aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2008-02-21 17:52:16 +0000
committerDaniel Stenberg <daniel@haxx.se>2008-02-21 17:52:16 +0000
commite9bb7b771287026596d03b75c3767a64b0cf3952 (patch)
tree6079c410953df44bfae02721ed6ba3aae3ce999e
parent5e9c564883512130d356a81f6dcb3057572f1690 (diff)
- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
happened if you set the connection cache size to 1 and for example failed to login to an FTP site. Bug report #1896698 (http://curl.haxx.se/bug/view.cgi?id=1896698)
-rw-r--r--CHANGES6
-rw-r--r--RELEASE-NOTES3
-rw-r--r--lib/transfer.c8
3 files changed, 14 insertions, 3 deletions
diff --git a/CHANGES b/CHANGES
index d66e23ac9..95cb39cf4 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
Changelog
+Daniel S (21 Feb 2008)
+- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
+ happened if you set the connection cache size to 1 and for example failed to
+ login to an FTP site. Bug report #1896698
+ (http://curl.haxx.se/bug/view.cgi?id=1896698)
+
Daniel S (20 Feb 2008)
- Fixed test case 405 to not fail when libcurl is built with GnuTLS
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4993be1fd..5b3ed07c1 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -29,6 +29,7 @@ This release includes the following bugfixes:
a transfer going on, the connection is now closed by force
o bad re-use of SSL connections in non-complete state
o test case 405 failures with GnuTLS builds
+ o crash when connection cache size is 1 and Curl_do() failed
This release includes the following known bugs:
@@ -47,6 +48,6 @@ advice from friends like these:
Michal Marek, Dmitry Kurochkin, Niklas Angebrand, Günter Knauf, Yang Tse,
Dan Fandrich, Mike Hommey, Pooyan McSporran, Jerome Muffat-Meridol,
- Kaspar Brand, Gautam Kachroo
+ Kaspar Brand, Gautam Kachroo, Zmey Petroff
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/transfer.c b/lib/transfer.c
index 86dcfe24f..6288cec44 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -2389,8 +2389,12 @@ CURLcode Curl_perform(struct SessionHandle *data)
if(CURLE_OK == res)
res = res2;
}
- else
- /* Curl_do() failed, clean up left-overs in the done-call */
+ else if(conn)
+ /* Curl_do() failed, clean up left-overs in the done-call, but note
+ that at some cases the conn pointer is NULL when Curl_do() failed
+ and the connection cache is very small so only call Curl_done() if
+ conn is still "alive".
+ */
res2 = Curl_done(&conn, res, FALSE);
/*