Commit a9d49769 authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Andre Guibert de Bruet fixed a memory leak in the function that verifies the 

peer's name in the SSL certificate when built for OpenSSL. The leak happens
for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN
name from UTF8.
parent d7616d8a

CHANGES

+10 −4
Original line number Diff line number Diff line
@@ -5,11 +5,17 @@ 
                             \___|\___/|_| \_\_____|



                                  Changelog

Daniel S (22 May 2007)

- Andre Guibert de Bruet fixed a memory leak in the function that verifies the

  peer's name in the SSL certificate when built for OpenSSL. The leak happens

  for libcurls with CURL_DOES_CONVERSIONS enabled that fail to convert the CN

  name from UTF8.



Daniel S (18 May 2007)

- Feng Tu reported that curl -w did wrong on TFTP transfers in 

  bug report #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the

  transfer-related info "variables" were indeed overwritten with zeroes wrongly

  and have now been adjusted. The upload size still isn't accurate.

- Feng Tu reported that curl -w did wrong on TFTP transfers in bug report

  #1715394 (http://curl.haxx.se/bug/view.cgi?id=1715394), and the

  transfer-related info "variables" were indeed overwritten with zeroes

  wrongly and have now been adjusted. The upload size still isn't accurate.



Daniel S (17 May 2007)

- Feng Tu pointed out a division by zero error in the TFTP connect timeout

RELEASE-NOTES

+3 −1
Original line number Diff line number Diff line
@@ -45,6 +45,7 @@ This release includes the following bugfixes: 
 o SFTP quote commands chmod, chown, chgrp can now set a value of 0

 o TFTP connect timouts less than 5 seconds

 o improved curl -w for TFTP transfers

 o memory leak when failed OpenSSL certificate CN field checking



This release includes the following known bugs:
@@ -69,6 +70,7 @@ advice from friends like these: 
 Song Ma, Dan Fandrich, Yang Tse, Jay Austin, Robert Iakobashvil,

 James Housley, Daniel Black, Steve Little, Sonia Subramanian, Peter O'Gorman,

 Frank Hempel, Michael Wallner, Jeff Pohlmeyer, Tobias Rundstrm,

 Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu

 Anders Gustafsson, James Bursa, Kristian Gunstone, Feng Tu,

 Andre Guibert de Bruet



        Thanks! (and sorry if I forgot to mention someone)

lib/ssluse.c

+2 −1
Original line number Diff line number Diff line
@@ -1123,7 +1123,8 @@ static CURLcode verifyhost(struct connectdata *conn, 
      rc = Curl_convert_from_utf8(data, peer_CN, strlen(peer_CN));

      /* Curl_convert_from_utf8 calls failf if unsuccessful */

      if (rc != CURLE_OK) {

        return(rc);

        OPENSSL_free(peer_CN);

        return rc;

      }

    }

#endif /* CURL_DOES_CONVERSIONS */