Fix insufficient initialization in Curl_clone_ssl_config()

which could have caused a double free when reusing curl handle.

diff --git a/CHANGES b/CHANGES
index 241ebdc..02d7b27 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,10 @@
 
                                   Changelog
 
+Kamil Dudka (22 Mar 2010)
+- Douglas Steinwand contributed a patch fixing insufficient initialization in
+  Curl_clone_ssl_config()
+
 Daniel Stenberg (21 Mar 2010)
 - Ben Greear improved TFTP: the error code returning and the treatment
   of TSIZE == 0 when uploading.

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index fbc1af6..29ad85b 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -34,6 +34,7 @@ This release includes the following bugfixes:
  o curl_multi_remove_handle() caused use after free
  o TFTP improved error codes
  o TFTP fixed TSIZE handling for uploads
+ o SSL possible double free when reusing curl handle
 
 This release includes the following known bugs:
 

diff --git a/lib/sslgen.c b/lib/sslgen.c
index 6707e0a..4e88bba 100644 (file)
--- a/lib/sslgen.c
+++ b/lib/sslgen.c
@@ -105,30 +105,40 @@ Curl_clone_ssl_config(struct ssl_config_data *source,
     if(!dest->CAfile)
       return FALSE;
   }
+  else
+    dest->CAfile = NULL;
 
   if(source->CApath) {
     dest->CApath = strdup(source->CApath);
     if(!dest->CApath)
       return FALSE;
   }
+  else
+    dest->CApath = NULL;
 
   if(source->cipher_list) {
     dest->cipher_list = strdup(source->cipher_list);
     if(!dest->cipher_list)
       return FALSE;
   }
+  else
+    dest->cipher_list = NULL;
 
   if(source->egdsocket) {
     dest->egdsocket = strdup(source->egdsocket);
     if(!dest->egdsocket)
       return FALSE;
   }
+  else
+    dest->egdsocket = NULL;
 
   if(source->random_file) {
     dest->random_file = strdup(source->random_file);
     if(!dest->random_file)
       return FALSE;
   }
+  else
+    dest->random_file = NULL;
 
   return TRUE;
 }