/curl

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Memory allocation problem in verify host (openssl.c) #1005

Closed
haroldstuart opened this Issue Sep 9, 2016 · 2 comments

Comments

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
2 participants
@haroldstuart @bagder
@haroldstuart

haroldstuart commented Sep 9, 2016

Look at openssl.c, function verifyhost. Look for the comment that starts "In OpenSSL 0.9.7d and earlier" and then look at the block that follows.

There are two ways of allocating peer_CN. The first uses CURL's memory allocation routine and the second does not (it's allocated by OpenSSL instead). This causes an abort if the second method is used and the memory is freed.

@bagder bagder closed this in 83ef21e Sep 9, 2016

@bagder

This comment has been minimized.

Show comment
Hide comment
@bagder

bagder Sep 9, 2016

Member

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems
Member

bagder commented Sep 9, 2016

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems
@haroldstuart

This comment has been minimized.

Show comment
Hide comment
@haroldstuart

haroldstuart Sep 9, 2016

The fix looks good. Thanks for the quick turnaround.

On Sep 9, 2016, at 2:36 PM, Daniel Stenberg <notifications@github.commailto:notifications@github.com> wrote:

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://github.com/curl/curl/issues/1005#issuecomment-246047259, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVFQUDGp4W1bSGi6sjxJkr4Jee9M3UHsks5qodFrgaJpZM4J5aVO.

haroldstuart commented Sep 9, 2016

The fix looks good. Thanks for the quick turnaround.

On Sep 9, 2016, at 2:36 PM, Daniel Stenberg <notifications@github.commailto:notifications@github.com> wrote:

Thanks, I fixed this now by partially reverting the change that introduced that mistake. Please double-check the code now and see if you spot any further problems


You are receiving this because you authored the thread.
Reply to this email directly, view it on GitHubhttps://github.com/curl/curl/issues/1005#issuecomment-246047259, or mute the threadhttps://github.com/notifications/unsubscribe-auth/AVFQUDGp4W1bSGi6sjxJkr4Jee9M3UHsks5qodFrgaJpZM4J5aVO.

@lock lock bot locked as resolved and limited conversation to collaborators May 7, 2018

Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.