cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: Exception when runing libcurl v7.49.0 with mbedTLS

From: Ray Satiro via curl-library <curl-library_at_cool.haxx.se>
Date: Mon, 6 Jun 2016 13:01:31 -0400

On 6/6/2016 4:01 AM, Moti Avrahami wrote:
>
>
> On Mon, Jun 6, 2016 at 5:53 AM, Ray Satiro via curl-library
> <curl-library_at_cool.haxx.se <mailto:curl-library_at_cool.haxx.se>> wrote:
>
> On 6/5/2016 9:11 AM, Moti Avrahami wrote:
>>
>> Recently I upgraded libcurl to v7.49.0 and now I’m getting
>> exception when connecting to some FTPS servers.
>>
>> The exception is about “Access violation reading location” and
>> the callstack begin from mbedTLS.c in this function:
>>
>> void Curl_mbedtls_session_free(void *ptr)
>>
>> {
>>
>> mbedtls_ssl_session_free(ptr);
>>
>> free(ptr);
>>
>> }
>>
>> The second command (free) go deep to this:
>>
>> File: C:\Program Files (x86)\Microsoft Visual Studio
>> 9.0\VC\crt\src\dbgheap.c
>>
>> Line: 1132
>>
>> Expression: _CrtIsValidHeapPointer(pUserData)
>>
>> Does someone else encounter it?
>>
>
> I haven't, but I don't have a mbedTLS setup for Visual Studio at
> the moment. FTPS with session resume is working here with mbedTLS
> since the session resume fix [1]. The code you cite is correct
> because mbedtls_ssl_session_free only frees what's in the session
> object but not the object itself. That is why it's followed by a
> call to free.
>
> What do you mean by some ftps servers? Is there a specific server?
> Can you try to reproduce in the latest curl master and check if
> it's a specific server type that's giving you the problem?
>
>
> [1]: https://github.com/curl/curl/commit/9f498de
>
>
> -------------------------------------------------------------------
> List admin: https://cool.haxx.se/list/listinfo/curl-library
> Etiquette: https://curl.haxx.se/mail/etiquette.html
>
>
>
> By some servers I mean that not only one. I tried it with FileZilla
> and Windows IIS (that even doesn't enforce the session resume, just to
> be sure it's not this case), but they both fail.
> I also tried it with the Curl.exe command line tool but got an
> exception also here.
> I looked at the latest 7.49.1 which is only one version above my, and
> applied the only one fix which is relevant to my case: "mbedtls: fix
> includes so snprintf() works". But it still doesn't work.
>
>

Please try curl master. There is a session cache race condition that was
fixed and other fixes as well.

-------------------------------------------------------------------
List admin: https://cool.haxx.se/list/listinfo/curl-library
Etiquette: https://curl.haxx.se/mail/etiquette.html
Received on 2016-06-06