diff options
| author | Jay Satiro <raysatiro@yahoo.com> | 2017-09-06 23:39:21 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2017-09-07 16:06:50 +0200 |
| commit | 955c21939e58c8ba59877fbb7d628445143241d1 (patch) | |
| tree | b6f36bcce5b5d22f5bd7c3083f22e5ca7de207f7 /lib/vtls | |
| parent | 4bb80d532e73045b06d23228b3a501d9f7c93acf (diff) | |
vtls: fix memory corruption
Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data,
2017-07-28), the code handling HTTPS proxies was broken because the
pointer to the SSL backend data was not swapped between
conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
instead set to NULL (causing segmentation faults).
[jes: provided the commit message, tested and verified the patch]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
Diffstat (limited to 'lib/vtls')
| -rw-r--r-- | lib/vtls/vtls.c | 10 |
1 files changed, 10 insertions, 0 deletions
diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c index a1a301e7f..52f922841 100644 --- a/lib/vtls/vtls.c +++ b/lib/vtls/vtls.c @@ -206,10 +206,20 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex) DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]); if(ssl_connection_complete == conn->ssl[sockindex].state && !conn->proxy_ssl[sockindex].use) { + struct ssl_backend_data *pbdata; + if(!Curl_ssl->support_https_proxy) return CURLE_NOT_BUILT_IN; + + /* The pointers to the ssl backend data, which is opaque here, are swapped + rather than move the contents. */ + pbdata = conn->proxy_ssl[sockindex].backend; conn->proxy_ssl[sockindex] = conn->ssl[sockindex]; + memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex])); + memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data); + + conn->ssl[sockindex].backend = pbdata; } return CURLE_OK; } |