cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: BUG: NULL pointer dereference in Curl_ssl_getsessionid.

From: Marc Hoersken <info_at_marc-hoersken.de>
Date: Sun, 5 May 2013 17:59:57 +0200

2013/5/4 Marc Hoersken <info_at_marc-hoersken.de>:
> I just found a new way to workaround this problem with the state being replaced.
>
> The attached patch introduces a new field in the internal session
> structure to keep track of the currently cached session.
> With this change the invalid memory access is gone and the Schannel
> Credential handle (session) is still freed if the connection could not
> be established. (This was the original reason for the cleanup code in
> Curl_schannel_shutdown.)

I just pushed a slightly modified version of this patch. With the
original patch the session was accessed after Curl_ssl_delsessionid
was called which could again result in an IMA.
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2013-05-05

This message: [ Message body ]
Next message: Mel Smith: "BCC Compile failures -- but MinGW32 O.K."
Previous message: Marc Hoersken: "Re: Proposed changes to SSL comparison documentation"
In reply to: Marc Hoersken: "Re: BUG: NULL pointer dereference in Curl_ssl_getsessionid."
Next in thread: Daniel Stenberg: "Re: BUG: NULL pointer dereference in Curl_ssl_getsessionid."
Reply: Daniel Stenberg: "Re: BUG: NULL pointer dereference in Curl_ssl_getsessionid."

Contemporary messages sorted: [ by date ] [ by thread ] [ by subject ] [ by author ] [ by messages with attachments ]