[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] [gnurl] 154/208: nss: fix a possible use-after-free in Sele
From: |
gnunet |
Subject: |
[GNUnet-SVN] [gnurl] 154/208: nss: fix a possible use-after-free in SelectClientCert() |
Date: |
Wed, 09 Aug 2017 17:35:51 +0200 |
This is an automated email from the git hooks/post-receive script.
ng0 pushed a commit to annotated tag gnurl-7.55.0
in repository gnurl.
commit 42a4cd4c78b3feb5ca07286479129116e125a730
Author: Kamil Dudka <address@hidden>
AuthorDate: Wed Jul 19 18:02:26 2017 +0200
nss: fix a possible use-after-free in SelectClientCert()
... causing a SIGSEGV in showit() in case the handle used to initiate
the connection has already been freed.
This commit fixes a bug introduced in curl-7_19_5-204-g5f0cae803.
Reported-by: Rob Sanders
Bug: https://bugzilla.redhat.com/1436158
---
lib/vtls/nss.c | 8 ++++++++
1 file changed, 8 insertions(+)
diff --git a/lib/vtls/nss.c b/lib/vtls/nss.c
index ac3730fdb..d1711d6a1 100644
--- a/lib/vtls/nss.c
+++ b/lib/vtls/nss.c
@@ -2184,6 +2184,10 @@ static ssize_t nss_send(struct connectdata *conn, /*
connection data */
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
ssize_t rc;
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
+ handle stored in nss_setup_connect() could have already been freed. */
+ connssl->data = conn->data;
+
rc = PR_Send(connssl->handle, mem, (int)len, 0, PR_INTERVAL_NO_WAIT);
if(rc < 0) {
PRInt32 err = PR_GetError();
@@ -2217,6 +2221,10 @@ static ssize_t nss_recv(struct connectdata *conn, /*
connection data */
struct ssl_connect_data *connssl = &conn->ssl[sockindex];
ssize_t nread;
+ /* The SelectClientCert() hook uses this for infof() and failf() but the
+ handle stored in nss_setup_connect() could have already been freed. */
+ connssl->data = conn->data;
+
nread = PR_Recv(connssl->handle, buf, (int)buffersize, 0,
PR_INTERVAL_NO_WAIT);
if(nread < 0) {
--
To stop receiving notification emails like this one, please contact
address@hidden
- [GNUnet-SVN] [gnurl] 152/208: tests/server/resolve.c: fix deprecation warning, (continued)
- [GNUnet-SVN] [gnurl] 152/208: tests/server/resolve.c: fix deprecation warning, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 68/208: curl/system.h: add check for XTENSA for 32bit gcc, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 148/208: sockfilt: suppress conversion warning with explicit cast, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 144/208: travis: install libidn2, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 125/208: valgrind.supp: supress OpenSSL false positive seen on travis, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 167/208: include.d: clarify --include is only for response headers, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 195/208: gssapi: fix memory leak of output token in multi round context, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 193/208: CMake: fix CURL_WERROR for MSVC, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 133/208: ldap: fix MinGW compiler warning, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 66/208: progress: progress.timespent needs to be us, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 154/208: nss: fix a possible use-after-free in SelectClientCert(),
gnunet <=
- [GNUnet-SVN] [gnurl] 151/208: darwinssl: fix pinnedpubkey build error, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 131/208: curl_setup_once: Remove ERRNO/SET_ERRNO macros, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 132/208: curl-compilers.m4: disable warning spam with Cygwin's clang, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 169/208: http: fix response code parser to avoid integer overflow, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 158/208: timeval: struct curltime is a struct timeval replacement, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 59/208: maketgz: switch to xz instead of lzma, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 113/208: test506: skip if threaded-resolver, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 110/208: http: s/TINY_INITIAL_POST_SIZE/EXPECT_100_THRESHOLD, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 87/208: unit1399: add logging to time comparison, gnunet, 2017/08/09
- [GNUnet-SVN] [gnurl] 98/208: configure: remove checks for 5 functions never used, gnunet, 2017/08/09