[GNUnet-SVN] [gnurl] 168/256: vtls: fix memory corruption

[gnunet]

This is an automated email from the git hooks/post-receive script.

ng0 pushed a commit to branch master
in repository gnurl.

commit 955c21939e58c8ba59877fbb7d628445143241d1
Author: Jay Satiro <address@hidden>
AuthorDate: Wed Sep 6 23:39:21 2017 +0200

    vtls: fix memory corruption
    
    Ever since 70f1db321 (vtls: encapsulate SSL backend-specific data,
    2017-07-28), the code handling HTTPS proxies was broken because the
    pointer to the SSL backend data was not swapped between
    conn->ssl[sockindex] and conn->proxy_ssl[sockindex] as intended, but
    instead set to NULL (causing segmentation faults).
    
    [jes: provided the commit message, tested and verified the patch]
    
    Signed-off-by: Johannes Schindelin <address@hidden>
---
 lib/vtls/vtls.c | 10 ++++++++++
 1 file changed, 10 insertions(+)

diff --git a/lib/vtls/vtls.c b/lib/vtls/vtls.c
index a1a301e7f..52f922841 100644
--- a/lib/vtls/vtls.c
+++ b/lib/vtls/vtls.c
@@ -206,10 +206,20 @@ ssl_connect_init_proxy(struct connectdata *conn, int 
sockindex)
   DEBUGASSERT(conn->bits.proxy_ssl_connected[sockindex]);
   if(ssl_connection_complete == conn->ssl[sockindex].state &&
      !conn->proxy_ssl[sockindex].use) {
+    struct ssl_backend_data *pbdata;
+
     if(!Curl_ssl->support_https_proxy)
       return CURLE_NOT_BUILT_IN;
+
+    /* The pointers to the ssl backend data, which is opaque here, are swapped
+       rather than move the contents. */
+    pbdata = conn->proxy_ssl[sockindex].backend;
     conn->proxy_ssl[sockindex] = conn->ssl[sockindex];
+
     memset(&conn->ssl[sockindex], 0, sizeof(conn->ssl[sockindex]));
+    memset(pbdata, 0, Curl_ssl->sizeof_ssl_backend_data);
+
+    conn->ssl[sockindex].backend = pbdata;
   }
   return CURLE_OK;
 }

-- 
To stop receiving notification emails like this one, please contact
address@hidden