Subject: Re: Use-after-free with libcurl+ares on windows?

Re: Use-after-free with libcurl+ares on windows?

From: Daniel Stenberg <>
Date: 2005-08-04

On Thu, 4 Aug 2005, Harshal Pradhan wrote:

(Subject brought up on the libcurl list, CC'ing the reply to the c-ares list
since this concerns c-ares.)

> As I said earlier, I'm not very familiar with ares and have only been poking
> at it a little bit over the last couple of days. However, if you could
> outline a little bit what such an API would look like, then maybe I could
> try and take a shot at implementing it.

The problem is that ares_cancel() always unconditionally aborts all pending
callbacks and not just the single one we may want to cancel.

I can think of two ways to add this (or possibly we can offer both):

1) We make the functions that add a "job" to the queue (such as
    ares_gethostbyname) return a "queue id" and we add a function that can
    cancel this single queue item.

2) We make a function that can cancel jobs that were specified with a set
    callback argument - the fifth argument to ares_gethostbyname.

Option (2) has the least impact on existing API:s and allows cancelling of
several jobs that use the same pointer, while option (1) is faster for killing
a single job among many.

> In the meantime, would the best short-term option for me be to switch to
> using the threaded resolver?

I think it might be, yes.

  Commercial curl and libcurl Technical Support:
Received on Thu Aug 4 20:26:23 2005