- Constantine Sapuntzakis identified a write after close, as the sockets were (504e6d7a) · Commits · CYBER - Cyber Security / TS 103 523 MSP / TLMSP / TLMSP curl

CHANGES

+4 −0

Original line number	Diff line number	Diff line
		@@ -7,6 +7,10 @@
		Changelog

		Daniel Stenberg (20 Nov 2009)
		- Constantine Sapuntzakis identified a write after close, as the sockets were
		closed by libcurl before the SSL lib were shutdown and they may write to its
		socket. Detected to at least happen with OpenSSL builds.

		- Jad Chamcham pointed out a bug with connection re-use. If a connection had
		CURLOPT_HTTPPROXYTUNNEL enabled over a proxy, a subsequent request using the
		same proxy with the tunnel option disabled would still wrongly re-use that

+1 −0

Original line number	Diff line number	Diff line
		@@ -24,6 +24,7 @@ This release includes the following bugfixes:
		o don't store LDFLAGS in pkg-config file
		o never-pruned DNS cached entries
		o HTTP proxy tunnel re-used connection even if tunnel got disabled
		o SSL lib post-close write

		This release includes the following known bugs:

+5 −3

Original line number	Diff line number	Diff line
		@@ -2300,6 +2300,11 @@ static void conn_free(struct connectdata *conn)
		if(!conn)
		return;

		/* close the SSL stuff before we close any sockets since they will/may
		write to the sockets */
		Curl_ssl_close(conn, FIRSTSOCKET);
		Curl_ssl_close(conn, SECONDARYSOCKET);

		/* close possibly still open sockets */
		if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
		sclose(conn->sock[SECONDARYSOCKET]);
		@@ -2336,9 +2341,6 @@ static void conn_free(struct connectdata *conn)
		Curl_destroy_thread_data(&conn->async);
		#endif

		Curl_ssl_close(conn, FIRSTSOCKET);
		Curl_ssl_close(conn, SECONDARYSOCKET);

		Curl_free_ssl_config(&conn->ssl_config);

		free(conn); /* free all the connection oriented data */