mirror of
https://github.com/moparisthebest/curl
synced 2024-12-21 23:58:49 -05:00
vtls: fix memory corruption
Ever since 70f1db321
(vtls: encapsulate SSL backend-specific data,
2017-07-28), the code handling HTTPS proxies was broken because the
pointer to the SSL backend data was not swapped between
conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
instead set to NULL (causing segmentation faults).
[jes: provided the commit message, tested and verified the patch]
Signed-off-by: Johannes Schindelin <johannes.schindelin@gmx.de>
This commit is contained in:
parent
4bb80d532e
commit
955c21939e
@ -206,10 +206,20 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex)
|
|||||||
DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);
|
DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);
|
||||||
if(ssl_connection_complete == conn->ssl[sockindex].state &&
|
if(ssl_connection_complete == conn->ssl[sockindex].state &&
|
||||||
!conn->proxy_ssl[sockindex].use) {
|
!conn->proxy_ssl[sockindex].use) {
|
||||||
|
struct ssl_backend_data *pbdata;
|
||||||
|
|
||||||
if(!Curl_ssl->support_https_proxy)
|
if(!Curl_ssl->support_https_proxy)
|
||||||
return CURLE_NOT_BUILT_IN;
|
return CURLE_NOT_BUILT_IN;
|
||||||
|
|
||||||
|
/* The pointers to the ssl backend data, which is opaque here, are swapped
|
||||||
|
rather than move the contents. */
|
||||||
|
pbdata = conn->proxy_ssl[sockindex].backend;
|
||||||
conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
|
conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
|
||||||
|
|
||||||
memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
|
memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
|
||||||
|
memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);
|
||||||
|
|
||||||
|
conn->ssl[sockindex].backend = pbdata;
|
||||||
}
|
}
|
||||||
return CURLE_OK;
|
return CURLE_OK;
|
||||||
}
|
}
|
||||||
|
Loading…
Reference in New Issue
Block a user