From c6f2e7c0fececb8a5ecf568f72bfb712d9f40e63 Mon Sep 17 00:00:00 2001
From: Kamil Dudka <kdudka@redhat.com>
Date: Thu, 30 Jul 2015 15:27:33 +0200
Subject: [PATCH] Resolves: #1248389 - prevent dnf from crashing when using
 both FTP and HTTP

---
 0001-curl-7.43.0-f7dcc7c1.patch | 111 ++++++++++++++++++++++++++++++++
 curl.spec                       |   9 ++-
 2 files changed, 119 insertions(+), 1 deletion(-)
 create mode 100644 0001-curl-7.43.0-f7dcc7c1.patch

diff --git a/0001-curl-7.43.0-f7dcc7c1.patch b/0001-curl-7.43.0-f7dcc7c1.patch
new file mode 100644
index 0000000..ab2a62f
--- /dev/null
+++ b/0001-curl-7.43.0-f7dcc7c1.patch
@@ -0,0 +1,111 @@
+From 2f8154c11e2cc139067973e47f1ffe5a302fb89d Mon Sep 17 00:00:00 2001
+From: Kamil Dudka <kdudka@redhat.com>
+Date: Thu, 30 Jul 2015 12:01:20 +0200
+Subject: [PATCH] http: move HTTP/2 cleanup code off http_disconnect()
+
+Otherwise it would never be called for an HTTP/2 connection, which has
+its own disconnect handler.
+
+I spotted this while debugging <https://bugzilla.redhat.com/1248389>
+where the http_disconnect() handler was called on an FTP session handle
+causing 'dnf' to crash.  conn->data->req.protop of type (struct FTP *)
+was reinterpreted as type (struct HTTP *) which resulted in SIGSEGV in
+Curl_add_buffer_free() after printing the "Connection cache is full,
+closing the oldest one." message.
+
+A previously working version of libcurl started to crash after it was
+recompiled with the HTTP/2 support despite the HTTP/2 protocol was not
+actually used.  This commit makes it work again although I suspect the
+root cause (reinterpreting session handle data of incompatible protocol)
+still has to be fixed.  Otherwise the same will happen when mixing FTP
+and HTTP/2 connections and exceeding the connection cache limit.
+
+Reported-by: Tomas Tomecek
+Bug: https://bugzilla.redhat.com/1248389
+
+Upstream-commit: f7dcc7c11817f6eaee61b1cd84ffc1b2b1fcac43
+Signed-off-by: Kamil Dudka <kdudka@redhat.com>
+---
+ lib/http.c  | 25 ++-----------------------
+ lib/http2.c | 11 +++++++++++
+ 2 files changed, 13 insertions(+), 23 deletions(-)
+
+diff --git a/lib/http.c b/lib/http.c
+index a1eef81..8d5b9a4 100644
+--- a/lib/http.c
++++ b/lib/http.c
+@@ -86,7 +86,6 @@
+  * Forward declarations.
+  */
+ 
+-static CURLcode http_disconnect(struct connectdata *conn, bool dead);
+ static int http_getsock_do(struct connectdata *conn,
+                            curl_socket_t *socks,
+                            int numsocks);
+@@ -117,7 +116,7 @@ const struct Curl_handler Curl_handler_http = {
+   http_getsock_do,                      /* doing_getsock */
+   ZERO_NULL,                            /* domore_getsock */
+   ZERO_NULL,                            /* perform_getsock */
+-  http_disconnect,                      /* disconnect */
++  ZERO_NULL,                            /* disconnect */
+   ZERO_NULL,                            /* readwrite */
+   PORT_HTTP,                            /* defport */
+   CURLPROTO_HTTP,                       /* protocol */
+@@ -141,7 +140,7 @@ const struct Curl_handler Curl_handler_https = {
+   http_getsock_do,                      /* doing_getsock */
+   ZERO_NULL,                            /* domore_getsock */
+   ZERO_NULL,                            /* perform_getsock */
+-  http_disconnect,                      /* disconnect */
++  ZERO_NULL,                            /* disconnect */
+   ZERO_NULL,                            /* readwrite */
+   PORT_HTTPS,                           /* defport */
+   CURLPROTO_HTTPS,                      /* protocol */
+@@ -168,21 +167,6 @@ CURLcode Curl_http_setup_conn(struct connectdata *conn)
+   return CURLE_OK;
+ }
+ 
+-static CURLcode http_disconnect(struct connectdata *conn, bool dead_connection)
+-{
+-#ifdef USE_NGHTTP2
+-  struct HTTP *http = conn->data->req.protop;
+-  if(http) {
+-    Curl_add_buffer_free(http->header_recvbuf);
+-    http->header_recvbuf = NULL; /* clear the pointer */
+-  }
+-#else
+-  (void)conn;
+-#endif
+-  (void)dead_connection;
+-  return CURLE_OK;
+-}
+-
+ /*
+  * checkheaders() checks the linked list of custom HTTP headers for a
+  * particular header (prefix).
+diff --git a/lib/http2.c b/lib/http2.c
+index 1a2c486..eec0c9f 100644
+--- a/lib/http2.c
++++ b/lib/http2.c
+@@ -79,6 +79,7 @@ static int http2_getsock(struct connectdata *conn,
+ static CURLcode http2_disconnect(struct connectdata *conn,
+                                  bool dead_connection)
+ {
++  struct HTTP *http = conn->data->req.protop;
+   struct http_conn *c = &conn->proto.httpc;
+   (void)dead_connection;
+ 
+@@ -88,6 +89,11 @@ static CURLcode http2_disconnect(struct connectdata *conn,
+   Curl_safefree(c->inbuf);
+   Curl_hash_destroy(&c->streamsh);
+ 
++  if(http) {
++    Curl_add_buffer_free(http->header_recvbuf);
++    http->header_recvbuf = NULL; /* clear the pointer */
++  }
++
+   DEBUGF(infof(conn->data, "HTTP/2 DISCONNECT done\n"));
+ 
+   return CURLE_OK;
+-- 
+2.4.6
+
diff --git a/curl.spec b/curl.spec
index 5ebe2fe..5548d7c 100644
--- a/curl.spec
+++ b/curl.spec
@@ -1,12 +1,15 @@
 Summary: A utility for getting files from remote servers (FTP, HTTP, and others)
 Name: curl
 Version: 7.43.0
-Release: 2%{?dist}
+Release: 3%{?dist}
 License: MIT
 Group: Applications/Internet
 Source: http://curl.haxx.se/download/%{name}-%{version}.tar.lzma
 Source2: curlbuild.h
 
+# prevent dnf from crashing when using both FTP and HTTP (#1248389)
+Patch1: 0001-curl-7.43.0-f7dcc7c1.patch
+
 # patch making libcurl multilib ready
 Patch101: 0101-curl-7.32.0-multilib.patch
 
@@ -112,6 +115,7 @@ documentation of the library, too.
 %setup -q
 
 # upstream patches
+%patch1 -p1
 
 # Fedora patches
 %patch101 -p1
@@ -231,6 +235,9 @@ rm -rf $RPM_BUILD_ROOT
 %{_datadir}/aclocal/libcurl.m4
 
 %changelog
+* Thu Jul 30 2015 Kamil Dudka <kdudka@redhat.com> 7.43.0-3
+- prevent dnf from crashing when using both FTP and HTTP (#1248389)
+
 * Thu Jul 16 2015 Kamil Dudka <kdudka@redhat.com> 7.43.0-2
 - build support for the HTTP/2 protocol