From f1fa7b8ba469d9b8681e30f107b44004695b32e9 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Sun, 29 Jul 2007 12:54:05 +0000 Subject: Bug report #1759542 (http://curl.haxx.se/bug/view.cgi?id=1759542). A bad use of a socket after it has been closed, when the FTP-SSL data connection is taken down. --- CHANGES | 11 +++++++++++ 1 file changed, 11 insertions(+) (limited to 'CHANGES') diff --git a/CHANGES b/CHANGES index 9bd83b985..87a335aab 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,17 @@ Changelog +Daniel S (29 July 2007) +- Jayesh A Shah filed bug report #1759542 + (http://curl.haxx.se/bug/view.cgi?id=1759542) identifying a rather serious + problem with FTPS: libcurl closed the data connection socket and then later + in the flow it would call the SSL layer to do SSL shutdown which then would + use a socket that had already been closed - so if the application had opened + a new one in the mean time, libcurl could send gibberish that way! I worked + with "Greg" to properly diagnose and fix this. The fix affects code for all + SSL libraries we support, but it has only been truly verified to work fine + for the OpenSSL version. The others have only been code reviewed. + Daniel S (23 July 2007) - Implemented the parts of Patrick Monnerat's OS/400 patch that introduces support for the OS/400 Secure Sockets Layer library. -- cgit v1.2.3