Unverified Commit 955c2193 authored by Jay Satiro's avatar Jay Satiro Committed by Daniel Stenberg
Browse files

vtls: fix memory corruption 



Ever since 70f1db32 (vtls: encapsulate SSL backend-specific data,
2017-07-28), the code handling HTTPS proxies was broken because the
pointer to the SSL backend data was not swapped between
conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
instead set to NULL (causing segmentation faults).

[jes: provided the commit message, tested and verified the patch]

Signed-off-by: default avatarJohannes Schindelin <johannes.schindelin@gmx.de>
parent 4bb80d53

lib/vtls/vtls.c

+10 −0
Original line number Diff line number Diff line
@@ -206,10 +206,20 @@ ssl_connect_init_proxy(struct connectdata *conn, int sockindex) 
  DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);

  if(ssl_connection_complete == conn->ssl[sockindex].state &&

     !conn->proxy_ssl[sockindex].use) {

    struct ssl_backend_data *pbdata;



    if(!Curl_ssl->support_https_proxy)

      return CURLE_NOT_BUILT_IN;



    /* The pointers to the ssl backend data, which is opaque here, are swapped

       rather than move the contents. */

    pbdata = conn->proxy_ssl[sockindex].backend;

    conn->proxy_ssl[sockindex] = conn->ssl[sockindex];



    memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));

    memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);



    conn->ssl[sockindex].backend = pbdata;

  }

  return CURLE_OK;

}