generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity
c7638d93b0
curl/lib/vtls
History
Tatsuhiro Tsujikawa c7638d93b0 openssl: Fix uninitialized variable use in NPN callback 
OpenSSL passes out and outlen variable uninitialized to
select_next_proto_cb callback function.  If the callback function
returns SSL_TLSEXT_ERR_OK, the caller assumes the callback filled
values in out and outlen and processes as such.  Previously, if there
is no overlap in protocol lists, curl code does not fill any values in
these variables and returns SSL_TLSEXT_ERR_OK, which means we are
triggering undefined behavior.  valgrind warns this.

This patch fixes this issue by fallback to HTTP/1.1 if there is no
overlap.
2014-05-23 17:00:07 +02:00
..
axtls.c axtls: Fixed too long source line 2014-05-17 11:54:48 +02:00
axtls.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
curl_darwinssl.c darwinssl: fix lint & build warnings in the previous commit 2014-05-21 19:21:15 -05:00
curl_darwinssl.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
curl_schannel.c schannel: don't use the connect-timeout during send 2014-05-05 00:10:37 +02:00
curl_schannel.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
cyassl.c cyassl: Use error-ssl.h when available 2014-04-23 11:01:30 +02:00
cyassl.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
gskit.c vtls: Fixed up include of vtls.h 2013-12-26 21:25:51 +00:00
gskit.h vtls: Updated comments referencing sslgen.c and ssluse.c 2013-12-26 21:42:22 +00:00
gtls.c gtls: fix NULL pointer dereference 2014-04-22 23:24:31 +02:00
gtls.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
nss.c nss: propagate blocking direction from NSPR I/O 2014-04-25 15:08:12 +02:00
nssg.h nss: implement non-blocking SSL handshake 2014-04-22 22:56:14 +02:00
openssl.c openssl: Fix uninitialized variable use in NPN callback 2014-05-23 17:00:07 +02:00
openssl.h OpenSSL: deselect weak ciphers by default 2014-01-12 00:14:01 +01:00
polarssl_threadlock.c vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
polarssl_threadlock.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
polarssl.c polarssl: avoid extra newlines in debug messages 2014-03-22 16:55:39 +01:00
polarssl.h vtls: moved all TLS/SSL source and header files into subdir 2013-12-20 17:12:42 +01:00
qssl.c vtls: Fixed up include of vtls.h 2013-12-26 21:25:51 +00:00
qssl.h vtls: Updated comments referencing sslgen.c and ssluse.c 2013-12-26 21:42:22 +00:00
vtls.c vtls: renamed sslgen.[ch] to vtls.[ch] 2013-12-20 17:12:42 +01:00
vtls.h ALPN: fix typo in http/1.1 identifier 2014-05-20 12:57:56 +02:00