cURL / Mailing Lists / curl-library / Single Mail

curl-library

Issue with Curl_checkheaders(data, "User-Agent:")

From: Alex Powell <alexp700_at_gmail.com>
Date: Tue, 26 Feb 2013 16:46:03 +0000

Hi,

I've been building curl with SSL, on android have have been hitting
some strange errors. POSTs and GETs in HTTPS largely work, but when I
make a post in a certain sequence I get a bomb out on
curl_checkheaders. This looks like a similar thread that ran out
regarding a crash in Curl_raw_nequal.

I've added logging code to the library, and it looks like the data is
corrupted in Curl_checkHeaders.

I have a quite stripped down libcurl (following the options given
around the web on various postings to just have http and https). Http
is working fine, so its only the HTTPS that is going wrong.

the stack trace is this:

#0 0x6977bf32 in Curl_raw_nequal () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so
#1 0x6977f51c in Curl_checkheaders () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so
#2 0x69780418 in Curl_http () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so
#3 0x697876e8 in Curl_do () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so
#4 0x697796f2 in multi_runsingle () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so
#5 0x69779d70 in curl_multi_perform () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so
#6 0x69776a4c in curl_easy_perform () from
/Users/alexp700/Dev/TimingApp2013/Android/project/obj/local/armeabi/libcommonc.so

And the log seems to imply the connection is being reused:

02-26 16:27:11.253: I/my_trace:119 39.038(24650): my_trace:119 39.038
== Info: easy handled already used in multi handle

However it gets a way along the process with TLS handshaking:

02-26 16:27:11.433: I/my_trace:119 39.214(24650): my_trace:119 39.214
== Info: Connected to api.twitter.com (199.59.148.87) port 443 (#11)
02-26 16:27:11.433: I/my_trace:119 39.215(24650): my_trace:119 39.215
== Info: SSLv3, TLS handshake, Client hello (1):
02-26 16:27:11.623: I/my_trace:119 39.402(24650): my_trace:119 39.402
== Info: SSLv3, TLS handshake, Server hello (2):
02-26 16:27:11.623: I/my_trace:119 39.409(24650): my_trace:119 39.409
== Info: SSLv3, TLS handshake, Server finished (14):
02-26 16:27:11.633: I/my_trace:119 39.413(24650): my_trace:119 39.413
== Info: SSLv3, TLS change cipher, Client hello (1):
02-26 16:27:11.633: I/my_trace:119 39.415(24650): my_trace:119 39.415
== Info: SSLv3, TLS handshake, Finished (20):
02-26 16:27:11.823: I/my_trace:119 39.602(24650): my_trace:119 39.602
== Info: SSLv3, TLS change cipher, Client hello (1):
02-26 16:27:11.823: I/dump:105 39.603(24650): dump:105 39.603 <= Recv
SSL data, 0000000001 bytes (0x00000001)
02-26 16:27:11.823: I/my_trace:119 39.603(24650): my_trace:119 39.603
== Info: SSLv3, TLS handshake, Finished (20):
02-26 16:27:11.823: I/dump:105 39.604(24650): dump:105 39.604 <= Recv
SSL data, 0000000016 bytes (0x00000010)
02-26 16:27:11.823: I/my_trace:119 39.604(24650): my_trace:119 39.604
== Info: SSL connection using RC4-SHA
02-26 16:27:11.823: I/my_trace:119 39.604(24650): my_trace:119 39.604
== Info: Server certificate:
02-26 16:27:11.823: I/my_trace:119 39.604(24650): my_trace:119 39.604
== Info: subject: C=US; ST=California; L=San Francisco; O=Twitter,
Inc.; OU=Twitter Security; CN=api.twitter.com
02-26 16:27:11.823: I/my_trace:119 39.604(24650): my_trace:119 39.604
== Info: start date: 2012-05-02 00:00:00 GMT
02-26 16:27:11.823: I/my_trace:119 39.604(24650): my_trace:119 39.604
== Info: expire date: 2013-05-03 23:59:59 GMT
02-26 16:27:11.823: I/my_trace:119 39.605(24650): my_trace:119 39.605
== Info: subjectAltName: api.twitter.com matched
02-26 16:27:11.823: I/my_trace:119 39.605(24650): my_trace:119 39.605
== Info: issuer: C=US; O=VeriSign, Inc.; OU=VeriSign Trust Network;
OU=Terms of use at https://www.verisign.com/rpa (c)09; CN=VeriSign
Class 3 Secure Server CA - G2
02-26 16:27:11.823: I/my_trace:119 39.605(24650): my_trace:119 39.605
== Info: SSL certificate verify result: unable to get local issuer
certificate (20), continuing anyway.
02-26 16:27:11.823: I/CURL:(24650):
02-26 16:27:11.823: I/CURL:(24650): looking at header
02-26 16:27:11.823: I/CURL(24650):
02-26 16:27:11.823: I/CURL(24650): thisheader:User-Agent:, �\ ��\ xDyD����
02-26 16:27:11.823: I/CURL(24650):
02-26 16:27:11.823: I/CURL(24650): thisheader:User-Agent:,
T� @T� @\� @\� @� �d�� ehL ehL e�E e�E e��de��deX= eX=
e�o�d�o�d�\�d`��dؒ�dؒ�d � d � d�m e�m e�8]c�8]c���d���d��de��de = e =
e�j d�j dPV dPV d8n�c8n�c���d���d�
�d�
�d \�d \�d�
�d�
�d�� d�� d

... at which point it crashes. Any clue would be much appreciated. I
am wondering if its another thread fighting, though the curl handle is
separate for this request. Is there a flag that might mean curl can
only make one request I'm missing?

Best regards,

Alex

-- 
Alex Powell
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
Received on 2013-02-26