moparisthebest/curl
1
0
Fork 0
mirror of https://github.com/moparisthebest/curl synced 2024-11-11 12:05:06 -05:00
Code Issues Releases Wiki Activity

Andre Guibert de Bruet fixed a memory leak in the function that verifies the

Browse Source 
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
This commit is contained in:
Daniel Stenberg 2007-05-22 19:51:44 +00:00
parent d7616d8a0a
commit a9d49769ff
3 changed files with 15 additions and 6 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

14
CHANGES
View File

@ -5,11 +5,17 @@
\___|\___/|_| \_\_____| \___|\___/|_| \_\_____|
Changelog Changelog
Daniel S (22 May 2007)
- Andre Guibert de Bruet fixed a memory leak in the function that verifies the
peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
Daniel S (18 May 2007) Daniel S (18 May 2007)
- Feng Tu reported that curl -w did wrong on TFTP transfers in - Feng Tu reported that curl -w did wrong on TFTP transfers in bug report
bug report #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the
transfer-related info "variables" were indeed overwritten with zeroes wrongly transfer-related info "variables" were indeed overwritten with zeroes
and have now been adjusted. The upload size still isn't accurate. wrongly and have now been adjusted. The upload size still isn't accurate.
Daniel S (17 May 2007) Daniel S (17 May 2007)
- Feng Tu pointed out a division by zero error in the TFTP connect timeout - Feng Tu pointed out a division by zero error in the TFTP connect timeout

4
RELEASE-NOTES
View File

@ -45,6 +45,7 @@ This release includes the following bugfixes:
o SFTP quote commands chmod, chown, chgrp can now set a value of 0 o SFTP quote commands chmod, chown, chgrp can now set a value of 0
o TFTP connect timouts less than 5 seconds o TFTP connect timouts less than 5 seconds
o improved curl -w for TFTP transfers o improved curl -w for TFTP transfers
o memory leak when failed OpenSSL certificate CN field checking
This release includes the following known bugs: This release includes the following known bugs:
@ -69,6 +70,7 @@ advice from friends like these:
Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil, Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil,
James Housley, Daniel Black, Steve Little, Sonia Subramanian, Peter O'Gorman, James Housley, Daniel Black, Steve Little, Sonia Subramanian, Peter O'Gorman,
Frank Hempel, Michael Wallner, Jeff Pohlmeyer, Tobias Rundström, Frank Hempel, Michael Wallner, Jeff Pohlmeyer, Tobias Rundström,
Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu,
Andre Guibert de Bruet
Thanks! (and sorry if I forgot to mention someone) Thanks! (and sorry if I forgot to mention someone)

3
lib/ssluse.c
View File

@ -1123,7 +1123,8 @@ static CURLcode verifyhost(struct connectdata *conn,
rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN)); rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));
/* Curl_convert_from_utf8 calls failf if unsuccessful */ /* Curl_convert_from_utf8 calls failf if unsuccessful */
if (rc != CURLE_OK) { if (rc != CURLE_OK) {
return(rc); OPENSSL_free(peer_CN);
return rc;
} }
} }
#endif /* CURL_DOES_CONVERSIONS */ #endif /* CURL_DOES_CONVERSIONS */