Merge branch 'master' of github.com:kentonv/capnproto

c++/src/capnp/message.h

@@ -221,7 +221,7 @@ public:
   Orphanage getOrphanage();
 
 private:
-  void* arenaSpace[20];
+  void* arenaSpace[21];
   // Space in which we can construct a BuilderArena.  We don't use BuilderArena directly here
   // because we don't want clients to have to #include arena.h, which itself includes a bunch of
   // big STL headers.  We don't use a pointer to a BuilderArena because that would require an

c++/src/capnp/rpc-twoparty.c++

@@ -159,15 +159,18 @@ struct TwoPartyServer::AcceptedConnection {
         rpcSystem(makeRpcServer(network, kj::mv(bootstrapInterface))) {}
 };
 
-kj::Promise<void> TwoPartyServer::listen(kj::ConnectionReceiver& listener) {
-  return listener.accept()
-      .then([this,&listener](kj::Own<kj::AsyncIoStream>&& connection) mutable {
+void TwoPartyServer::accept(kj::Own<kj::AsyncIoStream>&& connection) {
   auto connectionState = kj::heap<AcceptedConnection>(bootstrapInterface, kj::mv(connection));
 
   // Run the connection until disconnect.
   auto promise = connectionState->network.onDisconnect();
   tasks.add(promise.attach(kj::mv(connectionState)));
+}
 
+kj::Promise<void> TwoPartyServer::listen(kj::ConnectionReceiver& listener) {
+  return listener.accept()
+      .then([this,&listener](kj::Own<kj::AsyncIoStream>&& connection) mutable {
+    accept(kj::mv(connection));
     return listen(listener);
   });
 }

c++/src/capnp/rpc-twoparty.h

@@ -119,6 +119,9 @@ class TwoPartyServer: private kj::TaskSet::ErrorHandler {
 public:
   explicit TwoPartyServer(Capability::Client bootstrapInterface);
 
+  void accept(kj::Own<kj::AsyncIoStream>&& connection);
+  // Accepts the connection for servicing.
+
   kj::Promise<void> listen(kj::ConnectionReceiver& listener);
   // Listens for connections on the given listener. The returned promise never resolves unless an
   // exception is thrown while trying to accept. You may discard the returned promise to cancel

security-advisories/2015-03-02-0-c++-integer-overflow.md

@@ -91,7 +91,7 @@ following preventative measures going forward:
 4. We will continue to require that all tests (including the new fuzz test) run
    cleanly under Valgrind before each release.
 5. We will commission a professional security review before any 1.0 release.
-   Until that time, we continue to recommend agaisnt using Cap'n Proto to
+   Until that time, we continue to recommend against using Cap'n Proto to
    interpret data from potentially-malicious sources.
 
 I am pleased that measures 1, 2, and 3 all detected this bug, suggesting that

security-advisories/2015-03-02-2-all-cpu-amplification.md

@@ -21,7 +21,7 @@ CVE-2015-2312
 Impact
 ======
 
-- Remotely cause a peer to use excessive CPU time and other resoucres to
+- Remotely cause a peer to use excessive CPU time and other resources to
   process a very small message, possibly enabling a DoS attack.
 
 Fixed in
@@ -69,6 +69,6 @@ Preventative measures
 =====================
 
 This problem was discovered through fuzz testing using American Fuzzy Lop,
-wich identified the problem as a "hang", although in fact the test case just
+which identified the problem as a "hang", although in fact the test case just
 took a very long time to complete. We are incorporating testing with AFL into
 our release process going forward.

security-advisories/2015-03-05-0-c++-addl-cpu-amplification.md

@@ -43,7 +43,7 @@ Details
 =======
 
 Advisory [2015-03-02-2][1] described a bug allowing a remote attacker to
-consume excessive CPU time or other resources usin a specially-crafted message.
+consume excessive CPU time or other resources using a specially-crafted message.
 The present advisory is simply another case of the same bug which was initially
 missed.