- From: Gordon Prioreschi <gpriores@ix.netcom.com>
- Date: Thu, 16 Sep 1999 11:57:10 -0700
- To: www-lib@w3.org
Greetings all, Found the following bug in libwww-ssl: I'm connecting to a secure server that unexpectedly closes its connection in the middle of a POST operation (which is the primary bug I'm hunting). HTSSL_read() returns an error to HTSSLReader_read(), which causes it to: - HTSSL_close(me->htssl) which deallocates *me->htssl->ssl, then sets me->htssl->ssl to NULL. - HTSSL_free(me->htssl) which DOESN'T deallocate the htssl object, as it's ALSO referenced in the output stream -- it merely decrements the ref count - me->htssl = NULL which causes subsequent calls to HTSSLReader_read() to establish a new SSL connection ... so, after all the pipe recovery stuff in libwww, we end up calling HTSSLWriter_write(), whose output stream still references the htssl object that references a deallocated SSL connection (me->htssl->ssl == NULL). Note that the checks for a valid SSL connection in HTSSLReader_read() and HTSSLWriter_write() check me->htssl, but neither me->htssl->ssl nor me->htssl->connected are checked along this code path. So, we end up calling SSL_write with s == NULL, causing a seg fault. So... How are we working the export restrictions on libwww-ssl? Do I correctly surmise from its distribution on an export-secured server that it's already had U.S.-based development, and thus that I (a U.S. citizen and resident) wouldn't be further compromising its exportability by submitting a patch? Otherwise, I'm sure the description of the problem I've provided is enough to let somebody outside the U.S. write the actual fix... :-> Later, -g OBgripe: $#@%$#@% export restrictions... !@#%$!#@$ Department of Commerce...
Received on Thursday, 16 September 1999 15:02:48 UTC