cURL / Mailing Lists / curl-library / Single Mail

curl-library

PATCH: prevent a double free() with a malformed LDAP URL

From: Geoff Beier <geoff_at_redhoundsoftware.com>
Date: Wed, 21 Aug 2013 08:32:37 -0400

We're seeing a crash in libcurl with the Windows system LDAP support
built in, where libcurl will attempt to free memory twice when a URL
parse fails.

This can be reproduced consistently using the command line tool with the
following URL:

"ldap://www.trustcenter.de/CN=TC%20TrustCenter%20Class%203%20CA%20II,O=TC%20TrustCenter%20GmbH,OU=rootcerts,DC=trustcenter,DC=de?certificateRevocationList?base?"

Windows is the only platform where we've seen the crash. We've tested
the attached patch on Mac OS X, 32-bit Windows and 64-bit Windows.

I believe I've followed the instructions for patch formatting and such,
but if I've gotten something wrong please let me know.

Thanks,

Geoff

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

  • text/plain attachment: stored
Received on 2013-08-21