From 504e6d7ae67a0aa72078fbeab208bf43c81b1f20 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 20 Nov 2009 19:32:49 +0000
Subject: - Constantine Sapuntzakis identified a write after close, as the
 sockets were   closed by libcurl before the SSL lib were shutdown and they
 may write to its   socket. Detected to at least happen with OpenSSL builds.

---
 lib/url.c | 8 +++++---
 1 file changed, 5 insertions(+), 3 deletions(-)

(limited to 'lib/url.c')

diff --git a/lib/url.c b/lib/url.c
index 54d2ff929..edfa3edcc 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2300,6 +2300,11 @@ static void conn_free(struct connectdata *conn)
   if(!conn)
     return;
 
+  /* close the SSL stuff before we close any sockets since they will/may
+     write to the sockets */
+  Curl_ssl_close(conn, FIRSTSOCKET);
+  Curl_ssl_close(conn, SECONDARYSOCKET);
+
   /* close possibly still open sockets */
   if(CURL_SOCKET_BAD != conn->sock[SECONDARYSOCKET])
     sclose(conn->sock[SECONDARYSOCKET]);
@@ -2336,9 +2341,6 @@ static void conn_free(struct connectdata *conn)
   Curl_destroy_thread_data(&conn->async);
 #endif
 
-  Curl_ssl_close(conn, FIRSTSOCKET);
-  Curl_ssl_close(conn, SECONDARYSOCKET);
-
   Curl_free_ssl_config(&conn->ssl_config);
 
   free(conn); /* free all the connection oriented data */
-- 
cgit v1.2.3