Memory allocation problem in verify host (openssl.c) #1005

Closed
haroldstuart opened this Issue Sep 9, 2016 · 2 comments

Projects

None yet

2 participants

@haroldstuart

Look at openssl.c, function verifyhost. Look for the comment that starts "In OpenSSL 0.9.7d and earlier" and then look at the block that follows.

There are two ways of allocating peer_CN. The first uses CURL's memory allocation routine and the second does not (it's allocated by OpenSSL instead). This causes an abort if the second method is used and the memory is freed.

@bagder bagder added a commit that closed this issue Sep 9, 2016
@bagder bagder openssl: fix bad memory free (regression)
... by partially reverting f975f06. The allocation could be made by
OpenSSL so the free must be made with OPENSSL_free() to avoid problems.

Reported-by: Harold Stuart
Fixes #1005
83ef21e
@bagder bagder closed this in 83ef21e Sep 9, 2016
@bagder
Member
bagder commented Sep 9, 2016

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems

@haroldstuart

The fix looks good. Thanks for the quick turnaround.

On Sep 9, 2016, at 2:36 PM, Daniel Stenberg <notifications@github.commailto:notifications@github.com> wrote:

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://github.com/curl/curl/issues/1005#issuecomment-246047259, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVFQUDGp4W1bSGi6sjxJkr4Jee9M3UHsks5qodFrgaJpZM4J5aVO.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment