Memory allocation problem in verify host (openssl.c) #1005

haroldstuart · 2016-09-09T20:06:45Z

Look at openssl.c, function verifyhost. Look for the comment that starts "In OpenSSL 0.9.7d and earlier" and then look at the block that follows.

There are two ways of allocating peer_CN. The first uses CURL's memory allocation routine and the second does not (it's allocated by OpenSSL instead). This causes an abort if the second method is used and the memory is freed.

bagder · 2016-09-09T21:36:29Z

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems

haroldstuart · 2016-09-09T21:45:03Z

The fix looks good. Thanks for the quick turnaround.

On Sep 9, 2016, at 2:36 PM, Daniel Stenberg <notifications@github.com mailto:notifications@github.com> wrote:

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems

—
You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://github.com//issues/1005#issuecomment-246047259, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVFQUDGp4W1bSGi6sjxJkr4Jee9M3UHsks5qodFrgaJpZM4J5aVO.

bagder closed this in 83ef21e Sep 9, 2016

lock bot locked as resolved and limited conversation to collaborators May 7, 2018

curl / curl

Memory allocation problem in verify host (openssl.c) #1005

Memory allocation problem in verify host (openssl.c) #1005

haroldstuart commented Sep 9, 2016

bagder commented Sep 9, 2016

haroldstuart commented Sep 9, 2016

curl / curl

Sponsor curl/curl

Memory allocation problem in verify host (openssl.c) #1005

Memory allocation problem in verify host (openssl.c) #1005

Comments

haroldstuart commented Sep 9, 2016

bagder commented Sep 9, 2016

haroldstuart commented Sep 9, 2016