diff options
| author | Daniel Stenberg <daniel@haxx.se> | 2012-09-28 13:56:03 +0200 |
|---|---|---|
| committer | Daniel Stenberg <daniel@haxx.se> | 2012-09-28 13:57:41 +0200 |
| commit | 628c4e7af1a28ea2d8463a29d59a58d30eb1f710 (patch) | |
| tree | ebd8f980c391f3dbb5f127b386f38b9b7ed7d4c1 | |
| parent | 4ea7a65af725d0530a173b080acb6cb6db5432b3 (diff) | |
Curl_reconnect_request: clear pointer on failure
The Curl_reconnect_request() function could end up returning a pointer
to a free()d struct when Curl_done() failed inside. Clearing the pointer
unconditionally after Curl_done() avoids this risk.
Reported by: Ho-chi Chen
Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
| -rw-r--r-- | lib/transfer.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/lib/transfer.c b/lib/transfer.c index 73456ec3e..2ad5fad46 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -1985,7 +1985,9 @@ Curl_reconnect_request(struct connectdata **connp) conn->bits.close = TRUE; /* enforce close of this connection */ result = Curl_done(&conn, result, FALSE); /* we are so done with this */ - /* conn may no longer be a good pointer */ + /* conn may no longer be a good pointer, clear it to avoid mistakes by + parent functions */ + *connp = NULL; /* * According to bug report #1330310. We need to check for CURLE_SEND_ERROR |