aboutsummaryrefslogtreecommitdiff
path: root/lib/vtls
diff options
context:
space:
mode:
authorJay Satiro <raysatiro@yahoo.com>2017-09-06 23:39:21 +0200
committerDaniel Stenberg <daniel@haxx.se>2017-09-07 16:06:50 +0200
commit955c21939e58c8ba59877fbb7d628445143241d1 (patch)
treeb6f36bcce5b5d22f5bd7c3083f22e5ca7de207f7 /lib/vtls
parent4bb80d532e73045b06d23228b3a501d9f7c93acf (diff)
vtls: fix memory corruption
Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data, 2017-07-28), the code handling HTTPS proxies was broken because the pointer to the SSL backend data was not swapped between conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but instead set to NULL (causing segmentation faults). [jes: provided the commit message, tested and verified the patch] Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'lib/vtls')
-rw-r--r--lib/vtls/vtls.c10
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index a1a301e7f..52f922841 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -206,10 +206,20 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex)
DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);
if(ssl_connection_complete == conn->ssl[sockindex].state &&
!conn->proxy_ssl[sockindex].use) {
+ struct ssl_backend_data *pbdata;
+
if(!Curl_ssl->support_https_proxy)
return CURLE_NOT_BUILT_IN;
+
+ /* The pointers to the ssl backend data, which is opaque here, are swapped
+ rather than move the contents. */
+ pbdata = conn->proxy_ssl[sockindex].backend;
conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
+
memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
+ memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);
+
+ conn->ssl[sockindex].backend = pbdata;
}
return CURLE_OK;
}