You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
When building with -DCURLDEBUG=1, there are some leaks in vtls/schannel.c
on abnormal protocol handshake situations. One is caused by the failure here.
Verified with this <curl_root>\src\schannel-leak-test.bat file:
@echo off
setlocal
set CURL_SSL_BACKEND=schannel
curl.exe -vL http://www.hoyle.me.uk/pi/
perl ..\tests\memanalyze.pl -v c:\temp\memdebug.curl
Running it results in:
...
* STATE: PROTOCONNECT => PROTOCONNECTING handle 0xc7a5aa0; line 2000 (connection #1)
* schannel: SSL/TLS connection with www.hoyle.me.uk port 443 (step 2/3)
* schannel: encrypted data got 494
* schannel: encrypted data buffer: offset 494 length 4096
* schannel: next InitializeSecurityContext failed: SEC_E_INVALID_TOKEN (0x80090308) -
Tokenet som ble levert til funksjonen, er ugyldig == "The token supplied to the function is invalid ".
* multi_done
0 0 0 0 0 0 0 0 --:--:-- 0:00:01 --:--:-- 0
* The cache now contains 1 members
* Closing connection 1
* Expire cleared (transfer 0xc7a5aa0)
Leak detected: memory still allocated: 8232 bytes
At c7ebae8, there's 4096 bytes.
allocated by vtls/schannel.c:1060
At 48a6aa0, there's 24 bytes.
allocated by vtls/schannel.c:708
At c7e9438, there's 16 bytes.
allocated by vtls/schannel.c:935
At c7eaad0, there's 4096 bytes.
allocated by vtls/schannel.c:1048
And using wget http://www.hoyle.me.uk/pi/ (w/OpenSSL) gives:
<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<html><head>
<title>301 Moved Permanently</title>
</head><body>
<h1>Moved Permanently</h1>
<p>The document has moved <a href="https://www.hoyle.me.uk/pi/">here</a>.</p>
<hr>
<address>Apache/2.4.46 (Debian) Server at www.hoyle.me.uk Port 80</address>
</body></html>
...
SSL handshake failed.
OpenSSL: error:0A00010B:SSL routines::wrong version number
Some misconfigured web-server?
The text was updated successfully, but these errors were encountered:
@echo off
setlocal
set CURL_SSL_BACKEND=schannel
set CURL_MEMDEBUG=%TEMP%\memdebug.curl
set URL=http://www.hoyle.me.uk/pi/
curl.exe -vL %URL%
echo -----------------------------------------------
perl ..\tests\memanalyze.pl -v %CURL_MEMDEBUG%
When building with
-DCURLDEBUG=1
, there are some leaks invtls/schannel.c
on abnormal protocol handshake situations. One is caused by the failure here.
Verified with this
<curl_root>\src\schannel-leak-test.bat
file:Running it results in:
And using
wget http://www.hoyle.me.uk/pi/
(w/OpenSSL) gives:Some misconfigured web-server?
The text was updated successfully, but these errors were encountered: