aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorMarc Hoersken <info@marc-hoersken.de>2013-05-05 17:57:37 +0200
committerMarc Hoersken <info@marc-hoersken.de>2013-05-05 17:57:37 +0200
commit35874298e420aa53fde28982d86d5051aa92279a (patch)
treebf6a2a5c5ed1e848536a4aa44a7de2ac0bd5a118
parent52d72e66c2255085fcc7dd93e52feb301fc53ae8 (diff)
curl_schannel.c: Fixed invalid memory access during SSL shutdown
-rw-r--r--lib/curl_schannel.c19
-rw-r--r--lib/urldata.h1
2 files changed, 8 insertions, 12 deletions
diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c
index 863d4712d..fd6a17efc 100644
--- a/lib/curl_schannel.c
+++ b/lib/curl_schannel.c
@@ -534,6 +534,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
return retcode;
}
else {
+ connssl->cred->cached = TRUE;
infof(data, "schannel: stored credential handle in session cache\n");
}
}
@@ -1141,17 +1142,11 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
connssl->cred->refcount);
}
- /* if the handle refcount is zero, check if we have not cached it */
- if(connssl->cred->refcount == 0) {
- if(Curl_ssl_getsessionid(conn, (void**)&cached_cred, NULL)) {
- cached_cred = NULL;
- }
- /* if the handle was not cached, it is stale to be freed */
- if(connssl->cred != cached_cred) {
- infof(data, "schannel: clear credential handle\n");
- s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
- Curl_safefree(connssl->cred);
- }
+ /* if the handle was not cached and the refcount is zero */
+ if(!connssl->cred->cached && connssl->cred->refcount == 0) {
+ infof(data, "schannel: clear credential handle\n");
+ s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
+ Curl_safefree(connssl->cred);
}
}
}
@@ -1177,7 +1172,7 @@ void Curl_schannel_session_free(void *ptr)
{
struct curl_schannel_cred *cred = ptr;
- if(cred && cred->refcount == 0) {
+ if(cred && cred->cached && cred->refcount == 0) {
s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
Curl_safefree(cred);
}
diff --git a/lib/urldata.h b/lib/urldata.h
index 55f4884f9..8d6c42063 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -243,6 +243,7 @@ struct curl_schannel_cred {
CredHandle cred_handle;
TimeStamp time_stamp;
int refcount;
+ bool cached;
};
struct curl_schannel_ctxt {