2010-11-29T18:25:04

Preliminary support for Continue expectation in evhttp.

a12839b0

2010-11-29T14:25:33

Merge remote branch 'chrisd/http_fixes2'

aab8c38b

2010-11-05T11:17:07

Add evhttp server alias interface, correct flagging of proxy requests. evhttp needs to be mindful of all hostnames and addresses that clients use to contact the main server and vhosts to know the difference between proxy requests and non-proxy requests.

ec5c5aec

2010-11-23T20:31:28

Handle evhttp PUT/POST requests with an empty body When we call evhttp_get_bodylen() [when transfer-encoding isn't set], having req->ntoread == -1 means that we have no content-length. But a request with no content-length has no body! We were treating the absent content-length as meaning "read till closed", which only holds for replies, not requests. This patch also allows PATCH requests to have a body.

8faf223a

2010-11-17T00:09:10

Fix a memory leak in evhttp_uri_free.

5c8a59e8

2010-11-09T10:19:05

Merge remote branches 'github/20_evdns_cancel_segfault_v2', 'github/20_http_close_detect', 'github/20_http_versions', 'github/20_more_http_methods', 'github/20_shutdown_iocp_listener' and 'github/20_win64_fixes'

a38140be

2010-11-09T10:14:32

Refactor http version parsing into a single function Based on a suggestion by Chris Davis to make evhttp_parse_response_line tolerate odd versions too.

05124879

2010-11-04T14:05:08

Never call evhttp_readcb while writing.

c76640b5

2010-06-01T04:45:55

Don't disable reading from the HTTP connection after sending the request to be notified of connection-close in time

536311a4

2010-11-04T12:39:41

evhttp: Return 501 when we get an unrecognized method, not 400.

f5b391e2

2010-11-04T11:53:34

Tweak interface for allowed methods

75a73414

2010-11-04T11:25:35

Define enumerators for all HTTP methods, including PATCH from RFC5789 This patch defines enumerators for all HTTP methods that exist (including PATCH introduced in RFC 5789). It also makes them bit-masky (that's not a word, is it?), breaking binary- but not source-code compatibility. evhttp now stores a bitmask specifying for which methods requests to dispatch and which ones to reject with "405 Method Not Allowed". By default that's the ones we currently have (GET, POST, HEAD, PUT, DELETE), thereby keeping functional compatibility (besides the minor change that one of the other methods will now cause 405 instead of 400. But I believe that could even be considered a bug-fix). evhttp is extended by evhttp_set_allowed_methods() with which the user can change that bitmask. no regressions here and my test-app still works. Haven't yet actually tested any of the new methods. What's obviously missing here is the special logic for the methods: OPTIONS: We should be fine here - I believe our current dispatch logic should work fine. Some convenience functions would be fine though. TRACE: I'm pretty certain we should never dispatch this to the callbacks and simply implement the necessary functionality built-in. CONNECT: Pretty straight-forward to implement (and considering the framework in which we implement it very efficient too). Should probably go built-in. PATCH: Except for checking the RFC against our pre-dispatch logic (there just might be some "MUST not have Some-Header" lurking somewhere) there is nothing to be done here, this is completely up to the user. Nothing to do.

78762383

2010-11-03T15:18:34

Merge branch 'http_nolegacy_v2'

22e0a9b2

2010-11-03T15:12:08

Add evhttp_response_code to remove one more reason to include http_struct.h

647e094c

2010-11-02T15:19:12

Replace exact-version checks for HTTP/1.1 with >= or < checks

aa5f55fa

2010-11-02T13:50:57

reset "chunked" flag when sending non-chunked reply

74a91e5a

2010-11-01T14:16:39

fix signed/unsigned warnings in http.c

545a6114

2010-11-01T13:59:04

Fix even more win64 warnings: buffer, event_tagging, http, evdns, evrpc

84a7053e

2010-10-26T21:33:22

Merge remote branch 'github/20_http_read_after_write'

a4063c06

2010-10-26T10:38:30

Note that 2.0.9 will break the ABI, and make changes we were postponing. We had to turn a couple of 32-bit size arguments into 64-bit arguments or size_t arguments (since otherwise we would have had to do it post 2.0.x-stable, and that would be worse).

74c0e862

2010-10-25T21:53:15

Avoid missed-request bug when entire http request arrives before data is flushed The trigger for starting to read the first line of a request used to be, "When data has arrived and we're looking for the first line." But that's not good enough: if the entire next request gets read into our bufev->inbuf while we're still processing the current request, we'll never see any more data arrive, and so will never process it. So the fix is to make sure that whenever we hit evhttp_send_done, we call evhttp_read_cb. We can't call it directly, though, since evhttp_send_done is reachable from the user API, and evhttp_read_cb can invoke user functions, and we don't want to force everyone to have reentrant callbacks. So, we use a deferred_cb. Found by Ivan Andropov. This is bug 3008344.

8e342e56

2010-10-25T16:09:11

Correctly count req->body_size on http usage without Content-Length There was a dumb bug where we would look at the length of the input buffer immediately _after_ we drained it.

58a1cc6b

2010-10-25T16:00:47

Fix a bug where we would read too much data in HTTP bodies or requests. We were using evbuffer_add_buffer, which moved the entire buffer contents. But if we had a valid content_length, we only wanted to move up to the amount of data remaining in ntoread. Our bug would make us put our ntoread in the negative, which would in turn make us read all data until the connection closed. Found by Denis Bilenko. Should fix bug 2963172.

525da3e1

2010-10-25T15:49:42

Fix Content-Length when trying send more than 100GB of data (!) on an evhttp.

006efa7d

2010-10-25T11:50:51

Functions to actually use evhttp_bound_socket with/as evconnlistener.

bf11e7dd

2010-10-21T15:33:13

Merge branch 'http_uri_parse'

45f6869c

2010-10-21T14:41:12

Make evhttp_uri non-public, and give it accessor functions.

2a3b5872

2010-10-21T12:23:10

Merge branch 'http_small_tweaks' Conflicts: http-internal.h

cd00079b

2010-10-21T12:19:28

Add evhttp_connection_get_base() to get the event_base from an http connection Based on a patch by Mark Ellzey from 27 July 2010. Closes ticket 3052406

2075fbcf

2010-10-19T13:15:48

Add evhttp_parse_query_str to be used with evhttp_uri_parse. The old evhttp_parse_query() doesn't work well with struct evhttp_uri.query, since it expects to get whole URIs, rather than just the query portion.

a5a76e68

2010-10-19T12:35:50

Add a huge pile of tests for the new URI functions, and make them pass.

eaa5f1d9

2010-10-19T11:26:59

Revise evhttp_uri_parse implementation to handle more of RFC3986

fadbfd4e

2010-10-18T14:43:54

Clean up error handling in uri_parse a little

7d45431e

2010-10-18T14:38:48

Do not silently truncate URIs in evhttp_uri_join. Also avoid evbuffer_pullup.

86212341

2010-10-18T14:34:20

Make evhttp_uri_parse and friends conform to memory management standards

86dd720a

2010-08-08T16:46:39

Introduce absolute URI parsing helpers. See evhttp_uri_parse(), evhttp_uri_free() and evhttp_uri_join() for details.

49f4bf7c

2010-10-18T13:58:02

Add evhttp_request_get_command so code can tell GET from POST without peeking at the struct.

a8148ced

2010-10-08T13:05:13

New evhttp_uri(encode|decode) functions to handle + and NUL characters right The old evhttp_decode_uri() function would act as tough it was doing an (illegal, undefined) decode operation on a whole URL at once, and treat + characters following a ? as different from + characters preceding one. But that's not useful: If you are decoding a URI before splitting off query parameters, you are begging to fail as soon as somebody gives you a value with an encoded & in it. The new evhttp_uridecode() function takes an argument that says whether to decode + signs. Both uridecode and uriencode also now support encoding or decoding to strings with internal 0-valued characters.

2e63a604

2010-10-08T12:57:11

evhttp_encode_uri encodes all reserved characters, including !$'()*+,/:=@ Perviously, some characters not listed as "unreserved" by RFC 3986 (notably "!$'()*+,/:=@") were not encoded by evhttp_encode_uri. This made trouble, especially when encoding path components (where @ and / are bad news) and parameters (where + should get encoded so it doesn't later decode into a space). Spotted by Bas Verhoeven.

3b844893

2010-10-06T12:35:38

Tweak evhttp_parse_query hack to avoid breaking abi

b1756d01

2010-10-06T11:48:52

Let evhttp_parse_query return -1 on failure We already detected certain malformed queries, but we responded by aborting the query-parsing process half-way through without telling the user. Now, if query-parsing fails, no headers are returned, and evhttp_parse_query returns -1.

145f221e

2010-10-05T13:06:32

Define symbolic constants to use in place of SHUT_RD etc

e0fd8708

2010-10-05T13:01:54

Send a shutdown(SHUT_WR) before closing an http connection This avoids getting an ECONNRESET from the TCP stack. Fixes bug 2928690

9c8db0f8

2010-09-23T22:45:55

Fix all warnings in the main codebase flagged by -Wsigned-compare Remember, the code int is_less_than(int a, unsigned b) { return a < b; } is buggy, since the C integer promotion rules basically turn it into int is_less_than(int a, unsigned b) { return ((unsigned)a) < b; } and we really want something closer to int is_less_than(int a, unsigned b) { return a < 0 || ((unsigned)a) < b; } . Suggested by an example from Ralph Castain

90b3ed5b

2010-08-09T13:25:50

Add some comments to http.c and make a few functions static.

ec347b92

2010-07-07T16:45:03

Move event-config.h to include/event2 This change means that all required include files are in event2, and all files not in event2/* are optional.

29b2e233

2010-05-30T03:17:48

Fix possible nullptr dereference in evhttp_send_reply_end() (The existing implementation had sanity-checking code for the case where its argument was NULL, but it erroneously dereferenced it before actually doing the sanity-check. --nickm)

39906698

2010-05-26T12:58:02

Let evhttp_send_error infer the right error reasons

06bd0563

2010-05-26T12:50:59

Fix the default HTTP error template The current template... <HTML><HEAD><TITLE>%s</TITLE> </HEAD><BODY> <H1>Method Not Implemented</H1> Invalid method in request<P> </BODY></HTML> is highly confusing. The given title is easily overlooked and the hard-coded content is just plain wrong in most cases (I really read this as "the server did not understand the requested HTTP method) This patch changes the template to include the error reason in the body as well as in the header, and to infer the proper reason from the status code whenever the reason argument is NULL. This patch also removes a redundant evhttp_add_header from evhttp_send_error; evhttp_send_page already adds a "Connection: close" header.

caca2f45

2010-05-14T14:36:49

Replace (safe) use of strcpy with memcpy to appease OpenBSD If Libevent uses strcpy, even safely, it seems OpenBSD's linker will complain every time a library links Libevent. It's easier just not to use the old thing, even when it's safe to do so.

c1cd32a1

2010-05-08T22:21:52

Define _REENTRANT as needed on Solaris, elsewhere It turns out that _REENTRANT isn't only needed to make certain functions visible; we also need it to make pthreads work properly some places (like Solaris, where forgetting _REENTRANT basically means that all threads are sharing the same errno). Fortunately, our ACX_PTHREAD() configure macro already gives us a PTHREAD_CFLAG variable, so all we have to do is use it.

953e2290

2010-05-03T11:29:22

Refuse null keys in evhttp_parse_query() evhttp_parse_query() currently accepts empty keys, that don't make any sense. -Frank [From sourceforge patch 2995183] -Nick

bd1ed5f3

2010-05-02T12:51:35

Fix a compile warning introduced in 739e688

739e6882

2010-04-28T21:33:13

Allow empty reason line in HTTP status

9d8edf2f

2010-04-23T18:59:22

do not leak the request object on persistent connections

899c1dcc

2010-04-14T15:42:57

Replace EVUTIL_CLOSESOCKET macro with a function The EVUTIL_CLOSESOCKET() macro required you to include unistd.h in your source for POSIX. We might as well turn it into a function: an extra function call is going to be cheap in comparison with the system call. We retain the EVUTIL_CLOSESOCKET() macro as an alias for the new evutil_closesocket() function. (commit message from email by Nick and Sebastian)

13e4f3bd

2010-03-08T13:46:48

Avoid errors in http.c when building with VC 2003 .NET

c7cf6f00

2010-03-05T12:47:46

Replace users of "int fd" with "evutil_socket_t fd" in portable code Remeber, win32 has a socket type that's actually a handle, so if there's a chance that code is run on win32, we can't use "int" as the socket type. This isn't a blind search-and-replace: sometimes an fd is really in fact for a file, and not a socket at all.

17efc1cd

2010-03-04T01:25:51

e5cf9879

2010-02-18T17:46:56

Clean up formatting: remove trailing spaces

e5bbd40a

2010-02-18T17:41:15

Clean up formatting: use tabs, not 8-spaces, to indent.

8fdf09c0

2010-02-18T17:08:50

Clean up formatting: Disallow space-before-tab.

cfe7a9ff

2010-02-04T10:15:39

Merge remote branch 'niels/http_chunk'

39781801

2010-02-03T16:54:18

make evhttp_send() safe against terminated connections, too

e2d15d81

2010-02-03T17:52:55

Merge remote branch 'niels/http_chunk'

93d73691

2010-02-03T14:34:56

do not fail while sending on http connections the client closed. when sending chunked requests via multiple calls to evhttp_send_reply_chunk, the client may close the connection before the server is done sending. this used to cause a crash. we introduce a new function evhttp_request_get_connection() that allows the server to determine if the request is still associated with a connection. If it's not, evhttp_request_free() needs to be called explicitly or the user can call evhttp_send_reply_end() which just frees the request, too.

kc3-lang/libevent/http.c

http.c

Log