[GNUnet-SVN] [gnurl] 03/125: SSL: Avoid magic allocation of SSL backend

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnurl] 03/125: SSL: Avoid magic allocation of SSL backend

From:	gnunet
Subject:	[GNUnet-SVN] [gnurl] 03/125: SSL: Avoid magic allocation of SSL backend specific data
Date:	Sun, 21 Jan 2018 23:40:58 +0100

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 9194a9959bedeeb54d935ddf9d49361ead5f922a
Author: Johannes Schindelin <address@hidden>
AuthorDate: Tue Nov 28 01:21:59 2017 +0100

    SSL: Avoid magic allocation of SSL backend specific data
    
    Originally, my idea was to allocate the two structures (or more
    precisely, the connectdata structure and the four SSL backend-specific
    strucutres required for ssl[0..1] and proxy_ssl[0..1]) in one go, so
    that they all could be free()d together.
    
    However, getting the alignment right is tricky. Too tricky.
    
    So let's just bite the bullet and allocate the SSL backend-specific
    data separately.
    
    As a consequence, we now have to be very careful to release the memory
    allocated for the SSL backend-specific data whenever we release any
    connectdata.
    
    Signed-off-by: Johannes Schindelin <address@hidden>
    
    Closes #2119
---
 lib/url.c     | 49 ++++++++++++++++++++++++-------------------------
 lib/urldata.h |  3 +++
 2 files changed, 27 insertions(+), 25 deletions(-)

diff --git a/lib/url.c b/lib/url.c
index 47f69c9f1..0cc77f9fa 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -716,6 +716,10 @@ static void conn_free(struct connectdata *conn)
   Curl_safefree(conn->unix_domain_socket);
 #endif
 
+#ifdef USE_SSL
+  Curl_safefree(conn->ssl_extra);
+#endif
+
   free(conn); /* free all the connection oriented data */
 }
 
@@ -1793,38 +1797,27 @@ static void llist_dtor(void *user, void *element)
  */
 static struct connectdata *allocate_conn(struct Curl_easy *data)
 {
-  struct connectdata *conn;
-  size_t connsize = sizeof(struct connectdata);
-
-#ifdef USE_SSL
-/* SSLBK_MAX_ALIGN: The max byte alignment a CPU would use */
-#define SSLBK_MAX_ALIGN 32
-  /* The SSL backend-specific data (ssl_backend_data) objects are allocated as
-     part of connectdata at the end. To ensure suitable alignment we will
-     assume a maximum of SSLBK_MAX_ALIGN for alignment. Since calloc returns a
-     pointer suitably aligned for any variable this will ensure the
-     ssl_backend_data array has proper alignment, even if that alignment turns
-     out to be less than SSLBK_MAX_ALIGN. */
-  size_t paddingsize = sizeof(struct connectdata) % SSLBK_MAX_ALIGN;
-  size_t alignsize = paddingsize ? (SSLBK_MAX_ALIGN - paddingsize) : 0;
-  size_t sslbksize = Curl_ssl->sizeof_ssl_backend_data;
-  connsize += alignsize + (4 * sslbksize);
-#endif
-
-  conn = calloc(1, connsize);
+  struct connectdata *conn = calloc(1, sizeof(struct connectdata));
   if(!conn)
     return NULL;
 
 #ifdef USE_SSL
-  /* Point to the ssl_backend_data objects at the end of connectdata.
+  /* The SSL backend-specific data (ssl_backend_data) objects are allocated as
+     a separate array to ensure suitable alignment.
      Note that these backend pointers can be swapped by vtls (eg ssl backend
      data becomes proxy backend data). */
   {
-    char *end = (char *)conn + connsize;
-    conn->ssl[0].backend = ((void *)(end - (4 * sslbksize)));
-    conn->ssl[1].backend = ((void *)(end - (3 * sslbksize)));
-    conn->proxy_ssl[0].backend = ((void *)(end - (2 * sslbksize)));
-    conn->proxy_ssl[1].backend = ((void *)(end - (1 * sslbksize)));
+    size_t sslsize = Curl_ssl->sizeof_ssl_backend_data;
+    char *ssl = calloc(4, sslsize);
+    if(!ssl) {
+      free(conn);
+      return NULL;
+    }
+    conn->ssl_extra = ssl;
+    conn->ssl[0].backend = (void *)ssl;
+    conn->ssl[1].backend = (void *)(ssl + sslsize);
+    conn->proxy_ssl[0].backend = (void *)(ssl + 2 * sslsize);
+    conn->proxy_ssl[1].backend = (void *)(ssl + 3 * sslsize);
   }
 #endif
 
@@ -1953,6 +1946,9 @@ static struct connectdata *allocate_conn(struct Curl_easy 
*data)
 
   free(conn->master_buffer);
   free(conn->localdev);
+#ifdef USE_SSL
+  free(conn->ssl_extra);
+#endif
   free(conn);
   return NULL;
 }
@@ -4438,6 +4434,9 @@ static CURLcode create_conn(struct Curl_easy *data,
     conn_temp->inuse = TRUE; /* mark this as being in use so that no other
                                 handle in a multi stack may nick it */
     reuse_conn(conn, conn_temp);
+#ifdef USE_SSL
+    free(conn->ssl_extra);
+#endif
     free(conn);          /* we don't need this anymore */
     conn = conn_temp;
     *in_connect = conn;
diff --git a/lib/urldata.h b/lib/urldata.h
index edd1fd9ac..2052a0299 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -860,6 +860,9 @@ struct connectdata {
 #endif /* USE_RECV_BEFORE_SEND_WORKAROUND */
   struct ssl_connect_data ssl[2]; /* this is for ssl-stuff */
   struct ssl_connect_data proxy_ssl[2]; /* this is for proxy ssl-stuff */
+#ifdef USE_SSL
+  void *ssl_extra; /* separately allocated backend-specific data */
+#endif
   struct ssl_primary_config ssl_config;
   struct ssl_primary_config proxy_ssl_config;
   bool tls_upgraded;

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnurl] 06/125: RELEASE-NOTES: synced with af8cc7a69, (continued)
- [GNUnet-SVN] [gnurl] 06/125: RELEASE-NOTES: synced with af8cc7a69, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 13/125: lib582: do not verify host for SFTP, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 16/125: libssh: fix minor static code analyzer nits, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 18/125: libssh: corrected use of sftp_statvfs() in SSH_SFTP_QUOTE_STATVFS, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 14/125: travis: use pip2 instead of pip, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 15/125: openssl: pkcs12 is supported by boringssl, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 19/125: RESOURCES: update spec names, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 21/125: ssh-libssh.c: please checksrc, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 22/125: libssh2: remove dead code from SSH_SFTP_QUOTE, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 08/125: libssh2: send the correct CURLE error code on scp file not found, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 03/125: SSL: Avoid magic allocation of SSL backend specific data, gnunet <=
- [GNUnet-SVN] [gnurl] 32/125: URL: tolerate backslash after drive letter for FILE:, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 17/125: libssh: no need to call sftp_get_error as ssh_get_error is sufficient, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 28/125: conncache: only allow multiplexing within same multi handle, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 40/125: curl: limit -# update frequency for unknown total size, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 31/125: tests: added netinet/in6.h includes in test servers, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 41/125: configure: add AX_CODE_COVERAGE only if using gcc, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 36/125: openldap: fix checksrc nits, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 49/125: RESOLVE: output verbose text when trying to set a duplicate name, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 44/125: openssl: improve data-pending check for https proxy, gnunet, 2018/01/21
- [GNUnet-SVN] [gnurl] 29/125: curl-config: add --ssl-backends, gnunet, 2018/01/21

Prev by Date: [GNUnet-SVN] [gnurl] 08/125: libssh2: send the correct CURLE error code on scp file not found
Next by Date: [GNUnet-SVN] [gnurl] 32/125: URL: tolerate backslash after drive letter for FILE:
Previous by thread: [GNUnet-SVN] [gnurl] 08/125: libssh2: send the correct CURLE error code on scp file not found
Next by thread: [GNUnet-SVN] [gnurl] 32/125: URL: tolerate backslash after drive letter for FILE:
Index(es):
- Date
- Thread