aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authordouglas steinwand <dzs-curl@dzs.fx.org>2010-03-22 09:25:03 +0100
committerKamil Dudka <kdudka@redhat.com>2010-03-22 09:25:03 +0100
commitabcea311e3b3178e8848e4da5acdf50afd89e4ce (patch)
tree59185fe8c2816a5ce1881bf57698c291882fe4c3
parent1609685fc2f470600204094d39ea55f63a445abf (diff)
Fix insufficient initialization in Curl_clone_ssl_config()
which could have caused a double free when reusing curl handle.
-rw-r--r--CHANGES4
-rw-r--r--RELEASE-NOTES1
-rw-r--r--lib/sslgen.c10
3 files changed, 15 insertions, 0 deletions
diff --git a/CHANGES b/CHANGES
index 241ebdc08..02d7b2753 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
Changelog
+Kamil Dudka (22 Mar 2010)
+- Douglas Steinwand contributed a patch fixing insufficient initialization in
+ Curl_clone_ssl_config()
+
Daniel Stenberg (21 Mar 2010)
- Ben Greear improved TFTP: the error code returning and the treatment
of TSIZE == 0 when uploading.
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index fbc1af6fb..29ad85bde 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
o curl_multi_remove_handle() caused use after free
o TFTP improved error codes
o TFTP fixed TSIZE handling for uploads
+ o SSL possible double free when reusing curl handle
This release includes the following known bugs:
diff --git a/lib/sslgen.c b/lib/sslgen.c
index 6707e0af6..4e88bba86 100644
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -105,30 +105,40 @@ Curl_clone_ssl_config(struct ssl_config_data *source,
if(!dest->CAfile)
return FALSE;
}
+ else
+ dest->CAfile = NULL;
if(source->CApath) {
dest->CApath = strdup(source->CApath);
if(!dest->CApath)
return FALSE;
}
+ else
+ dest->CApath = NULL;
if(source->cipher_list) {
dest->cipher_list = strdup(source->cipher_list);
if(!dest->cipher_list)
return FALSE;
}
+ else
+ dest->cipher_list = NULL;
if(source->egdsocket) {
dest->egdsocket = strdup(source->egdsocket);
if(!dest->egdsocket)
return FALSE;
}
+ else
+ dest->egdsocket = NULL;
if(source->random_file) {
dest->random_file = strdup(source->random_file);
if(!dest->random_file)
return FALSE;
}
+ else
+ dest->random_file = NULL;
return TRUE;
}