New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Timeout can result in segv in Curl_multiuse_state with nss #8341
Comments
bagder
added a commit
that referenced
this issue
Jan 28, 2022
It gets called because of the call to PR_Recv() done to attempt to avoid RST on the TCP connection. This is NSS though so documentation for this is nowhere to be found, why I opt to side-step this by disabling NPN and ALPN when the connection is shutting down. Reported-by: Eric Musser Fixes #8341
I believe #8342 should fix this. Any chance you can try that out and verify that it truly does? |
sfc-gh-emusser
pushed a commit
to sfc-gh-emusser/curl
that referenced
this issue
Jan 28, 2022
It gets called because of the call to PR_Recv() done to attempt to avoid RST on the TCP connection. This is NSS though so documentation for this is nowhere to be found, why I opt to side-step this by disabling NPN and ALPN when the connection is shutting down. Reported-by: Eric Musser Fixes curl#8341
Hi Daniel, I've confirmed the issues goes away. Thanks for the incredible turnaround time! |
bagder
added a commit
that referenced
this issue
Jan 28, 2022
The callback gets called because of the call to PR_Recv() done to attempt to avoid RST on the TCP connection. The conn->bundle pointer is already cleared at this point so avoid dereferencing it. Reported-by: Eric Musser Fixes #8341
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
I did this
Using the attached modified curl example program a segv is regularly seen in Curl_multiuse_state when a timeout is forced. This is with NSS (version 3.68.1 RTM). With curl debug assertions enabled the following error is instead emitted:
multi.c:3486: Curl_multiuse_state: Assertion `conn->bundle' failed.
curl-nss-crash.c.txt
The callstack of the assertion failure / crash is:
and appears to be due to this change: #7095 which reads any pending close notify alert prior to closing a connection. If there is an issue in how we are calling curl or curl_multi please let us know!
I expected the following
It not to crash.
curl/libcurl version
curl-7_78_0
[curl -V output]
curl 7.78.0-DEV (x86_64-unknown-linux-gnu) libcurl/7.78.0-DEV NSS/3.67 zlib/1.2.7 c-ares/1.17.2 Release-Date: [unreleased] Protocols: dict file ftp ftps gopher gophers http https imap imaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp Features: alt-svc AsynchDNS Debug HSTS HTTPS-proxy IPv6 Largefile libz NTLM NTLM_WB SSL TrackMemory UnixSockets
operating system
Linux xxxxxxx 3.10.0-1160.49.1.el7.x86_64 #1 SMP Tue Nov 30 15:51:32 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: