cURL / Mailing Lists / curl-library / Single Mail

curl-library

[cetus@cnds.ucd.ie: Bug#165382: libcurl2: Segfault while trying to retrieve relative redirect]

From: Domenico Andreoli <cavok_at_filibusta.crema.unimi.it>
Date: Mon, 21 Oct 2002 10:30:26 +0200

hi daniel, hi all

here is a new bug report from a debian user, a patch is also provided.
i don't know if it has been already reported to this list.

full bug report i savailable at url http://bugs.debian.org/165382

cheers
cavok

----- Forwarded message from Nikita Schmidt <cetus_at_cnds.ucd.ie> -----

Date: Fri, 18 Oct 2002 18:04:08 +0100
From: Nikita Schmidt <cetus_at_cnds.ucd.ie>
To: submit_at_bugs.debian.org
Reply-To: Nikita Schmidt <cetus_at_cnds.ucd.ie>, 165382_at_bugs.debian.org
Subject: Bug#165382: libcurl2: Segfault while trying to retrieve relative redirect

Package: libcurl2
Version: 7.10.1-1
Severity: normal

A program that uses libcurl2 produces segfault trying to retrieve
http://www.namss.org.uk/robots.txt . Here is some gdb output:
(gdb) bt
#0 0x00000200001fcb88 in Curl_follow (data=0x120346fb0,
newurl=0x120365bc0 "namss_error.htm") at transfer.c:1353
#1 0x00000200001fd070 in Curl_perform (data=0x120346fb0) at transfer.c:1530
#2 0x00000200001fd898 in curl_easy_perform (curl=0x120346fb0) at easy.c:245
#3 0x0000000120105d3c in File_Request::issue() (this=0x2000306d4b0)
at filerequest.cpp:115
...
(gdb) p protsep
$2 = 0x0
(gdb) p data->change.url
$1 = 0x1203600e8 "http://www.namss.org.uk/robots.txt"

The Web server at www.namss.org.uk returns a relative redirect to
"namss_error.htm", which is then mishandled by Curl_follow(). When trying to
form the new URL, Curl_follow() sets `protsep' to NULL at line 1310 and then
attempts to dereference it at lines 1353-1354. The patch below fixes this
problem (when protsep is NULL, a slash needs to be inserted).

Thanks,
Nikita

--- lib/transfer.c.orig Fri Oct 11 13:57:08 2002
+++ lib/transfer.c Fri Oct 18 17:33:33 2002
@@ -1351,7 +1351,7 @@
       return CURLE_OUT_OF_MEMORY; /* go out from this */

     sprintf(newest, "%s%s%s", url_clone,
- (('/' == useurl[0]) || !*protsep)?"":"/",
+ (('/' == useurl[0]) || (protsep && !*protsep))?"":"/",
             useurl);
     free(newurl); /* newurl is the allocated pointer */
     free(url_clone);

-- System Information
Debian Release: 3.0
Kernel Version: Linux itchy 2.4.19-pre9 #5 SMP Wed May 29 22:05:27 IST 2002 alpha unknown

Versions of the packages libcurl2 depends on:
ii libc6.1 2.2.5-14.3 GNU C Library: Shared libraries and Timezone
ii libssl0.9.6 0.9.6g-9 SSL shared libraries

----- End forwarded message -----

-----[ Domenico Andreoli, aka cavok
--[ http://filibusta.crema.unimi.it/~cavok/gpgkey.asc
---[ 3A0F 2F80 F79C 678A 8936 4FEE 0677 9033 A20E BC50

-------------------------------------------------------
This sf.net email is sponsored by:ThinkGeek
Welcome to geek heaven.
http://thinkgeek.com/sf
Received on 2002-10-21

This message: [ Message body ]
Next message: Daniel Stenberg: "Re: [cetus@cnds.ucd.ie: Bug#165382: libcurl2: Segfault while trying to retrieve relative redirect]"
Previous message: Daniel Stenberg: "Re: Segmentation fault in curl_easy_cleanup() [AIX]"
Next in thread: Daniel Stenberg: "Re: [cetus@cnds.ucd.ie: Bug#165382: libcurl2: Segfault while trying to retrieve relative redirect]"
Reply: Daniel Stenberg: "Re: [cetus@cnds.ucd.ie: Bug#165382: libcurl2: Segfault while trying to retrieve relative redirect]"

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]