- Pawel Kierski pointed out a mistake in the cookie code that could lead to a

  bad fclose() after a fatal error had occured.
  (http://curl.haxx.se/bug/view.cgi?id=2382219)

3 files changed, 9 insertions, 2 deletions

diff --git a/CHANGES b/CHANGES
index 1528e61f2..67dd1d73a 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel Fandrich (3 Dec 2008)
+- Pawel Kierski pointed out a mistake in the cookie code that could lead to a
+  bad fclose() after a fatal error had occured.
+  (http://curl.haxx.se/bug/view.cgi?id=2382219)
+
 Daniel Fandrich (25 Nov 2008)
 - If a HTTP request is Basic and num is already >=1000, the HTTP test
   server adds 1 to num to get the data section to return. This allows
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 2a7f82d26..41408de0c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -22,6 +22,7 @@ This release includes the following bugfixes:
  o memory leak with HTTP GSS/kerberos authentication
  o removed the default use of "Pragma: no-cache"
  o fix SCP/SFTP busyloop by using a new libssh2 0.19 function
+ o bad fclose() after a fatal error in cookie code
 
 This release includes the following known bugs:
 
@@ -31,6 +32,6 @@ This release would not have looked like this without help, code, reports and
 advice from friends like these:
 
  Yang Tse, Daniel Fandrich, Jim Meyering, Christian Krause, Andreas Wurf,
- Markus Koetter, Josef Wolf, Vlad Grachov
+ Markus Koetter, Josef Wolf, Vlad Grachov, Pawel Kierski
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/cookie.c b/lib/cookie.c
index b117f2f8b..4db1a5621 100644
--- a/lib/cookie.c
+++ b/lib/cookie.c
@@ -1003,7 +1003,8 @@ int Curl_cookie_output(struct CookieInfo *c, const char *dumphere)
       format_ptr = get_netscape_format(co);
       if(format_ptr == NULL) {
         fprintf(out, "#\n# Fatal libcurl error\n");
-        fclose(out);
+        if(!use_stdout)
+          fclose(out);
         return 1;
       }
       fprintf(out, "%s\n", format_ptr);