From 64b2d2d77e112f1519995b54cb0806e1f2e4a9f6 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 9 Mar 2013 18:05:28 +0100
Subject: multi_runsingle: avoid NULL dereference

When Curl_do() returns failure, the connection pointer could be NULL so
the code path following needs to that that into account.

Bug: http://curl.haxx.se/mail/lib-2013-03/0062.html
Reported by: Eric Hu
---
 lib/multi.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

diff --git a/lib/multi.c b/lib/multi.c
index 706df2398..825f77740 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -1202,8 +1202,9 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
       }
       else {
         /* Perform the protocol's DO action */
-        easy->result = Curl_do(&easy->easy_conn,
-                               &dophase_done);
+        easy->result = Curl_do(&easy->easy_conn, &dophase_done);
+
+        /* When Curl_do() returns failure, easy->easy_conn might be NULL! */
 
         if(CURLE_OK == easy->result) {
           if(!dophase_done) {
@@ -1292,7 +1293,8 @@ static CURLMcode multi_runsingle(struct Curl_multi *multi,
         else {
           /* failure detected */
           Curl_posttransfer(data);
-          Curl_done(&easy->easy_conn, easy->result, FALSE);
+          if(easy->easy_conn)
+            Curl_done(&easy->easy_conn, easy->result, FALSE);
           disconnect_conn = TRUE;
         }
       }
-- 
cgit v1.2.3