diff options
author | Daniel Stenberg <daniel@haxx.se> | 2018-04-26 16:07:10 +0200 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2018-04-26 23:23:02 +0200 |
commit | 1d71ce845a6ac3887205c2842fad0a476f7cf3ec (patch) | |
tree | 9ae15e425c5ec29dd87e1d7945ff1d5264af426f | |
parent | 2ef1662e4bc20f1641bc678141c2df0e42e21e3f (diff) |
http2: fix null pointer dereference in http2_connisdead
This function can get called on a connection that isn't setup enough to
have the 'recv_underlying' function pointer initialized so it would try
to call the NULL pointer.
Reported-by: Dario Weisser
Follow-up to db1b2c7fe9b093f8 (never shipped in a release)
Closes #2536
-rw-r--r-- | lib/http2.c | 7 |
1 files changed, 5 insertions, 2 deletions
diff --git a/lib/http2.c b/lib/http2.c index 25d74c1a1..770ebdab5 100644 --- a/lib/http2.c +++ b/lib/http2.c @@ -202,8 +202,11 @@ static bool http2_connisdead(struct connectdata *conn) only "protocol frames" */ CURLcode result; struct http_conn *httpc = &conn->proto.httpc; - ssize_t nread = ((Curl_recv *)httpc->recv_underlying)( - conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result); + ssize_t nread = -1; + if(httpc->recv_underlying) + /* if called "too early", this pointer isn't setup yet! */ + nread = ((Curl_recv *)httpc->recv_underlying)( + conn, FIRSTSOCKET, httpc->inbuf, H2_BUFSIZE, &result); if(nread != -1) { infof(conn->data, "%d bytes stray data read before trying h2 connection\n", |