summaryrefslogtreecommitdiffstats
path: root/doc/sources
diff options
context:
space:
mode:
Diffstat (limited to '')
-rw-r--r--SECURITY.md (renamed from doc/sources/security.rst)26
-rw-r--r--doc/sources/index.rst1
-rw-r--r--doc/sources/tutorial-client.rst27
-rw-r--r--doc/sources/tutorial-hpack.rst30
-rw-r--r--doc/sources/tutorial-server.rst43
5 files changed, 63 insertions, 64 deletions
diff --git a/doc/sources/security.rst b/SECURITY.md
index 5a8fcd0..b8328a5 100644
--- a/doc/sources/security.rst
+++ b/SECURITY.md
@@ -1,16 +1,15 @@
-Security Process
-================
+# Security Process
-If you find a vulnerability in our software, please send the email to
-"tatsuhiro.t at gmail dot com" about its details instead of submitting
+If you find a vulnerability in our software, please report it via
+GitHub "Private vulnerability reporting" feature at
+https://github.com/nghttp2/nghttp2/security instead of submitting
issues on github issue page. It is a standard practice not to
disclose vulnerability information publicly until a fixed version is
-released, or mitigation is worked out. In the future, we may setup a
-dedicated mail address for this purpose.
+released, or mitigation is worked out.
If we identify that the reported issue is really a vulnerability, we
-open a new security advisory draft using `GitHub security feature
-<https://github.com/nghttp2/nghttp2/security>`_ and discuss the
+open a new security advisory draft using [GitHub security
+feature](https://github.com/nghttp2/nghttp2/security) and discuss the
mitigation and bug fixes there. The fixes are committed to the
private repository.
@@ -21,12 +20,11 @@ We make a new release with the fix at the same time when the
vulnerability is disclosed to public.
At least 7 days before the public disclosure date, we open a new issue
-on `nghttp2 issue tracker
-<https://github.com/nghttp2/nghttp2/issues>`_ which notifies that the
-upcoming release will have a security fix. The ``SECURITY`` label is
-attached to this kind of issue. The issue is not opened if a
-vulnerability is already disclosed, and it is publicly known that
-nghttp2 is affected by that.
+on [nghttp2 issue tracker](https://github.com/nghttp2/nghttp2/issues)
+which notifies that the upcoming release will have a security fix.
+The `SECURITY` label is attached to this kind of issue. The issue is
+not opened if a vulnerability is already disclosed, and it is publicly
+known that nghttp2 is affected by that.
Before few hours of new release, we merge the fixes to the master
branch (and/or a release branch if necessary) and make a new release.
diff --git a/doc/sources/index.rst b/doc/sources/index.rst
index b03c348..e181645 100644
--- a/doc/sources/index.rst
+++ b/doc/sources/index.rst
@@ -18,7 +18,6 @@ Contents:
package_README
contribute
- security
building-android-binary
tutorial-client
tutorial-server
diff --git a/doc/sources/tutorial-client.rst b/doc/sources/tutorial-client.rst
index 95a6230..be6eb55 100644
--- a/doc/sources/tutorial-client.rst
+++ b/doc/sources/tutorial-client.rst
@@ -171,7 +171,7 @@ session object and several callbacks::
nghttp2_session_callbacks_new(&callbacks);
- nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
+ nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
on_frame_recv_callback);
@@ -246,8 +246,8 @@ HTTP request in the ``submit_request()`` function::
MAKE_NV(":path", stream_data->path, stream_data->pathlen)};
fprintf(stderr, "Request headers:\n");
print_headers(stderr, hdrs, ARRLEN(hdrs));
- stream_id = nghttp2_submit_request(session_data->session, NULL, hdrs,
- ARRLEN(hdrs), NULL, stream_data);
+ stream_id = nghttp2_submit_request2(session_data->session, NULL, hdrs,
+ ARRLEN(hdrs), NULL, stream_data);
if (stream_id < 0) {
errx(1, "Could not submit HTTP request: %s", nghttp2_strerror(stream_id));
}
@@ -258,11 +258,11 @@ HTTP request in the ``submit_request()`` function::
We build the HTTP request header fields in ``hdrs``, which is an array
of :type:`nghttp2_nv`. There are four header fields to be sent:
``:method``, ``:scheme``, ``:authority``, and ``:path``. To queue the
-HTTP request, we call `nghttp2_submit_request()`. The ``stream_data``
+HTTP request, we call `nghttp2_submit_request2()`. The ``stream_data``
is passed via the *stream_user_data* parameter, which is helpfully
later passed back to callback functions.
-`nghttp2_submit_request()` returns the newly assigned stream ID for
+`nghttp2_submit_request2()` returns the newly assigned stream ID for
the request.
The next bufferevent callback is ``readcb()``, which is invoked when
@@ -270,12 +270,12 @@ data is available to read from the bufferevent input buffer::
static void readcb(struct bufferevent *bev, void *ptr) {
http2_session_data *session_data = (http2_session_data *)ptr;
- ssize_t readlen;
+ nghttp2_ssize readlen;
struct evbuffer *input = bufferevent_get_input(bev);
size_t datalen = evbuffer_get_length(input);
unsigned char *data = evbuffer_pullup(input, -1);
- readlen = nghttp2_session_mem_recv(session_data->session, data, datalen);
+ readlen = nghttp2_session_mem_recv2(session_data->session, data, datalen);
if (readlen < 0) {
warnx("Fatal error: %s", nghttp2_strerror((int)readlen));
delete_http2_session_data(session_data);
@@ -293,8 +293,8 @@ data is available to read from the bufferevent input buffer::
}
In this function we feed all unprocessed, received data to the nghttp2
-session object using the `nghttp2_session_mem_recv()` function.
-`nghttp2_session_mem_recv()` processes the received data and may
+session object using the `nghttp2_session_mem_recv2()` function.
+`nghttp2_session_mem_recv2()` processes the received data and may
invoke nghttp2 callbacks and queue frames for transmission. Since
there may be pending frames for transmission, we call immediately
``session_send()`` to send them. ``session_send()`` is defined as
@@ -313,15 +313,16 @@ follows::
The `nghttp2_session_send()` function serializes pending frames into
wire format and calls the ``send_callback()`` function to send them.
-``send_callback()`` has type :type:`nghttp2_send_callback` and is
+``send_callback()`` has type :type:`nghttp2_send_callback2` and is
defined as::
- static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
- size_t length, int flags _U_, void *user_data) {
+ static nghttp2_ssize send_callback(nghttp2_session *session _U_,
+ const uint8_t *data, size_t length,
+ int flags _U_, void *user_data) {
http2_session_data *session_data = (http2_session_data *)user_data;
struct bufferevent *bev = session_data->bev;
bufferevent_write(bev, data, length);
- return (ssize_t)length;
+ return (nghttp2_ssize)length;
}
Since we use bufferevent to abstract network I/O, we just write the
diff --git a/doc/sources/tutorial-hpack.rst b/doc/sources/tutorial-hpack.rst
index 36e82d9..82acd94 100644
--- a/doc/sources/tutorial-hpack.rst
+++ b/doc/sources/tutorial-hpack.rst
@@ -24,11 +24,11 @@ deflater object for the dynamic header table. If in doubt, just
specify 4096 here, which is the default upper bound of dynamic header
table buffer size.
-To encode header fields, use the `nghttp2_hd_deflate_hd()` function::
+To encode header fields, use the `nghttp2_hd_deflate_hd2()` function::
- ssize_t nghttp2_hd_deflate_hd(nghttp2_hd_deflater *deflater,
- uint8_t *buf, size_t buflen,
- const nghttp2_nv *nva, size_t nvlen);
+ nghttp2_ssize nghttp2_hd_deflate_hd2(nghttp2_hd_deflater *deflater,
+ uint8_t *buf, size_t buflen,
+ const nghttp2_nv *nva, size_t nvlen);
The *deflater* is the deflater object initialized by
`nghttp2_hd_deflate_new()` described above. The encoded byte string is
@@ -44,7 +44,7 @@ cookies), set the :macro:`NGHTTP2_NV_FLAG_NO_INDEX` flag in
sensitive header fields by compression based attacks: This is achieved
by not inserting the header field into the dynamic header table.
-`nghttp2_hd_deflate_hd()` processes all headers given in *nva*. The
+`nghttp2_hd_deflate_hd2()` processes all headers given in *nva*. The
*nva* must include all request or response header fields to be sent in
one HEADERS (or optionally following (multiple) CONTINUATION
frame(s)). The *buf* must have enough space to store the encoded
@@ -55,13 +55,13 @@ of the encoded result length, use `nghttp2_hd_deflate_bound()`::
const nghttp2_nv *nva, size_t nvlen);
Pass this function the same parameters (*deflater*, *nva*, and
-*nvlen*) which will be passed to `nghttp2_hd_deflate_hd()`.
+*nvlen*) which will be passed to `nghttp2_hd_deflate_hd2()`.
-Subsequent calls to `nghttp2_hd_deflate_hd()` will use the current
+Subsequent calls to `nghttp2_hd_deflate_hd2()` will use the current
encoder state and perform differential encoding, which yields HPAC's
fundamental compression gain.
-If `nghttp2_hd_deflate_hd()` fails, the failure is fatal and any
+If `nghttp2_hd_deflate_hd2()` fails, the failure is fatal and any
further calls with the same deflater object will fail. Thus it's very
important to use `nghttp2_hd_deflate_bound()` to determine the
required size of the output buffer.
@@ -78,14 +78,14 @@ header data. To initialize the object, use
int nghttp2_hd_inflate_new(nghttp2_hd_inflater **inflater_ptr);
-To inflate header data, use `nghttp2_hd_inflate_hd2()`::
+To inflate header data, use `nghttp2_hd_inflate_hd3()`::
- ssize_t nghttp2_hd_inflate_hd2(nghttp2_hd_inflater *inflater,
- nghttp2_nv *nv_out, int *inflate_flags,
- const uint8_t *in, size_t inlen,
- int in_final);
+ nghttp2_ssize nghttp2_hd_inflate_hd3(nghttp2_hd_inflater *inflater,
+ nghttp2_nv *nv_out, int *inflate_flags,
+ const uint8_t *in, size_t inlen,
+ int in_final);
-`nghttp2_hd_inflate_hd2()` reads a stream of bytes and outputs a
+`nghttp2_hd_inflate_hd3()` reads a stream of bytes and outputs a
single header field at a time. Multiple calls are normally required to
read a full stream of bytes and output all of the header fields.
@@ -119,7 +119,7 @@ If *in_final* is zero and the :macro:`NGHTTP2_HD_INFLATE_EMIT` flag is
not set, it indicates that all given data was processed. The caller
is required to pass additional data.
-Example usage of `nghttp2_hd_inflate_hd2()` is shown in the
+Example usage of `nghttp2_hd_inflate_hd3()` is shown in the
`inflate_header_block()` function in `deflate.c`_.
Finally, to delete a :type:`nghttp2_hd_inflater` object, use
diff --git a/doc/sources/tutorial-server.rst b/doc/sources/tutorial-server.rst
index 41680bd..bf71296 100644
--- a/doc/sources/tutorial-server.rst
+++ b/doc/sources/tutorial-server.rst
@@ -220,7 +220,7 @@ session object and several callbacks::
nghttp2_session_callbacks_new(&callbacks);
- nghttp2_session_callbacks_set_send_callback(callbacks, send_callback);
+ nghttp2_session_callbacks_set_send_callback2(callbacks, send_callback);
nghttp2_session_callbacks_set_on_frame_recv_callback(callbacks,
on_frame_recv_callback);
@@ -275,12 +275,12 @@ this pending data. To process the received data, we call the
``session_recv()`` function::
static int session_recv(http2_session_data *session_data) {
- ssize_t readlen;
+ nghttp2_ssize readlen;
struct evbuffer *input = bufferevent_get_input(session_data->bev);
size_t datalen = evbuffer_get_length(input);
unsigned char *data = evbuffer_pullup(input, -1);
- readlen = nghttp2_session_mem_recv(session_data->session, data, datalen);
+ readlen = nghttp2_session_mem_recv2(session_data->session, data, datalen);
if (readlen < 0) {
warnx("Fatal error: %s", nghttp2_strerror((int)readlen));
return -1;
@@ -296,9 +296,9 @@ this pending data. To process the received data, we call the
}
In this function, we feed all unprocessed but already received data to
-the nghttp2 session object using the `nghttp2_session_mem_recv()`
-function. The `nghttp2_session_mem_recv()` function processes the data
-and may both invoke the previously setup callbacks and also queue
+the nghttp2 session object using the `nghttp2_session_mem_recv2()`
+function. The `nghttp2_session_mem_recv2()` function processes the
+data and may both invoke the previously setup callbacks and also queue
outgoing frames. To send any pending outgoing frames, we immediately
call ``session_send()``.
@@ -316,11 +316,12 @@ The ``session_send()`` function is defined as follows::
The `nghttp2_session_send()` function serializes the frame into wire
format and calls the ``send_callback()``, which is of type
-:type:`nghttp2_send_callback`. The ``send_callback()`` is defined as
+:type:`nghttp2_send_callback2`. The ``send_callback()`` is defined as
follows::
- static ssize_t send_callback(nghttp2_session *session _U_, const uint8_t *data,
- size_t length, int flags _U_, void *user_data) {
+ static nghttp2_ssize send_callback(nghttp2_session *session _U_,
+ const uint8_t *data, size_t length,
+ int flags _U_, void *user_data) {
http2_session_data *session_data = (http2_session_data *)user_data;
struct bufferevent *bev = session_data->bev;
/* Avoid excessive buffering in server side. */
@@ -329,7 +330,7 @@ follows::
return NGHTTP2_ERR_WOULDBLOCK;
}
bufferevent_write(bev, data, length);
- return (ssize_t)length;
+ return (nghttp2_ssize)length;
}
Since we use bufferevent to abstract network I/O, we just write the
@@ -509,11 +510,11 @@ Sending the file content is performed by the ``send_response()`` function::
static int send_response(nghttp2_session *session, int32_t stream_id,
nghttp2_nv *nva, size_t nvlen, int fd) {
int rv;
- nghttp2_data_provider data_prd;
+ nghttp2_data_provider2 data_prd;
data_prd.source.fd = fd;
data_prd.read_callback = file_read_callback;
- rv = nghttp2_submit_response(session, stream_id, nva, nvlen, &data_prd);
+ rv = nghttp2_submit_response2(session, stream_id, nva, nvlen, &data_prd);
if (rv != 0) {
warnx("Fatal error: %s", nghttp2_strerror(rv));
return -1;
@@ -521,7 +522,7 @@ Sending the file content is performed by the ``send_response()`` function::
return 0;
}
-nghttp2 uses the :type:`nghttp2_data_provider` structure to send the
+nghttp2 uses the :type:`nghttp2_data_provider2` structure to send the
entity body to the remote peer. The ``source`` member of this
structure is a union, which can be either a void pointer or an int
(which is intended to be used as file descriptor). In this example
@@ -529,11 +530,11 @@ server, we use it as a file descriptor. We also set the
``file_read_callback()`` callback function to read the contents of the
file::
- static ssize_t file_read_callback(nghttp2_session *session _U_,
- int32_t stream_id _U_, uint8_t *buf,
- size_t length, uint32_t *data_flags,
- nghttp2_data_source *source,
- void *user_data _U_) {
+ static nghttp2_ssize file_read_callback(nghttp2_session *session _U_,
+ int32_t stream_id _U_, uint8_t *buf,
+ size_t length, uint32_t *data_flags,
+ nghttp2_data_source *source,
+ void *user_data _U_) {
int fd = source->fd;
ssize_t r;
while ((r = read(fd, buf, length)) == -1 && errno == EINTR)
@@ -544,7 +545,7 @@ file::
if (r == 0) {
*data_flags |= NGHTTP2_DATA_FLAG_EOF;
}
- return r;
+ return (nghttp2_ssize)r;
}
If an error occurs while reading the file, we return
@@ -553,8 +554,8 @@ library to send RST_STREAM to the stream. When all data has been
read, the :macro:`NGHTTP2_DATA_FLAG_EOF` flag is set to signal nghttp2
that we have finished reading the file.
-The `nghttp2_submit_response()` function is used to send the response to the
-remote peer.
+The `nghttp2_submit_response2()` function is used to send the response
+to the remote peer.
The ``on_stream_close_callback()`` function is invoked when the stream
is about to close::