Edit

kc3-lang/libevent

Branch :

  • Show log

    Commit

  • Author : Azat Khuzhin
    Date : 2015-11-23 13:52:31
    Hash : 809bb39b
    Message : be_sock: bufferevent_socket_connect_hostname(): make it thread-safe If you use bufferevent_socket_connect_hostname() to resolve, then ipv4 answer can be returned before ipv6 scheduled and if you will destroy bufferevent after ipv4 answer will come (in a separate thread of course) then ipv6 will trigger UAF: $ a.out ================================================================= ==29733==ERROR: AddressSanitizer: heap-use-after-free on address 0x60200000ef50 at pc 0x0000004b7aef bp 0x7fffffffd940 sp 0x7fffffffd0f8 READ of size 2 at 0x60200000ef50 thread T0 #0 0x4b7aee in __interceptor_index (/src/oss/libevent/libevent-github/.invest/217-evhttp-threaded/a.out+0x4b7aee) #1 0x5060eb in string_num_dots /src/oss/libevent/libevent-github/.cmake-debug/../evdns.c:2739 #2 0x5078df in search_request_new /src/oss/libevent/libevent-github/.cmake-debug/../evdns.c:3214 #3 0x506afd in evdns_base_resolve_ipv6 /src/oss/libevent/libevent-github/.cmake-debug/../evdns.c:2935 #4 0x50aa94 in evdns_getaddrinfo /src/oss/libevent/libevent-github/.cmake-debug/../evdns.c:4719 #5 0x51de4f in evutil_getaddrinfo_async_ /src/oss/libevent/libevent-github/.cmake-debug/../evutil.c:1567 #6 0x4fe023 in bufferevent_socket_connect_hostname /src/oss/libevent/libevent-github/.cmake-debug/../bufferevent_sock.c:519 #7 0x524f54 in evhttp_connection_connect_ /src/oss/libevent/libevent-github/.cmake-debug/../http.c:2493 #8 0x525156 in evhttp_make_request /src/oss/libevent/libevent-github/.cmake-debug/../http.c:2548 #9 0x52d373 in main (/src/oss/libevent/libevent-github/.invest/217-evhttp-threaded/a.out+0x52d373) #10 0x7ffff6849b44 in __libc_start_main /tmp/buildd/glibc-2.19/csu/libc-start.c:287 #11 0x445806 in _start (/src/oss/libevent/libevent-github/.invest/217-evhttp-threaded/a.out+0x445806) 0x60200000ef50 is located 0 bytes inside of 15-byte region [0x60200000ef50,0x60200000ef5f) freed by thread T1 here: #0 0x4cc4f2 in __interceptor_free (/src/oss/libevent/libevent-github/.invest/217-evhttp-threaded/a.out+0x4cc4f2) #1 0x5141c1 in event_mm_free_ /src/oss/libevent/libevent-github/.cmake-debug/../event.c:3512 #2 0x522402 in evhttp_connection_free /src/oss/libevent/libevent-github/.cmake-debug/../http.c:1206 #3 0x52cc5f in connection_closer (/src/oss/libevent/libevent-github/.invest/217-evhttp-threaded/a.out+0x52cc5f) #4 0x50e80e in event_process_active_single_queue /src/oss/libevent/libevent-github/.cmake-debug/../event.c:1642 #5 0x50ed57 in event_process_active /src/oss/libevent/libevent-github/.cmake-debug/../event.c:1734 #6 0x50f458 in event_base_loop /src/oss/libevent/libevent-github/.cmake-debug/../event.c:1957 #7 0x50eddf in event_base_dispatch /src/oss/libevent/libevent-github/.cmake-debug/../event.c:1768 #8 0x52d075 in event_dispatch_thread (/src/oss/libevent/libevent-github/.invest/217-evhttp-threaded/a.out+0x52d075) #9 0x7ffff74fc0a3 in start_thread /tmp/buildd/glibc-2.19/nptl/pthread_create.c:309 Fixes: #217 Closes: #222 Closes: #219 Gist: https://gist.github.com/azat/92cbb34232ac02d7972b (from #217 but thread-safe)

  • README.md

  • libevent logo

    Appveyor Win32 Build Status Travis Build Status

    0. BUILDING AND INSTALLATION (Briefly)

    Autoconf

     $ ./configure
 $ make
 $ make verify   # (optional)
 $ sudo make install

    CMake (Windows)

    Install CMake: http://www.cmake.org

     $ md build && cd build
 $ cmake -G "Visual Studio 10" ..   # Or whatever generator you want to use cmake --help for a list.
 $ start libevent.sln

    CMake (Unix)

     $ mkdir build && cd build
 $ cmake ..     # Default to Unix Makefiles.
 $ make
 $ make verify  # (optional)

    1. BUILDING AND INSTALLATION (In Depth)

    Autoconf

    To build libevent, type

     $ ./configure && make

    (If you got libevent from the git repository, you will first need to run the included "autogen.sh" script in order to generate the configure script.)

    You can run the regression tests by running

     $ make verify

    Install as root via

     $ make install

    Before reporting any problems, please run the regression tests.

    To enable the low-level tracing build the library as:

     $ CFLAGS=-DUSE_DEBUG ./configure [...]

    Standard configure flags should work. In particular, see:

    --disable-shared Only build static libraries --prefix Install all files relative to this directory.

    The configure script also supports the following flags:

    --enable-gcc-warnings Enable extra compiler checking with GCC. --disable-malloc-replacement Don't let applications replace our memory management functions --disable-openssl Disable support for OpenSSL encryption. --disable-thread-support Don't support multithreaded environments.

    CMake (Windows)

    (Note that autoconf is currently the most mature and supported build enviroment for libevent; the cmake instructions here are new and experimental, though they should be solid. We hope that cmake will still be supported in future versions of Libevent, and will try to make sure that happens.)

    First of all install http://www.cmake.org.

    To build libevent using Microsoft Visual studio open the "Visual Studio Command prompt" and type:

    $ cd <libevent source dir>
$ mkdir build && cd build
$ cmake -G "Visual Studio 10" ..   # Or whatever generator you want to use cmake --help for a list.
$ start libevent.sln

    In the above, the ".." refers to the dir containing the Libevent source code. You can build multiple versions (with different compile time settings) from the same source tree by creating other build directories.

    It is highly recommended to build "out of source" when using CMake instead of "in source" like the normal behaviour of autoconf for this reason.

    The "NMake Makefiles" CMake generator can be used to build entirely via the command line.

    To get a list of settings available for the project you can type:

    $ cmake -LH ..

    GUI

    CMake also provides a GUI that lets you specify the source directory and output (binary) directory that the build should be placed in.

    OpenSSL support

    To build Libevent with OpenSSL support you will need to have OpenSSL binaries available when building, these can be found here: http://www.openssl.org/related/binaries.html

    2. USEFUL LINKS:

    For the latest released version of Libevent, see the official website at http://libevent.org/ .

    There's a pretty good work-in-progress manual up at http://www.wangafu.net/~nickm/libevent-book/ .

    For the latest development versions of Libevent, access our Git repository via

    $ git clone git://levent.git.sourceforge.net/gitroot/levent/libevent

    You can browse the git repository online at:

    http://levent.git.sourceforge.net/git/gitweb-index.cgi

    https://github.com/libevent/Libevent

    To report bugs, request features, or submit patches to Libevent, use the Sourceforge trackers at

    https://sourceforge.net/tracker/?group_id=50884

    There's also a libevent-users mailing list for talking about Libevent use and development:

    http://archives.seul.org/libevent/users/

    3. ACKNOWLEDGMENTS

    The following people have helped with suggestions, ideas, code or fixing bugs:

    • Samy Al Bahra
    • Antony Antony
    • Jacob Appelbaum
    • Arno Bakker
    • Weston Andros Adamson
    • William Ahern
    • Ivan Andropov
    • Sergey Avseyev
    • Avi Bab
    • Joachim Bauch
    • Andrey Belobrov
    • Gilad Benjamini
    • Stas Bekman
    • Denis Bilenko
    • Julien Blache
    • Kevin Bowling
    • Tomash Brechko
    • Kelly Brock
    • Ralph Castain
    • Adrian Chadd
    • Lawnstein Chan
    • Shuo Chen
    • Ka-Hing Cheung
    • Andrew Cox
    • Paul Croome
    • George Danchev
    • Andrew Danforth
    • Ed Day
    • Christopher Davis
    • Mike Davis
    • Frank Denis
    • Antony Dovgal
    • Mihai Draghicioiu
    • Alexander Drozdov
    • Mark Ellzey
    • Shie Erlich
    • Leonid Evdokimov
    • Juan Pablo Fernandez
    • Christophe Fillot
    • Mike Frysinger
    • Remi Gacogne
    • Artem Germanov
    • Alexander von Gernler
    • Diego Giagio
    • Artur Grabowski
    • Diwaker Gupta
    • Kuldeep Gupta
    • Sebastian Hahn
    • Dave Hart
    • Greg Hazel
    • Nicholas Heath
    • Michael Herf
    • Sebastian Hahn
    • Savg He
    • Mark Heily
    • Maxime Henrion
    • Michael Herf
    • Greg Hewgill
    • Andrew Hochhaus
    • Aaron Hopkins
    • Tani Hosokawa
    • Jamie Iles
    • Xiuqiang Jiang
    • Claudio Jeker
    • Evan Jones
    • Marcin Juszkiewicz
    • George Kadianakis
    • Makoto Kato
    • Phua Keat
    • Azat Khuzhin
    • Alexander Klauer
    • Kevin Ko
    • Brian Koehmstedt
    • Marko Kreen
    • Ondřej Kuzník
    • Valery Kyholodov
    • Ross Lagerwall
    • Scott Lamb
    • Christopher Layne
    • Adam Langley
    • Graham Leggett
    • Volker Lendecke
    • Philip Lewis
    • Zhou Li
    • David Libenzi
    • Yan Lin
    • Moshe Litvin
    • Simon Liu
    • Mitchell Livingston
    • Hagne Mahre
    • Lubomir Marinov
    • Abilio Marques
    • Nicolas Martyanoff
    • Abel Mathew
    • Nick Mathewson
    • James Mansion
    • Nicholas Marriott
    • Andrey Matveev
    • Caitlin Mercer
    • Dagobert Michelsen
    • Andrea Montefusco
    • Mansour Moufid
    • Mina Naguib
    • Felix Nawothnig
    • Trond Norbye
    • Linus Nordberg
    • Richard Nyberg
    • Jon Oberheide
    • John Ohl
    • Phil Oleson
    • Alexey Ozeritsky
    • Dave Pacheco
    • Derrick Pallas
    • Tassilo von Parseval
    • Catalin Patulea
    • Patrick Pelletier
    • Simon Perreault
    • Dan Petro
    • Pierre Phaneuf
    • Amarin Phaosawasdi
    • Ryan Phillips
    • Dimitre Piskyulev
    • Pavel Plesov
    • Jon Poland
    • Roman Puls
    • Nate R
    • Robert Ransom
    • Balint Reczey
    • Bert JW Regeer
    • Nate Rosenblum
    • Peter Rosin
    • Maseeb Abdul Qadir
    • Wang Qin
    • Alex S
    • Gyepi Sam
    • Hanna Schroeter
    • Ralf Schmitt
    • Mike Smellie
    • Steve Snyder
    • Nir Soffer
    • Dug Song
    • Dongsheng Song
    • Hannes Sowa
    • Joakim Soderberg
    • Joseph Spadavecchia
    • Kevin Springborn
    • Harlan Stenn
    • Andrew Sweeney
    • Ferenc Szalai
    • Brodie Thiesfield
    • Jason Toffaletti
    • Brian Utterback
    • Gisle Vanem
    • Bas Verhoeven
    • Constantine Verutin
    • Colin Watt
    • Zack Weinberg
    • Jardel Weyrich
    • Jay R. Wren
    • Zack Weinberg
    • Mobai Zhang
    • Alejo
    • Alex
    • Taral
    • propanbutan
    • masksqwe
    • mmadia
    • yangacer

    If we have forgotten your name, please contact us.