Join GitHub today
GitHub is home to over 31 million developers working together to host and review code, manage projects, and build software together.
Sign upMemory allocation problem in verify host (openssl.c) #1005
Comments
bagder
closed this
in
83ef21e
Sep 9, 2016
This comment has been minimized.
This comment has been minimized.
|
Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems |
This comment has been minimized.
This comment has been minimized.
|
The fix looks good. Thanks for the quick turnaround. On Sep 9, 2016, at 2:36 PM, Daniel Stenberg <notifications@github.commailto:notifications@github.com> wrote: Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems — |
haroldstuart commentedSep 9, 2016
Look at openssl.c, function verifyhost. Look for the comment that starts "In OpenSSL 0.9.7d and earlier" and then look at the block that follows.
There are two ways of allocating peer_CN. The first uses CURL's memory allocation routine and the second does not (it's allocated by OpenSSL instead). This causes an abort if the second method is used and the memory is freed.