-
-
Notifications
You must be signed in to change notification settings - Fork 6.5k
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Socket use after close when connecting to remote HTTPS via HTTPS proxy #8193
Comments
You didn't show the curl -V output though, so we're clueless about your TLS config. |
Thanks, I see, but I'm only linking with curl lib in my project. Running curl.exe built from this repo, top of master branch, the problem is still there. I added Patch which enables strict handle check policy on Windows: With the above policy, unpatched code crash when executed like this (with no server on port 9999):
with my PR all is fine:
|
I want to A) reproduce the problem and then B) verify that the fix is fine. |
It does not reproduce for me on Linux, with or without valgrind:
Where is the socket use after close happening? Can you get a stack trace from your crash? |
The stack trace:
First I set a debug log on CloseHandle and I found out that we are closing the same handle in the place which I patched. When the code unwinds from there it triggers the Line 2006 in e7f9c90
then it falls into Line 2569 in e7f9c90
then here Line 753 in e7f9c90
which is an interesting code. A blind try to fix it with
also worked but walking the code, reading comments, I made an educated guess to fix it as submitted in my PR |
... and double-check in the OpenSSL shutdown that the socket is actually still there before it is used. Fixes #8193 Reported-by: Leszek Kubik
Awesome, that was just the info I needed to get a full picture. |
I did this
We use ProcessStrictHandleCheckPolicy which reveals socket use after close.
I expected the following
Curl returns "Received HTTP code 502 from proxy after CONNECT" and gracefully close the HTTPS tunnel.
curl/libcurl version
7.79.1
[curl -V output]
curl 7.81.0-DEV (x86_64-pc-win32) libcurl/7.81.0-DEV OpenSSL/1.1.1i zlib/1.2.11 WinIDN
Release-Date: [unreleased]
Protocols: dict file ftp ftps gopher gophers http https imap imaps ldap ldaps mqtt pop3 pop3s rtsp smb smbs smtp smtps telnet tftp
Features: AsynchDNS HSTS HTTPS-proxy IDN IPv6 Kerberos Largefile NTLM SPNEGO SSL SSPI UnixSockets alt-svc libz
operating system
Windows 10 20H2
The text was updated successfully, but these errors were encountered: