cURL
Haxx ad
libcurl
Mailing Lists

curl's project page on SourceForge.net

Sponsors:
Haxx

cURL > Mailing List > Monthly Index > Single Mail

curl-tracker Archives

[curl:bugs] #1295 Curl exception during dump cert

From: Daniel Stenberg <bagder_at_users.sf.net>
Date: Tue, 05 Nov 2013 09:11:11 +0000

Thanks a lot for your report.

I just pushed a fix for this regression so it'll be repaired in the next release. (commit 5aa290f0f209) 

---
** [bugs:#1295] Curl exception during dump cert**
**Status:** closed-fixed
**Labels:** Dump cert 
**Created:** Mon Nov 04, 2013 05:33 AM UTC by Felix Yan
**Last Updated:** Mon Nov 04, 2013 05:33 AM UTC
**Owner:** Daniel Stenberg
Exception happens during dump cert
Curl wants to dump a certificate from cert chain. But the certificate string doesn't have "\0" at the end(OpenSSL returned the starting address and the length of the cert). So the exception happens during do strlen() operation.
The problem is introduced from Curl 7.32.0. Checked the codes in Curl7.33.0. The problem should not be fixed in the latest version.
Function call steps about dumpcert:
static void dumpcert(struct SessionHandle *data, X509 *x, int numcert)  // Ssluse.c
   --> Curl_ssl_push_certinfo_len(data, numcert, "Cert", biomem->data, biomem->length);  // Sslgen.c       
       // biomem->data is the starting address of certificate.
       // biomem->length is the length of certificate.
      --> curl_maprintf("%s:%.*s", label, valuelen, value);      // Mprinft.c
          // valuelen is the length of certificate.
          // value is the starting address of certificate.
         --> dprintf_formatf(&info, alloc_addbyter, format, ap_save); // Mprinft.c
             {
                ...
                case FORMAT_STRING:
                {
                   str = (char *) p->data.str;  // "str" is the starting address of certificate.
                   len = strlen(str);           // If the "str" is not terminate with "\0", an exception maybe happens.
                   ...
                }
             }
strlen() pops up exception in my core dump.
Crul version: 7.32.0
OpenSSL version: 1.0.1e
Platform: Win7 X86
---
Sent from sourceforge.net because curl-tracker@cool.haxx.se is subscribed to https://sourceforge.net/p/curl/bugs/
To unsubscribe from further messages, a project admin can change settings at https://sourceforge.net/p/curl/admin/bugs/options.  Or, if this is a mailing list, you can unsubscribe from the mailing list.
Received on 2013-11-05

These mail archives are generated by hypermail.

donate! Page updated May 06, 2013.
web site info

File upload with ASP.NET