From: Marc Hoersken <info@marc-hoersken.de>
Date: Sun, 5 May 2013 15:57:37 +0000 (+0200)
Subject: curl_schannel.c: Fixed invalid memory access during SSL shutdown
X-Git-Tag: upstream/7.37.1~1674
X-Git-Url: http://review.tizen.org/git/?a=commitdiff_plain;h=35874298e420aa53fde28982d86d5051aa92279a;p=platform%2Fupstream%2Fcurl.git

curl_schannel.c: Fixed invalid memory access during SSL shutdown
---

diff --git a/lib/curl_schannel.c b/lib/curl_schannel.c
index 863d471..fd6a17e 100644
--- a/lib/curl_schannel.c
+++ b/lib/curl_schannel.c
@@ -534,6 +534,7 @@ schannel_connect_step3(struct connectdata *conn, int sockindex)
       return retcode;
     }
     else {
+      connssl->cred->cached = TRUE;
       infof(data, "schannel: stored credential handle in session cache\n");
     }
   }
@@ -1141,17 +1142,11 @@ int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
               connssl->cred->refcount);
       }
 
-      /* if the handle refcount is zero, check if we have not cached it */
-      if(connssl->cred->refcount == 0) {
-        if(Curl_ssl_getsessionid(conn, (void**)&cached_cred, NULL)) {
-          cached_cred = NULL;
-        }
-        /* if the handle was not cached, it is stale to be freed */
-        if(connssl->cred != cached_cred) {
-          infof(data, "schannel: clear credential handle\n");
-          s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
-          Curl_safefree(connssl->cred);
-        }
+      /* if the handle was not cached and the refcount is zero */
+      if(!connssl->cred->cached && connssl->cred->refcount == 0) {
+        infof(data, "schannel: clear credential handle\n");
+        s_pSecFn->FreeCredentialsHandle(&connssl->cred->cred_handle);
+        Curl_safefree(connssl->cred);
       }
     }
   }
@@ -1177,7 +1172,7 @@ void Curl_schannel_session_free(void *ptr)
 {
   struct curl_schannel_cred *cred = ptr;
 
-  if(cred && cred->refcount == 0) {
+  if(cred && cred->cached && cred->refcount == 0) {
     s_pSecFn->FreeCredentialsHandle(&cred->cred_handle);
     Curl_safefree(cred);
   }
diff --git a/lib/urldata.h b/lib/urldata.h
index 55f4884..8d6c420 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -243,6 +243,7 @@ struct curl_schannel_cred {
   CredHandle cred_handle;
   TimeStamp time_stamp;
   int refcount;
+  bool cached;
 };
 
 struct curl_schannel_ctxt {