From 1946058e7bf2b39c45f53d39dd67b043f948008e Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 9 May 2006 12:43:49 +0000 Subject: [PATCH] Robson Braga Araujo fixed two problems in the recently added non-blocking SSL connects. The state machine was not reset properly so that subsequent connects using the same handle would fail, and there were two memory leaks. --- CHANGES | 29 +++++++++++++++++++++++++++++ lib/ssluse.c | 11 +++++++++-- 2 files changed, 38 insertions(+), 2 deletions(-) diff --git a/CHANGES b/CHANGES index b6845fa..c639de9 100644 --- a/CHANGES +++ b/CHANGES @@ -7,12 +7,41 @@ Changelog Daniel (9 May 2006) +- Robson Braga Araujo fixed two problems in the recently added non-blocking SSL + connects. The state machine was not reset properly so that subsequent + connects using the same handle would fail, and there were two memory leaks. + - Robson Braga Araujo fixed a memory leak when you added an easy handle to a multi stack and that easy handle had already been used to do one or more easy interface transfers, as then the code threw away the previously used DNS cache without properly freeing it. Daniel (8 May 2006) +- Dan Fandrich went over the TFTP code and he pointed out and fixed numerous + problems: + + * The received file is corrupted when a packet is lost and retransmitted + (this is a serious problem!) + + * Transmitting a file aborts if a block is lost and retransmitted + + * Data is stored in the wrong location in the buffer for uploads, so uploads + always fail (I don't see how it could have ever worked, but it did on x86 + at least) + + * A number of calls are made to strerror instead of Curl_strerror, making + the code not thread safe + + * There are references to errno instead of Curl_sockerrno(), causing + incorrect error messages on Windows + + * The file name includes a leading / which violates RFC3617. Doing something + similar to ftp, where two slashes after the host name means an absolute + reference seems a reasonable extension to fix this. + + * Failures in EBCDIC conversion are not propagated up to the caller but are + silently ignored + - Fixed known bug #28. The TFTP code no longer assumes a packed struct and thus works reliably on more platforms. diff --git a/lib/ssluse.c b/lib/ssluse.c index 21346d3..503f7ef 100644 --- a/lib/ssluse.c +++ b/lib/ssluse.c @@ -1131,7 +1131,7 @@ static void ssl_tls_trace(int direction, int ssl_ver, int content_type, static CURLcode Curl_ossl_connect_step1(struct connectdata *conn, - int sockindex) + int sockindex) { CURLcode retcode = CURLE_OK; @@ -1168,6 +1168,8 @@ Curl_ossl_connect_step1(struct connectdata *conn, break; } + if (connssl->ctx) + SSL_CTX_free(connssl->ctx); connssl->ctx = SSL_CTX_new(req_method); if(!connssl->ctx) { @@ -1193,7 +1195,7 @@ Curl_ossl_connect_step1(struct connectdata *conn, /* OpenSSL contains code to work-around lots of bugs and flaws in various SSL-implementations. SSL_CTX_set_options() is used to enabled those work-arounds. The man page for this option states that SSL_OP_ALL enables - ll the work-arounds and that "It is usually safe to use SSL_OP_ALL to + all the work-arounds and that "It is usually safe to use SSL_OP_ALL to enable the bug workaround options if compatibility with somewhat broken implementations is desired." @@ -1279,6 +1281,8 @@ Curl_ossl_connect_step1(struct connectdata *conn, } /* Lets make an SSL structure */ + if (connssl->handle) + SSL_free(connssl->handle); connssl->handle = SSL_new(connssl->ctx); if (!connssl->handle) { failf(data, "SSL: couldn't create a context (handle)!"); @@ -1638,6 +1642,9 @@ Curl_ossl_connect_common(struct connectdata *conn, *done = FALSE; } + /* Reset our connect state machine */ + connssl->connecting_state = ssl_connect_1; + return CURLE_OK; } -- 2.7.4