Fix bug with libcurl timeouts.

aarond10 · aarond10 · commit fa05dcfc46ff · 2021-05-15T15:49:58.000+10:00
It's possible that libcurl disables a timer by requesting timeout_ms=-1.
It doesn't seem to expect IO to be processed at this time and I managed to
trigger a once-off valgrind crash with a double-free as a result.
diff --git a/src/dns_poller.c b/src/dns_poller.c
@@ -95,7 +95,8 @@ static void ares_cb(void *arg, int status, int __attribute__((unused)) timeouts,
 static ev_tstamp get_timeout(dns_poller_t *d)
 {
     static struct timeval max_tv = {.tv_sec = 5, .tv_usec = 0};
-    struct timeval tv, *tvp = ares_timeout(d->ares, &max_tv, &tv);
+    struct timeval tv;
+    struct timeval *tvp = ares_timeout(d->ares, &max_tv, &tv);
     ev_tstamp after = tvp->tv_sec + tvp->tv_usec * 1e-6;
     return after ? after : 0.1;
 }
diff --git a/src/https_client.c b/src/https_client.c
@@ -1,10 +1,11 @@
+#include <ctype.h>         // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <errno.h>         // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <ev.h>            // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <math.h>          // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <netinet/in.h>    // NOLINT(llvmlibc-restrict-system-libc-headers)
+#include <stdio.h>         // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <string.h>        // NOLINT(llvmlibc-restrict-system-libc-headers)
 #include <sys/socket.h>    // NOLINT(llvmlibc-restrict-system-libc-headers)
-#include <ctype.h>
 
 #include "https_client.h"
 #include "logging.h"
@@ -203,7 +204,7 @@ static int https_fetch_ctx_process_response(https_client_t *client,
       ELOG("CURLINFO_CONTENT_TYPE: %s", curl_easy_strerror(res));
     } else {
       if (str_resp == NULL ||
-          strncmp(str_resp, DOH_CONTENT_TYPE, sizeof(DOH_CONTENT_TYPE) - 1)) {  // at least, start with it
+          strncmp(str_resp, DOH_CONTENT_TYPE, sizeof(DOH_CONTENT_TYPE) - 1) != 0) {  // at least, start with it
         ELOG("Invalid response Content-Type: %s", str_resp ? str_resp : "UNSET");
         faulty_response = 1;
       }
@@ -216,7 +217,7 @@ static int https_fetch_ctx_process_response(https_client_t *client,
       ELOG("CURLINFO_REDIRECT_URL: %s", curl_easy_strerror(res));
     } else if (str_resp != NULL) {
       ELOG("Request would be redirected to: %s", str_resp);
-      if (strcmp(str_resp, client->opt->resolver_url)) {
+      if (strcmp(str_resp, client->opt->resolver_url) != 0) {
         ELOG("Please update Resolver URL to avoid redirection!");
       }
     }
@@ -421,12 +422,10 @@ static int multi_timer_cb(CURLM __attribute__((unused)) *multi,
                           long timeout_ms, void *userp) {
   https_client_t *c = (https_client_t *)userp;
   ev_timer_stop(c->loop, &c->timer);
-  if (timeout_ms > 0) {
+  if (timeout_ms >= 0) {
     // NOLINTNEXTLINE(clang-analyzer-security.insecureAPI.DeprecatedOrUnsafeBufferHandling)
     ev_timer_init(&c->timer, timer_cb, timeout_ms / 1000.0, 0);
     ev_timer_start(c->loop, &c->timer);
-  } else {
-    timer_cb(c->loop, &c->timer, 0);
   }
   return 0;
 }

Original file line number	Diff line number	Diff line change
`@@ -95,7 +95,8 @@ static void ares_cb(void *arg, int status, int __attribute__((unused)) timeouts,`
`95`	`95`	`static ev_tstamp get_timeout(dns_poller_t *d)`
`96`	`96`	`{`
`97`	`97`	`static struct timeval max_tv = {.tv_sec = 5, .tv_usec = 0};`
`98`		`- struct timeval tv, *tvp = ares_timeout(d->ares, &max_tv, &tv);`
	`98`	`+ struct timeval tv;`
	`99`	`+ struct timeval *tvp = ares_timeout(d->ares, &max_tv, &tv);`
`99`	`100`	`ev_tstamp after = tvp->tv_sec + tvp->tv_usec * 1e-6;`
`100`	`101`	`return after ? after : 0.1;`
`101`	`102`	`}`