When allocating memory for a connection (the internal struct called `connectdata`), a certain amount of extra memory is allocate at the end of the struct to be used for SSL related structs. Those structs are used by the particular SSL library libcurl is built to use and in this case the application can also tell libcurl which SSL library to use if it was built to support more than one. The math used for the extra memory was wrong on 32 bit systems, which made the allocated memory too small. The last struct setup that is used by the SSL library could then access memory outside of the allocated block. It could lead to a crash or to other undefined behaviors depending on what memory that is present there and how the particular SSL library decides to act on that memory content. External References: https://curl.haxx.se/docs/adv_2017-af0a.html Introduced in commit: https://github.com/curl/curl/commit/70f1db321a Upstream issue: https://github.com/curl/curl/issues/2093 Upstream patch: https://github.com/curl/curl/commit/9b5e12a5491d2e6b68e0c88ca56f3a9ef9fba400
Acknowledgments: Name: the Curl project Upstream: John Schoenick
AFFECTED VERSIONS ----------------- This is only an issue on systems with 32 bit pointers. - Affected versions: libcurl 7.56.0 to and including 7.56.1 - Not affected versions: libcurl < 7.56.0 and >= 7.57.0