cURL / Mailing Lists / curl-library / Single Mail

curl-library

[PATCH 1/2] curl_easy_getopt: handle API violation gracefully

From: Christian Grothoff <christian_at_grothoff.org>
Date: Wed, 27 Nov 2013 23:28:26 +0100

This fixes a NULL dereference in the case where the client
asks for CURLINFO_TLS_SESSION data after the (TLS) session
has already been destroyed (i.e. curl_easy_perform has
already completed for this handle). Instead of crashing,
we now return an error (CURLSSLBACKEND_NONE).

---
 lib/getinfo.c |    2 ++
 1 file changed, 2 insertions(+)
diff --git a/lib/getinfo.c b/lib/getinfo.c
index 6a4e72e..80ca264 100644
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -288,6 +288,8 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
       tlsinfo->ssl_backend = CURLSSLBACKEND_NONE;
       tlsinfo->internals = NULL;
 
+      if(conn == NULL)
+        break;
       /* Find the active ("in use") SSL connection, if any */
       while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
             (!conn->ssl[sockindex].use))
-- 
1.7.10.4
--------------020303070707070301020109
Content-Type: text/plain; charset="us-ascii"
MIME-Version: 1.0
Content-Transfer-Encoding: 7bit
Content-Disposition: inline
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette:  http://curl.haxx.se/mail/etiquette.html
--------------020303070707070301020109--

Received on 2001-09-17

This message: [ Message body ]
Next message: Steve Holme: "RE: CURLINFO_GNUTLS_SESSION (was Re: Patch: Support CURLINFO_CERTINFO with GnuTLS)"
Previous message: Christian Grothoff: "[PATCH 2/2] docs/examples/sessioninfo.c: sample code for CURLINFO_TLS_SESSION"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]