There is a line in libcurl's http_negotiate.c:-

free(neg_ctx->output_token.value);

it is defined withing #ifdef HAVE_SPNEGO , #endif part. I built libcurl
with GSS_NEGOTIATE(MIT Kerberos) and SPNEGO support(fbopenssl and openssl).
This line is appearing in a stack trace(the last function in libcurl called
which then requests msvcr90.dll(outside curl) for services) which
ultimately leads to an error:-

Debug assertion has failed:-
File:f:\dd\vctools\crt_bld\crt\src\dbghelp.c
Line 1317

Expression : _CrtIsValidHeapPointer(pUserData)

and the affteted code is

        /*
         * If this ASSERT fails, a bad pointer has been passed in. It may be
         * totally bogus, or it may have been allocated from another heap.
         * The pointer MUST come from the 'local' heap.
         */
        _ASSERTE(_CrtIsValidHeapPointer(pUserData));

I commented this line out(and some more free() lines) and built it again
and the negotiate on a kerberos protected page works properly.

I did a little investigation. The pointer is defined as:-

typedef struct gss_buffer_desc_struct {
    size_t length;
    void *value;
}

which is defined in gssapi.h. Moreover:-

struct negotiatedata {
.... //other members
gss_buffer_desc output_token;
..... //other members
}

is defined in urldata.h

Now i couldnt find any malloc calls anywhere which allocates memory to
output_token.value anywhere. That could be a possible reason(I didnt
thoroughly check every file in curl src).

Please confirm this as a bug, or give me pointers in how to solve this
issue.

-- 
Arunav Sanyal
4th year undergraduate student
B.E (Hons) Computer Science
BITS Pilani K.K Birla Goa Campus

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-03-25