geoipupdate-legacy icon indicating copy to clipboard operation
geoipupdate-legacy copied to clipboard

Published 20 hours ago verified publisher icon maxmind

Unsafe use in CURLOPT_WRITEDATA

Open gvanem opened this issue 5 years ago • 1 comments

After some patching to make a geoipupdate.exe for Windows, I get a crash due to this call:

    curl_easy_setopt(curl, CURLOPT_WRITEDATA, (void *)f);

in geoipupdate.c.

Reason: My libcurl.dll was built using MSVC. But geoipupdate.exe was built using MinGW where the inner structure of a FILE* is another story completely . The call-stack shows it crashes while accessing the critical-section of f:

ntdll!RtlpWaitOnCriticalSection+0x6f
ntdll!RtlpEnterCriticalSectionContended+0xd6
ntdll!RtlEnterCriticalSection+0x49
ucrtbase!__crt_seh_guarded_call<unsigned int>::operator()<<lambda_cd3bfd923e8d1349099e544c97b1bd8e>,<lambda_54dcfcba6f8e0c549fa430f4d53fb7dd> &,<lambda_5e1d0fa2aa2b73b187bf8b7e1d30c7f8> >+0x1f
ucrtbase!fwrite+0x4e
libcurl!chop_write(struct connectdata * conn = 0x0cfa9cc8, int type = 0n1, char * optr = 0x0cf9cc1f "Invalid user ID.", unsigned int olen = 0x10)+0x9c [f:\mingw32\src\inet\curl\lib\sendf.c @ 585] 
libcurl!Curl_client_write(struct connectdata * conn = 0x0cfa9cc8, int type = 0n1, char * ptr = 0x0cf9cc1f "Invalid user ID.", unsigned int len = 0x10)+0x4a [f:\mingw32\src\inet\curl\lib\sendf.c @ 668] 
libcurl!readwrite_data(struct Curl_easy * data = 0x0cf97e78, struct connectdata * conn = 0x0cfa9cc8, struct SingleRequest * k = 0x0cf97ee8, int * didwhat = 0x0061fc5c, bool * done = 0x0061fc97, bool * comeback = 0x0061fc98)+0x5cc [f:\mingw32\src\inet\curl\lib\transfer.c @ 796] 
libcurl!Curl_readwrite(struct connectdata * conn = 0x0cfa9cc8, struct Curl_easy * data = 0x0cf97e78, bool * done = 0x0061fc97, bool * comeback = 0x0061fc98)+0xef [f:\mingw32\src\inet\curl\lib\transfer.c @ 1125] 
libcurl!multi_runsingle(struct Curl_multi * multi = 0x0cfa0bc0, struct curltime now = struct curltime, struct Curl_easy * data = 0x0cf97e78)+0x1116 [f:\mingw32\src\inet\curl\lib\multi.c @ 1932] 
libcurl!curl_multi_perform(struct Curl_multi * multi = 0x0cfa0bc0, int * running_handles = 0x0061fd18)+0x5f [f:\mingw32\src\inet\curl\lib\multi.c @ 2196] 
libcurl!easy_transfer+0x6c [f:\mingw32\src\inet\curl\lib\easy.c @ 686] 
libcurl!easy_perform(struct Curl_easy * data = 0x0cf97e78, bool events = false)+0x193 [f:\mingw32\src\inet\curl\lib\easy.c @ 779] 
libcurl!curl_easy_perform(struct Curl_easy * data = 0x0cf97e78)+0xb [f:\mingw32\src\inet\curl\lib\easy.c @ 798] 
geoipupdate+0x2179

What (besides linking to a static libcurl) can be be done for this? But it could be a PITA to use a static libcurl since there could be so many external dependencies.

gvanem avatar Aug 04 '18 12:08 gvanem

You may also be interested in the next gen version of geoipupdate. It is written in Go and should work on Windows without issue. We plan on providing binaries for Windows once we do a full release.

oschwald avatar Aug 04 '18 17:08 oschwald