cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH] lib/ssluse.c: verifyhost(): peer_CN leak

From: Andre Guibert de Bruet <andy_at_siliconlandmark.com>
Date: Tue, 22 May 2007 15:23:55 -0400

Hi,

While auditing memory usage in a piece of software that makes
extensive use of cURL's HTTPS functionality, I came across a
condition in which cURL leaks the peer_CN heap variable in lib/
ssluse.c if the call to Curl_convert_from_utf8() is unsuccessful.
This following is a diff against 7.16.2:

--- ssluse.c.orig 2007-05-22 15:11:30.000000000 -0400
+++ ssluse.c 2007-05-22 15:12:13.000000000 -0400
@@ -1123,6 +1123,7 @@
        rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
        /* Curl_convert_from_utf8 calls failf if unsuccessful */
        if (rc != CURLE_OK) {
+ OPENSSL_free(peer_CN);
          return(rc);
        }
      }

Regards,

/* Andre Guibert de Bruet * 6f43 6564 7020 656f 2e74 4220 7469 6a20 */
/* Code poet / Sysadmin * 636f 656b 2e79 5320 7379 6461 696d 2e6e */
/* GSM: +1 734 846 8758 * 5520 494e 2058 6c73 7565 6874 002e 0000 */
/* WWW: siliconlandmark.com * C/C++, Java, Perl, PHP, SQL, XHTML, XML */
Received on 2007-05-22

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [PATCH] lib/ssluse.c: verifyhost(): peer_CN leak"
Previous message: Ravi Pratap: "RE: PATCH: Fix for crash in c-ares"
Next in thread: Daniel Stenberg: "Re: [PATCH] lib/ssluse.c: verifyhost(): peer_CN leak"
Reply: Daniel Stenberg: "Re: [PATCH] lib/ssluse.c: verifyhost(): peer_CN leak"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]