diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2009-11-20 19:32:49 +0000 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2009-11-20 19:32:49 +0000 |
| commit | 504e6d7ae67a0aa72078fbeab208bf43c81b1f20 (patch) | |
| tree | eb076118c28527b5b9ab7d9390e6ad8faa3e0093 | |
| parent | c3266a5eb1340f5d7e467ced428a32b68b57a8f7 (diff) | |
| download | gnurl-504e6d7ae67a0aa72078fbeab208bf43c81b1f20.tar.gz gnurl-504e6d7ae67a0aa72078fbeab208bf43c81b1f20.tar.bz2 gnurl-504e6d7ae67a0aa72078fbeab208bf43c81b1f20.zip | |
- Constantine Sapuntzakis identified a write after close, as the sockets were
closed by libcurl before the SSL lib were shutdown and they may write to its
socket. Detected to at least happen with OpenSSL builds.
| -rw-r--r-- | CHANGES | 4 | ||||
| -rw-r--r-- | RELEASE-NOTES | 1 | ||||
| -rw-r--r-- | lib/url.c | 8 |
3 files changed, 10 insertions, 3 deletions
@@ -7,6 +7,10 @@ Changelog Daniel Stenberg (20 Nov 2009) +- Constantine Sapuntzakis identified a write after close, as the sockets were + closed by libcurl before the SSL lib were shutdown and they may write to its + socket. Detected to at least happen with OpenSSL builds. + - Jad Chamcham pointed out a bug with connection re-use. If a connection had CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the same proxy with the tunnel option disabled would still wrongly re-use that diff --git a/RELEASE-NOTES b/RELEASE-NOTES index cae130cd3..64e84e687 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -24,6 +24,7 @@ This release includes the following bugfixes: o don't store LDFLAGS in pkg-config file o never-pruned DNS cached entries o HTTP proxy tunnel re-used connection even if tunnel got disabled + o SSL lib post-close write This release includes the following known bugs: @@ -2300,6 +2300,11 @@ static void conn_free(struct connectdata *conn) if(!conn) return; + /* close the SSL stuff before we close any sockets since they will/may + write to the sockets */ + Curl_ssl_close(conn, FIRSTSOCKET); + Curl_ssl_close(conn, SECONDARYSOCKET); + /* close possibly still open sockets */ if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET]) sclose(conn->sock[SECONDARYSOCKET]); @@ -2336,9 +2341,6 @@ static void conn_free(struct connectdata *conn) Curl_destroy_thread_data(&conn->async); #endif - Curl_ssl_close(conn, FIRSTSOCKET); - Curl_ssl_close(conn, SECONDARYSOCKET); - Curl_free_ssl_config(&conn->ssl_config); free(conn); /* free all the connection oriented data */ |