cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Alessandro Ghedini <alessandro_at_ghedini.me>
Date: Sun, 30 Mar 2014 15:34:49 +0200

On mer, mar 26, 2014 at 08:04:30 +0100, Daniel Stenberg wrote:
> 3. THE SOLUTION
>
> libcurl 7.36.0 makes sure that connections are re-used more strictly.
>
> A patch for this problem is available at:
>
> http://curl.haxx.se/libcurl-bad-reuse.patch

I've been trying to backport that patch to curl 7.26.0 (used in Debian stable),
but I've noticed that the connection reuse has changed drastically since then,
and that patch doesn't seem to be enough to fix the issue (in fact, it actually
breaks the test suite, since test 519 freezes for some reason). I haven't even
tried to backport it to Debian oldstable (7.21.0).

Is there someone that successfully backported it to something pre-7.30.0, or
should I just give up?

Cheers

-- 
perl -E '$_=q;$/= @{[@_]};and s;\S+;<inidehG ordnasselA>;eg;say~~reverse'

-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html

Received on 2014-03-30