fixes

Various things that Sai identified needed fixing

Author: lws-team

.sai.json

@@ -155,6 +155,10 @@
 		"lws_system": {
 			"cmake":	"-DLWS_SUPPRESS_DEPRECATED_API_WARNINGS=1 -DLWS_WITH_ACME=1 -DLWS_WITH_MINIMAL_EXAMPLES=1 -DCMAKE_BUILD_TYPE=RELEASE -DLWS_WITH_GENCRYPTO=1 -DLWS_WITH_JOSE=1 -DLWS_WITH_SYS_ASYNC_DNS=1 -DLWS_WITH_SYS_NTPCLIENT=1"
 		},
+		"async_dnssec": {
+			"cmake":	"-DLWS_SUPPRESS_DEPRECATED_API_WARNINGS=1 -DCMAKE_BUILD_TYPE=DEBUG -DLWS_WITH_GENCRYPTO=1 -DLWS_WITH_JOSE=1 -DLWS_WITH_SYS_ASYNC_DNS=1 -DLWS_WITH_SYS_ASYNC_DNS_DNSSEC=1"
+		},
+
 		"secure-streams": {
 			"cmake":	"-DLWS_WITH_SECURE_STREAMS=1 -DLWS_WITH_MINIMAL_EXAMPLES=1",
 			"platforms":	"w11/x86_64-amd/msvc,netbsd/aarch64BE-bcm2837-a53/gcc"
@@ -254,14 +258,14 @@
 		# only applies to the coverity builder, and on pushes to "coverity" branch
 
 		"coverity": {
-			"cmake":	"-DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_CGI=1 -DLWS_IPV6=1 -DLWS_WITH_HTTP_PROXY=1 -DLWS_WITH_RANGES=1 -DLWS_WITH_THREADPOOL=1 -DLWS_WITH_CBOR=1 -DLWS_WITH_JOSE=1 -DLWS_WITH_COSE=1 -DLWS_WITH_SYS_DHCP_CLIENT=1 -DLWS_WITH_FTS=1 -DLWS_WITH_STRUCT_SQLITE3=1 -DLWS_ROLE_DBUS=1 -DLWS_WITH_SYS_ASYNC_DNS=1 -DLWS_WITH_SYS_FAULT_INJECTION=1 -DLWS_WITH_TLS_JIT_TRUST=1 -DLWS_ROLE_MQTT=1 -DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_EVENT_LIBS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_STRUCT_JSON=1 -DLWS_WITH_LWS_DSH=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1",
+			"cmake":	"-DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_CGI=1 -DLWS_IPV6=1 -DLWS_WITH_HTTP_PROXY=1 -DLWS_WITH_RANGES=1 -DLWS_WITH_THREADPOOL=1 -DLWS_WITH_CBOR=1 -DLWS_WITH_JOSE=1 -DLWS_WITH_COSE=1 -DLWS_WITH_SYS_DHCP_CLIENT=1 -DLWS_WITH_FTS=1 -DLWS_WITH_STRUCT_SQLITE3=1 -DLWS_ROLE_DBUS=1 -DLWS_WITH_SYS_ASYNC_DNS=1 -DLWS_WITH_SYS_ASYNC_DNS_DNSSEC=1 -DLWS_WITH_WEBRTC=1 -DLWS_WITH_DHT=1 -DLWS_WITH_ASYNC_QUEUE=1  -DLWS_WITH_SYS_FAULT_INJECTION=1 -DLWS_WITH_TLS_JIT_TRUST=1 -DLWS_ROLE_MQTT=1 -DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_EVENT_LIBS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_STRUCT_JSON=1 -DLWS_WITH_LWS_DSH=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1",
 			"platforms":	"none, coverity/x86_64/gcc",
 			"cpack":	"export STAMP=`git log -1 --pretty=format:%h` && rm -f libwebsockets.tgz && tar czvf libwebsockets.tgz cov-int && script -q -c \"cat /etc/coverity/secrets.sh | lws-minimal-http-client-post-form https://scan.coverity.com:443/builds?project=warmcat%2Flibwebsockets --form file=@libwebsockets.tgz --form version=${STAMP} --form 'description=lws qa'\" /dev/null",
 			"branches":	"coverity"
 		},
 		# awkward, we also want to test mbedtls, but coverity blocks on SSL build needing manual intervention
 		"coverity-mbedtls": {
-			"cmake":	"-DLWS_WITH_MBEDTLS=1 -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_CGI=1 -DLWS_IPV6=1 -DLWS_WITH_HTTP_PROXY=1 -DLWS_WITH_RANGES=1 -DLWS_WITH_THREADPOOL=1 -DLWS_WITH_CBOR=1 -DLWS_WITH_JOSE=1 -DLWS_WITH_COSE=1 -DLWS_WITH_SYS_DHCP_CLIENT=1 -DLWS_WITH_FTS=1 -DLWS_WITH_STRUCT_SQLITE3=1 -DLWS_ROLE_DBUS=1 -DLWS_WITH_SYS_ASYNC_DNS=1 -DLWS_WITH_SYS_FAULT_INJECTION=1 -DLWS_WITH_TLS_JIT_TRUST=1 -DLWS_ROLE_MQTT=1 -DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_EVENT_LIBS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_STRUCT_JSON=1 -DLWS_WITH_LWS_DSH=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1",
+			"cmake":	"-DLWS_WITH_MBEDTLS=1 -DLWS_WITHOUT_EXTENSIONS=0 -DLWS_WITH_CGI=1 -DLWS_IPV6=1 -DLWS_WITH_HTTP_PROXY=1 -DLWS_WITH_RANGES=1 -DLWS_WITH_THREADPOOL=1 -DLWS_WITH_CBOR=1 -DLWS_WITH_JOSE=1 -DLWS_WITH_COSE=1 -DLWS_WITH_SYS_DHCP_CLIENT=1 -DLWS_WITH_FTS=1 -DLWS_WITH_STRUCT_SQLITE3=1 -DLWS_ROLE_DBUS=1 -DLWS_WITH_SYS_ASYNC_DNS=1 -DLWS_WITH_SYS_ASYNC_DNS_DNSSEC=1 -DLWS_WITH_WEBRTC=1 -DLWS_WITH_DHT=1  -DLWS_WITH_ASYNC_QUEUE=1 -DLWS_WITH_SYS_FAULT_INJECTION=1 -DLWS_WITH_TLS_JIT_TRUST=1 -DLWS_ROLE_MQTT=1 -DLWS_ROLE_RAW_PROXY=1 -DLWS_WITH_EVENT_LIBS=1 -DLWS_WITH_LIBUV=1 -DLWS_WITH_STRUCT_JSON=1 -DLWS_WITH_LWS_DSH=1 -DLWS_WITH_SECURE_STREAMS_PROXY_API=1",
 			"platforms":	"none, coverity/x86_64/gcc",
 			"cpack":	"export STAMP=`git log -1 --pretty=format:%h` && rm -f libwebsockets.tgz && tar czvf libwebsockets.tgz cov-int && script -q -c \"cat /etc/coverity/secrets.sh | lws-minimal-http-client-post-form https://scan.coverity.com:443/builds?project=warmcat%2Flibwebsockets --form file=@libwebsockets.tgz --form version=${STAMP} --form 'description=lws qa'\" /dev/null",
 			"branches":	"coverity"

changelog

@@ -1,9 +1,49 @@
 Changelog
 ---------
 
+Development
+===========
+
+ - Async DNS: support DNSSEC
+ - Async DNS: support tcp fallback
+ - Support authoritative DNS server, like nsd, using own-signed zone files
+ - Support authoritative DNS signing (zone file -> DNSSEC ready signed zone
+ file)
+ - LWS_WITH_ASYNC_QUEUE: Makes slow tls negotiation and read / write happen
+ via a queue + worker threads, instead of on the main event loop.  This
+ reduces the amount of blocking events delaying the event loop
+ - LWS_WITH_LATENCY: support detailed event loop blocking measurements and a
+ plugin to monitor event loop performace dynamically; lists worst blockers by
+ protocol and actual delays
+ - Support a headless camera participant to WebRTC conference
+ - Support WebRTC conferencing serving / mixing over h.264 up to 1080p
+ (and if supported in hw, AV1)
+ - TLS: Support DTLS accross all the libraries
+ - LWS_WITH_MNEMONIC support for mnemonic key backup
+ - CRC32 is now provided
+ - Generic HMAC now supports SHA-1
+ - vhost: protocols from plugins are instantiated first, and protocols now
+ have a priority field to control who gets instantiated before who
+ additionally.  This simplifies basing on plugin protocols.
+ - lws_mutex is now public, platform-independent defines
+ - Client: improve connect retries by iterating through DNS results
+ - Contributors: AI isn't necessarily a problem, but we want to know which AI
+ - ipv6: now built by default
+ - TLS: LWS_WITH_GNUTLS: Support building against GnuTLS for tls + gencrypto
+ - LWS_WITH_DHT: generic Kademlia DHT with pluggable additional verbs and lws
+ UDP integratin
+ - lws_captcha_ratelimit plugin can force generic captcha by introducing
+ multiple mount order on same mounpoint, supports whitelisting netblocks
+ - Context creation: Sumarize OpenSSL library version available if in use
+ - JWS: support LWS_JOSE_ENCTYPE_NONE
+ - TLS: LWS_WITH_SCHANNEL: Support building against Schannel, the windows
+ native tls library for tls and gencrypto
+ - SS: Support urlargs on server side
+ - lhp: various improvements (still not very usable)
+
 v4.5.0
 ======
-
+ 
  - fixes from coverity and Nozomi Networks
  - fix for mountpoint headers being sticky for all following mounts too
  - b64 apis: fixes and new api tests

include/libwebsockets.h

@@ -175,6 +175,16 @@ typedef int suseconds_t;
 #include <unistd.h>
 
 #if defined (LWS_PLAT_FREERTOS)
+#if defined(LWS_AMAZON_RTOS)
+#include <FreeRTOS.h>
+#include <semphr.h>
+#include <task.h>
+#else
+#include <freertos/FreeRTOS.h>
+#include <freertos/semphr.h>
+#include <freertos/task.h>
+#endif
+
 typedef SemaphoreHandle_t lws_mutex_t;
 #define lws_mutex_init(x)	x = xSemaphoreCreateMutex()
 #define lws_mutex_destroy(x)	vSemaphoreDelete(x)

include/libwebsockets/lws-dht.h

@@ -28,6 +28,7 @@
 #include <stddef.h>
 #include <stdint.h>
 #include <stdio.h>
+#include <libwebsockets/lws-genhash.h>
 
 /*! \defgroup dht Distributed Hash Table
  * ## Distributed Hash Table (DHT) API

lib/core-net/close.c

@@ -654,15 +654,6 @@ __lws_close_free_wsi(struct lws *wsi, enum lws_close_status reason,
 	if (wsi->http.buflist_post_body)
 		lws_buflist_destroy_all_segments(&wsi->http.buflist_post_body);
 #endif
-#if defined(LWS_WITH_UDP)
-	if (wsi->udp) {
-		/* confirm no sul left scheduled in wsi->udp itself */
-		lws_sul_debug_zombies(wsi->a.context, wsi->udp,
-					sizeof(*wsi->udp), "close udp wsi");
-
-		lws_free_set_NULL(wsi->udp);
-	}
-#endif
 
 	if (lws_rops_fidx(wsi->role_ops, LWS_ROPS_close_kill_connection))
 		lws_rops_func_fidx(wsi->role_ops,

lib/core-net/service.c

@@ -867,7 +867,6 @@ _lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd,
 	}
 
 	wsi->could_have_pending = 0; /* clear back-to-back write detection */
-	pt->inside_lws_service = 1;
 
 	/* okay, what we came here to do... */
 
@@ -884,7 +883,6 @@ _lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd,
 	switch (lws_rops_func_fidx(wsi->role_ops, LWS_ROPS_handle_POLLIN).
 					       handle_POLLIN(pt, wsi, pollfd)) {
 	case LWS_HPI_RET_WSI_ALREADY_DIED:
-		pt->inside_lws_service = 0;
 #if defined (_WIN32)
 		break;
 #else
@@ -915,7 +913,6 @@ _lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd,
 		 * we can't clear revents now because it'd be the wrong guy's
 		 * revents
 		 */
-		pt->inside_lws_service = 0;
 		return 1;
 	default:
 		assert(0);
@@ -945,8 +942,6 @@ _lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd,
 			lws_latency_note(pt, _role_out_start, 2000, "pollout:%dms", ms);
 	}
 #endif
-	pt->inside_lws_service = 0;
-
 	return 0;
 }
 
@@ -976,7 +971,9 @@ lws_service_fd_tsi(struct lws_context *context, struct lws_pollfd *pollfd,
 	lws_latency_cb_start(pt);
 #endif
 
+	pt->inside_lws_service = 1;
 	ret = _lws_service_fd_tsi(context, pollfd, tsi);
+	pt->inside_lws_service = 0;
 
 #if defined(LWS_WITH_LATENCY)
 	lws_latency_cb_end(pt, pn);

lib/core/adapt.c

@@ -146,7 +146,7 @@ lws_adapt_report(struct lws_adapt *a, int success, lws_usec_t us)
 	if (l->ewma_short < LWS_ADAPT_DOWNGRADE_THRESHOLD && a->active_level < a->num_levels - 1) {
 		lwsl_notice("%s: Downgrading level %d -> %d (Score: %u/%u)\n",
 			__func__, a->active_level, a->active_level + 1,
-			l->ewma_short, LWS_ADAPT_MAX_SCORE);
+			(unsigned int)l->ewma_short, (unsigned int)LWS_ADAPT_MAX_SCORE);
 
 		a->active_level++;
 		a->last_downgrade_us = us;
@@ -167,7 +167,7 @@ lws_adapt_report(struct lws_adapt *a, int success, lws_usec_t us)
 			if (a->backoff_multiplier < 1)
 				a->backoff_multiplier = 1;
 			a->last_downgrade_us = us; /* Reset the clock for the next forgiveness tier */
-			lwsl_notice("%s: Sustained stability! Reducing backoff multiplier to %u\n", __func__, a->backoff_multiplier);
+			lwsl_notice("%s: Sustained stability! Reducing backoff multiplier to %u\n", __func__, (unsigned int)a->backoff_multiplier);
 		}
 	}
 }
@@ -192,7 +192,7 @@ lws_adapt_get_level(struct lws_adapt *a)
 			if (now > a->last_downgrade_us + backoff_required) {
 				lwsl_notice("%s: Upgrading level %d -> %d (Stable for %u us)\n",
 					__func__, a->active_level, a->active_level - 1,
-					(uint32_t)(now - a->last_downgrade_us));
+					(unsigned int)(now - a->last_downgrade_us));
 
 				a->active_level--;
 				a->last_downgrade_us = now; /* So we measure forgiveness from the moment of success */

lib/misc/dht.c

@@ -26,7 +26,9 @@
 
 #include "../core/private-lib-core.h"
 #include "../core-net/private-lib-core-net.h"
+#ifndef _WIN32
 #include <arpa/inet.h>
+#endif
 #include <errno.h>
 
 // #define DHT_VERBOSE

lib/roles/http/client/client-http.c

@@ -1211,8 +1211,24 @@ lws_client_interpret_server_handshake(struct lws *wsi)
 			wsi->http.ah->frags[wsi->http.ah->frag_index[_WSI_TOKEN_CLIENT_URI]].offset = wsi->http.ah->pos;
 			wsi->http.ah->frags[wsi->http.ah->frag_index[_WSI_TOKEN_CLIENT_URI]].len = (uint16_t)(pl + 1u);
 
-			if (wsi->stash)
-				wsi->stash->cis[CIS_PATH] = wsi->http.ah->data + wsi->http.ah->pos;
+			if (wsi->stash) {
+				struct client_info_stash *ostash = wsi->stash;
+				const char *cisin[CIS_COUNT];
+				int m;
+
+				wsi->stash = NULL;
+				for (m = 0; m < CIS_COUNT; m++)
+					cisin[m] = ostash->cis[m];
+				cisin[CIS_PATH] = wsi->http.ah->data + wsi->http.ah->pos;
+				
+				if (lws_client_stash_create(wsi, cisin)) {
+					lwsl_err("%s: failed to realloc stash for redirect\n", __func__);
+					lws_free(ostash);
+					cce = "HS: stash realloc failed";
+					goto bail3;
+				}
+				lws_free(ostash);
+			}
 
 			wsi->http.ah->pos += pl + 1u;
 		}

lib/roles/listen/ops-listen.c

@@ -24,6 +24,15 @@
 
 #include <private-lib-core.h>
 
+static void
+lws_accept_pause_cb(lws_sorted_usec_list_t *sul)
+{
+	struct lws *wsi = lws_container_of(sul, struct lws, sul_validity);
+
+	if (lws_change_pollfd(wsi, 0, LWS_POLLIN))
+		lwsl_wsi_info(wsi, "fail");
+}
+
 static lws_handling_result_t
 rops_handle_POLLIN_listen(struct lws_context_per_thread *pt, struct lws *wsi,
 			  struct lws_pollfd *pollfd)
@@ -101,11 +110,33 @@ rops_handle_POLLIN_listen(struct lws_context_per_thread *pt, struct lws *wsi,
 		}
 #endif
 		if (filt.accept_fd == LWS_SOCK_INVALID) {
-			if (LWS_ERRNO == LWS_EAGAIN ||
-			    LWS_ERRNO == LWS_EWOULDBLOCK) {
+			int m = LWS_ERRNO;
+
+			if (m == LWS_EAGAIN ||
+			    m == LWS_EWOULDBLOCK) {
+				break;
+			}
+			lwsl_err("accept: errno %d\n", m);
+
+			if (
+#if defined(WSAEMFILE)
+			    m == WSAEMFILE ||
+#endif
+#if defined(EMFILE)
+			    m == EMFILE ||
+#endif
+#if defined(ENFILE)
+			    m == ENFILE ||
+#endif
+			    0) {
+				if (lws_change_pollfd(wsi, LWS_POLLIN, 0))
+					lwsl_wsi_info(wsi, "failed disable POLLIN");
+
+				lws_sul_schedule(context, 0, &wsi->sul_validity,
+						 lws_accept_pause_cb,
+						 100 * LWS_US_PER_MS);
 				break;
 			}
-			lwsl_err("accept: errno %d\n", LWS_ERRNO);
 
 			return LWS_HPI_RET_HANDLED;
 		}