diff options
author | douglas steinwand <dzs-curl@dzs.fx.org> | 2010-03-22 09:25:03 +0100 |
---|---|---|
committer | Kamil Dudka <kdudka@redhat.com> | 2010-03-22 09:25:03 +0100 |
commit | abcea311e3b3178e8848e4da5acdf50afd89e4ce (patch) | |
tree | 59185fe8c2816a5ce1881bf57698c291882fe4c3 | |
parent | 1609685fc2f470600204094d39ea55f63a445abf (diff) |
Fix insufficient initialization in Curl_clone_ssl_config()
which could have caused a double free when reusing curl handle.
-rw-r--r-- | CHANGES | 4 | ||||
-rw-r--r-- | RELEASE-NOTES | 1 | ||||
-rw-r--r-- | lib/sslgen.c | 10 |
3 files changed, 15 insertions, 0 deletions
@@ -6,6 +6,10 @@ Changelog +Kamil Dudka (22 Mar 2010) +- Douglas Steinwand contributed a patch fixing insufficient initialization in + Curl_clone_ssl_config() + Daniel Stenberg (21 Mar 2010) - Ben Greear improved TFTP: the error code returning and the treatment of TSIZE == 0 when uploading. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index fbc1af6fb..29ad85bde 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -34,6 +34,7 @@ This release includes the following bugfixes: o curl_multi_remove_handle() caused use after free o TFTP improved error codes o TFTP fixed TSIZE handling for uploads + o SSL possible double free when reusing curl handle This release includes the following known bugs: diff --git a/lib/sslgen.c b/lib/sslgen.c index 6707e0af6..4e88bba86 100644 --- a/lib/sslgen.c +++ b/lib/sslgen.c @@ -105,30 +105,40 @@ Curl_clone_ssl_config(struct ssl_config_data *source, if(!dest->CAfile) return FALSE; } + else + dest->CAfile = NULL; if(source->CApath) { dest->CApath = strdup(source->CApath); if(!dest->CApath) return FALSE; } + else + dest->CApath = NULL; if(source->cipher_list) { dest->cipher_list = strdup(source->cipher_list); if(!dest->cipher_list) return FALSE; } + else + dest->cipher_list = NULL; if(source->egdsocket) { dest->egdsocket = strdup(source->egdsocket); if(!dest->egdsocket) return FALSE; } + else + dest->egdsocket = NULL; if(source->random_file) { dest->random_file = strdup(source->random_file); if(!dest->random_file) return FALSE; } + else + dest->random_file = NULL; return TRUE; } |