cURL / Mailing Lists / curl-library / Single Mail

curl-library

PATCH: prevent a double free() with a malformed LDAP URL

From: Geoff Beier <geoff_at_redhoundsoftware.com>
Date: Wed, 21 Aug 2013 08:32:37 -0400

We're seeing a crash in libcurl with the Windows system LDAP support
built in, where libcurl will attempt to free memory twice when a URL
parse fails.

This can be reproduced consistently using the command line tool with the
following URL:

"ldap://www.trustcenter.de/CN=TC%20TrustCenter%20Class%203%20CA%20II,O=TC%20TrustCenter%20GmbH,OU=rootcerts,DC=trustcenter,DC=de?certificateRevocationList?base?"

Windows is the only platform where we've seen the crash. We've tested
the attached patch on Mac OS X, 32-bit Windows and 64-bit Windows.

I believe I've followed the instructions for patch formatting and such,
but if I've gotten something wrong please let me know.

Thanks,

Geoff

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

text/plain attachment: stored

Received on 2013-08-21

This message: [ Message body ]
Next message: Steve Holme: "RE: IMAP not working reliably on Win32/VS2012"
Previous message: Mike Mio: "RE: v7.30.0 is slower than v2.29.0 when I upload files with FTP"
Next in thread: Daniel Stenberg: "Re: PATCH: prevent a double free() with a malformed LDAP URL"
Reply: Daniel Stenberg: "Re: PATCH: prevent a double free() with a malformed LDAP URL"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]