Skip to content

Memory allocation problem in verify host (openssl.c) #1005

@haroldstuart

Description

@haroldstuart

Look at openssl.c, function verifyhost. Look for the comment that starts "In OpenSSL 0.9.7d and earlier" and then look at the block that follows.

There are two ways of allocating peer_CN. The first uses CURL's memory allocation routine and the second does not (it's allocated by OpenSSL instead). This causes an abort if the second method is used and the memory is freed.

Metadata

Metadata

Assignees

No one assigned

    Labels

    No labels
    No labels

    Type

    No type

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions