Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

curl enters busy loop when POSTing HTTP/2 to IBM Cloud using digest auth #11892

Closed
OlekMazur opened this issue Sep 19, 2023 · 3 comments
Closed

curl enters busy loop when POSTing HTTP/2 to IBM Cloud using digest auth #11892

OlekMazur opened this issue Sep 19, 2023 · 3 comments
Assignees
@bagder
Labels
authentication build

Comments

@OlekMazur
Copy link

I did this

I did the same query as in #11194 and #11485, and found a regression in 8.3.0 compared to 8.2.1.
This time it's neither timeout nor connection reset but busy loop after getting 401.
Full output:

} [5 bytes data]
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
} [512 bytes data]
* TLSv1.3 (IN), TLS handshake, Server hello (2):
{ [122 bytes data]
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
{ [19 bytes data]
* TLSv1.3 (IN), TLS handshake, Certificate (11):
{ [4006 bytes data]
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
{ [264 bytes data]
* TLSv1.3 (IN), TLS handshake, Finished (20):
{ [52 bytes data]
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
} [1 bytes data]
* TLSv1.3 (OUT), TLS handshake, Finished (20):
} [52 bytes data]
> POST /api/v1/<my_secret_api_endpoint> HTTP/2
> Host: eu-gb.functions.appdomain.cloud
> User-Agent: curl/8.3.0
> Accept: */*
> Content-Type: text/csv
> Content-Length: 13
> 
} [13 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
* TLSv1.3 (IN), TLS handshake, Newsession Ticket (4):
{ [57 bytes data]
< HTTP/2 401 
< date: Tue, 19 Sep 2023 20:40:58 GMT
< content-length: 0
< x-request-id: XXX
< access-control-allow-origin: *
< access-control-allow-methods: OPTIONS, GET, DELETE, POST, PUT, HEAD, PATCH
< access-control-allow-headers: Authorization, Origin, X-Requested-With, Content-Type, Accept, User-Agent
< x-openwhisk-activation-id: XXX

... and curl process starts hogging CPU seemingly endlessly.

I expected the following

No response

curl/libcurl version

curl 8.3.0 (x86_64-pc-linux-gnu) libcurl/8.3.0 OpenSSL/3.0.9 zlib/1.2.13 brotli/1.0.9 zstd/1.5.5 nghttp2/1.52.0
Release-Date: 2023-09-13
Protocols: http https imap imaps smtp smtps
Features: AsynchDNS brotli HTTP2 HTTPS-proxy Largefile libz SSL threadsafe zstd

operating system

Linux 6.4.13-200.fc38.x86_64 #1 SMP PREEMPT_DYNAMIC Wed Aug 30 17:07:31 UTC 2023 x86_64 GNU/Linux
@OlekMazur
Copy link
Author

OlekMazur commented Sep 19, 2023
edited

Curl enters the busy loop inside Curl_http_input_auth() within while(*auth) { ... }.
The regression seems to be caused by commit e92edfb.
Newly added #ifndefs may throw away the code which was previously right after "else" in lib/http.c:1111 (in case only digest auth is enabled).
This causes the code which jumps over next comma (line 1145) to be compiled under "else" from line 1111, what was surely not intended. Therefore the loop never moves the "auth" pointer further.
To confirm that, I added empty statement "{ }" as a possible workaround between last #endif and "while" (before line 1144) and it fixed the problem.
So the problem isn't related to HTTP/2 but to --disable-bearer-auth; disabling bearer auth leaves unwanted "else" right before the code which advances the loop further.
Strictly speaking, since --disable-bearer-auth is an option introduced in 8.3.0, maybe I shouldn't call this a regression...

@bagder bagder self-assigned this Sep 20, 2023
bagder added a commit that referenced this issue Sep 20, 2023
@bagder
http: fix CURL_DISABLE_BEARER_AUTH breakage
5da1293 
When bearer auth was disabled, the if/else logic got wrong and caused
problems.

Follow-up to e92edfb
Fixes #11892
Reported-by: Aleksander Mazur
@bagder bagder mentioned this issue Sep 20, 2023
Closed
@bagder
Copy link
Member

bagder commented Sep 20, 2023

@OlekMazur after reading the code again I can only agree with you. I made #11895 as an attempted fix. It would be great if you can just double-check that I got it right.

@bagder bagder closed this as completed in 0d3956b Sep 20, 2023
@OlekMazur
Copy link
Author

I confirm that the fix works for me.

ptitSeb pushed a commit to wasix-org/curl that referenced this issue Sep 25, 2023
@bagder @ptitSeb
http: fix CURL_DISABLE_BEARER_AUTH breakage
18b2403 
When bearer auth was disabled, the if/else logic got wrong and caused
problems.

Follow-up to e92edfb
Fixes curl#11892
Reported-by: Aleksander Mazur
Closes curl#11895
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@bagder bagder

Labels
authentication build
Milestone
No milestone
Development

Successfully merging a pull request may close this issue.

http: fix CURL_DISABLE_BEARER_AUTH breakage curl/curl
2 participants
@bagder @OlekMazur