diff options
author | Marc Hoersken <info@marc-hoersken.de> | 2013-05-05 17:57:37 +0200 |
---|---|---|
committer | Marc Hoersken <info@marc-hoersken.de> | 2013-05-05 17:57:37 +0200 |
commit | 35874298e420aa53fde28982d86d5051aa92279a (patch) | |
tree | bf6a2a5c5ed1e848536a4aa44a7de2ac0bd5a118 | |
parent | 52d72e66c2255085fcc7dd93e52feb301fc53ae8 (diff) |
curl_schannel.c: Fixed invalid memory access during SSL shutdown
-rw-r--r-- | lib/curl_schannel.c | 19 | ||||
-rw-r--r-- | lib/urldata.h | 1 |
2 files changed, 8 insertions, 12 deletions
diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c index 863d4712d..fd6a17efc 100644 --- a/lib/curl_schannel.c +++ b/lib/curl_schannel.c @@ -534,6 +534,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex) return retcode; } else { + connssl->cred->cached = TRUE; infof(data, "schannel: stored credential handle in session cache\n"); } } @@ -1141,17 +1142,11 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex) connssl->cred->refcount); } - /* if the handle refcount is zero, check if we have not cached it */ - if(connssl->cred->refcount == 0) { - if(Curl_ssl_getsessionid(conn, (void**)&cached_cred, NULL)) { - cached_cred = NULL; - } - /* if the handle was not cached, it is stale to be freed */ - if(connssl->cred != cached_cred) { - infof(data, "schannel: clear credential handle\n"); - s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle); - Curl_safefree(connssl->cred); - } + /* if the handle was not cached and the refcount is zero */ + if(!connssl->cred->cached && connssl->cred->refcount == 0) { + infof(data, "schannel: clear credential handle\n"); + s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle); + Curl_safefree(connssl->cred); } } } @@ -1177,7 +1172,7 @@ void Curl_schannel_session_free(void *ptr) { struct curl_schannel_cred *cred = ptr; - if(cred && cred->refcount == 0) { + if(cred && cred->cached && cred->refcount == 0) { s_pSecFn->FreeCredentialsHandle(&cred->cred_handle); Curl_safefree(cred); } diff --git a/lib/urldata.h b/lib/urldata.h index 55f4884f9..8d6c42063 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -243,6 +243,7 @@ struct curl_schannel_cred { CredHandle cred_handle; TimeStamp time_stamp; int refcount; + bool cached; }; struct curl_schannel_ctxt { |