From 5b54df06d2cec422d5f237e0fa0212be0303edce Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Fri, 6 Oct 2017 17:20:54 +0200 Subject: pingpong: return error when trying to send without connection When imap_done() got called before a connection is setup, it would try to "finish up" and dereffed a NULL pointer. Test case 1553 managed to reproduce. I had to actually use a host name to try to resolve to slow it down, as using the normal local server IP will make libcurl get a connection in the first curl_multi_perform() loop and then the bug doesn't trigger. Fixes #1953 Assisted-by: Max Dymond --- lib/pingpong.c | 11 +++++++++-- 1 file changed, 9 insertions(+), 2 deletions(-) (limited to 'lib/pingpong.c') diff --git a/lib/pingpong.c b/lib/pingpong.c index b8f214005..ef865ae54 100644 --- a/lib/pingpong.c +++ b/lib/pingpong.c @@ -168,16 +168,22 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, char *s; CURLcode result; struct connectdata *conn = pp->conn; - struct Curl_easy *data = conn->data; + struct Curl_easy *data; #ifdef HAVE_GSSAPI - enum protection_level data_sec = conn->data_prot; + enum protection_level data_sec; #endif DEBUGASSERT(pp->sendleft == 0); DEBUGASSERT(pp->sendsize == 0); DEBUGASSERT(pp->sendthis == NULL); + if(!conn) + /* can't send without a connection! */ + return CURLE_SEND_ERROR; + + data = conn->data; + fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */ if(!fmt_crlf) return CURLE_OUT_OF_MEMORY; @@ -205,6 +211,7 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp, result = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len, &bytes_written); #ifdef HAVE_GSSAPI + data_sec = conn->data_prot; DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST); conn->data_prot = data_sec; #endif -- cgit v1.2.3