New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Assertion incorrectly triggering in Curl_ssl_getsessionid() #8472
Comments
Thanks. That assert is clearly wrong there... |
As assert that required an non-zero session id cache just before the run-time check that handles it correctly is an incorrect assert. Reported-by: Jim Beveridge Fixes #8472
The assert was originally added in 04b4ee5 but was touched at a few later occasions. |
Does the equivalent |
I can't spot any code path where |
Ideally, Curl_ssl_getsessionid should not be called unless sessionid caching is enabled. There is a debug assertion in the function to help ensure that. Therefore, the pattern in all vtls is basically: if(primary.sessionid) {lock(); Curl_ssl_getsessionid(...); unlock();} There was one instance in openssl.c where sessionid was not checked beforehand and this change fixes that. Prior to this change an assertion would occur in openssl debug builds during connection stage if session caching was disabled. Reported-by: Jim Beveridge Fixes curl#8472 Closes #xxxx
Thanks |
I did this
Built a
Debug
version of curl usinggcc (Ubuntu 9.3.0-17ubuntu1~20.04) 9.3.0
.Passed the
-D ENABLE_DEBUG=1
flag to CMake to enable assertions in libcurl.Modified
docs/examples/https.c
to setCURLOPT_SSL_SESSIONID_CACHE
to zero, as follows:Built
https.c
with this command:When this code ran, I received this error:
Reviewing
vtls.c
line 424, it is asserting on the value of sessionid, which is correctly set to zero because of the call tocurl_easy_setopt(curl, CURLOPT_SSL_SESSIONID_CACHE, 0L);
. The zero is interpreted as a boolean false and the assertion fails.It appears that Line 424 should be removed entirely because it's handled properly on line 426.
I expected the following
I expected the sample to run correctly and print the content from example.com.
curl/libcurl version
Using
commit 161cbc502ee0bdbda052d6da17d24fa7835f83e7
, but this problem goes back to at least curl-7.79.1 .operating system
Linux mynode 5.10.16.3-microsoft-standard-WSL2 #1 SMP Fri Apr 2 22:23:49 UTC 2021 x86_64 x86_64 x86_64 GNU/Linux
The text was updated successfully, but these errors were encountered: