1
0
mirror of git://git.gnupg.org/gnupg.git synced 2025-01-21 14:47:03 +01:00

dirmngr: Fix the regression of use of proxy for TLS connection.

* dirmngr/http.c (run_proxy_connect): Don't set keep_alive, since it
causes resource leak of FP_WRITE.
Don't try to read response body to fix the hang.

--

GnuPG-bug-id: 6997
Signed-off-by: NIIBE Yutaka <gniibe@fsij.org>
This commit is contained in:
NIIBE Yutaka 2024-02-16 11:31:37 +09:00 committed by Werner Koch
parent d6c428699d
commit c33c4fdf10
No known key found for this signature in database
GPG Key ID: E3FDFF218E45B72B

View File

@ -2520,6 +2520,7 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
* RFC-4559 - SPNEGO-based Kerberos and NTLM HTTP Authentication
*/
auth_basic = !!proxy->uri->auth;
hd->keep_alive = 0;
/* For basic authentication we need to send just one request. */
if (auth_basic
@ -2541,13 +2542,12 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
httphost ? httphost : server,
port,
authhdr ? authhdr : "",
auth_basic? "" : "Connection: keep-alive\r\n");
hd->keep_alive? "Connection: keep-alive\r\n" : "");
if (!request)
{
err = gpg_error_from_syserror ();
goto leave;
}
hd->keep_alive = !auth_basic; /* We may need to send more requests. */
if (opt_debug || (hd->flags & HTTP_FLAG_LOG_RESP))
log_debug_with_string (request, "http.c:proxy:request:");
@ -2574,16 +2574,6 @@ run_proxy_connect (http_t hd, proxy_info_t proxy,
if (err)
goto leave;
{
unsigned long count = 0;
while (es_getc (hd->fp_read) != EOF)
count++;
if (opt_debug)
log_debug ("http.c:proxy_connect: skipped %lu bytes of response-body\n",
count);
}
/* Reset state. */
es_clearerr (hd->fp_read);
((cookie_t)(hd->read_cookie))->up_to_empty_line = 1;