cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Kamil Dudka <kdudka_at_redhat.com>
Date: Sun, 30 Mar 2014 21:15:28 +0200

On Sunday, March 30, 2014 15:34:49 Alessandro Ghedini wrote:
> On mer, mar 26, 2014 at 08:04:30 +0100, Daniel Stenberg wrote:
> > 3. THE SOLUTION
> >
> > libcurl 7.36.0 makes sure that connections are re-used more strictly.
> >
> > A patch for this problem is available at:
> > http://curl.haxx.se/libcurl-bad-reuse.patch
>
> I've been trying to backport that patch to curl 7.26.0 (used in Debian
> stable), but I've noticed that the connection reuse has changed drastically
> since then, and that patch doesn't seem to be enough to fix the issue (in
> fact, it actually breaks the test suite, since test 519 freezes for some
> reason). I haven't even tried to backport it to Debian oldstable (7.21.0).
>
> Is there someone that successfully backported it to something pre-7.30.0, or
> should I just give up?

I am attaching a patch for curl 7.29.0.

Kamil
Received on 2014-03-30

This message: [ Message body ]
Next message: Steve Holme: "[PATCH] url: Fixed connection re-use when using different log-in credentials"
Previous message: Daniel Stenberg: "RE: Test case keywords"
In reply to: Alessandro Ghedini: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"
Next in thread: Alessandro Ghedini: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"
Reply: Alessandro Ghedini: "Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]