cURL / Mailing Lists / curl-library / Single Mail

curl-library

Re: [SECURITY ADVISORY 1/4] libcurl wrong re-use of connections

From: Dan Fandrich <dan_at_coneharvesters.com>
Date: Sun, 30 Mar 2014 22:12:48 +0200

On Sun, Mar 30, 2014 at 10:04:54PM +0200, Dan Fandrich wrote:
> On Sun, Mar 30, 2014 at 03:34:49PM +0200, Alessandro Ghedini wrote:
> > I've been trying to backport that patch to curl 7.26.0 (used in Debian stable),
> > but I've noticed that the connection reuse has changed drastically since then,
> > and that patch doesn't seem to be enough to fix the issue (in fact, it actually
> > breaks the test suite, since test 519 freezes for some reason). I haven't even
> > tried to backport it to Debian oldstable (7.21.0).
> >
> > Is there someone that successfully backported it to something pre-7.30.0, or
> > should I just give up?
>
> I posted a patch set for 7.28.1 two days ago under the title "Regression on FTP
> connections with --anyauth".

Sorry, just noticed that was for a different improper connection reuse issue,
the one that was fixed in 7.35.0.

>>> Dan
-------------------------------------------------------------------
List admin: http://cool.haxx.se/list/listinfo/curl-library
Etiquette: http://curl.haxx.se/mail/etiquette.html
Received on 2014-03-30