aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2009-11-20 19:32:49 +0000
committerDaniel Stenberg <daniel@haxx.se>2009-11-20 19:32:49 +0000
commit504e6d7ae67a0aa72078fbeab208bf43c81b1f20 (patch)
treeeb076118c28527b5b9ab7d9390e6ad8faa3e0093
parentc3266a5eb1340f5d7e467ced428a32b68b57a8f7 (diff)
- Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its socket. Detected to at least happen with OpenSSL builds.
-rw-r--r--CHANGES4
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/url.c8
3 files changed, 10 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index c8333b0c8..83fa0c1cf 100644
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,10 @@
Changelog
Daniel Stenberg (20 Nov 2009)
+- Constantine Sapuntzakis identified a write after close, as the sockets were
+ closed by libcurl before the SSL lib were shutdown and they may write to its
+ socket. Detected to at least happen with OpenSSL builds.
+
- Jad Chamcham pointed out a bug with connection re-use. If a connection had
CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
same proxy with the tunnel option disabled would still wrongly re-use that
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index cae130cd3..64e84e687 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -24,6 +24,7 @@ This release includes the following bugfixes:
o don't store LDFLAGS in pkg-config file
o never-pruned DNS cached entries
o HTTP proxy tunnel re-used connection even if tunnel got disabled
+ o SSL lib post-close write
This release includes the following known bugs:
diff --git a/lib/url.c b/lib/url.c
index 54d2ff929..edfa3edcc 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2300,6 +2300,11 @@ static void conn_free(struct connectdata *conn)
if(!conn)
return;
+ /* close the SSL stuff before we close any sockets since they will/may
+ write to the sockets */
+ Curl_ssl_close(conn, FIRSTSOCKET);
+ Curl_ssl_close(conn, SECONDARYSOCKET);
+
/* close possibly still open sockets */
if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
sclose(conn->sock[SECONDARYSOCKET]);
@@ -2336,9 +2341,6 @@ static void conn_free(struct connectdata *conn)
Curl_destroy_thread_data(&conn->async);
#endif
- Curl_ssl_close(conn, FIRSTSOCKET);
- Curl_ssl_close(conn, SECONDARYSOCKET);
-
Curl_free_ssl_config(&conn->ssl_config);
free(conn); /* free all the connection oriented data */