cURL / Mailing Lists / curl-library / Single Mail

curl-library

[patch] Curl_clone_ssl_config initialization bug

From: douglas steinwand <dzs-curl_at_dzs.fx.org>
Date: Sun, 21 Mar 2010 17:27:41 -0700

libcurl 7.20.0 and earlier versions incompletely reinitialize CURL
handles when options such as CURLOPT_CAINFO are changed. It seems
Curl_clone_ssl_config() doesn't reset some attributes to NULL. As
such, reusing a curl easy handle can cause "double free" and
segmentation fault crashes, along with other random problems (curl
errors 27 and 35).

Two files are attached: a demonstration of the problem, and a patch
to correct it.

- doug

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

text/x-csrc attachment: https-cainfo.c

text/x-diff attachment: sslgen_clone_ssl_config.patch

Received on 2010-03-22

This message: [ Message body ]
Next message: Daniel Johnson: "Re: PATCH: add support for clang compiler"
Previous message: Daniel Stenberg: "Re: PATCH: Fix tftp return codes, tsize upload handling."
Next in thread: Kamil Dudka: "Re: [patch] Curl_clone_ssl_config initialization bug"
Reply: Kamil Dudka: "Re: [patch] Curl_clone_ssl_config initialization bug"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]