From 927a5bd1b4f95fe2331c9d9923c620ba8e274d6c Mon Sep 17 00:00:00 2001
From: Chris Araman <chris.araman@fuze.com>
Date: Tue, 5 Feb 2019 21:56:36 -0800
Subject: url: close TLS before removing conn from cache

- Fix potential crashes in schannel shutdown.

Ensure any TLS shutdown messages are sent before removing the
association between the connection and the easy handle. Reverts
@bagder's previous partial fix for #3412.

Fixes https://github.com/curl/curl/issues/3412
Fixes https://github.com/curl/curl/issues/3505
Closes https://github.com/curl/curl/pull/3531
---
 lib/vtls/schannel.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

(limited to 'lib/vtls/schannel.c')

diff --git a/lib/vtls/schannel.c b/lib/vtls/schannel.c
index c8574f56c..7e5d19b20 100644
--- a/lib/vtls/schannel.c
+++ b/lib/vtls/schannel.c
@@ -1960,6 +1960,8 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
   char * const hostname = SSL_IS_PROXY() ? conn->http_proxy.host.name :
     conn->host.name;
 
+  DEBUGASSERT(data);
+
   infof(data, "schannel: shutting down SSL/TLS connection with %s port %hu\n",
         hostname, conn->remote_port);
 
@@ -2035,11 +2037,9 @@ static int Curl_schannel_shutdown(struct connectdata *conn, int sockindex)
      * might not have an associated transfer so the check for conn->data is
      * necessary.
      */
-    if(conn->data)
-      Curl_ssl_sessionid_lock(conn);
+    Curl_ssl_sessionid_lock(conn);
     Curl_schannel_session_free(BACKEND->cred);
-    if(conn->data)
-      Curl_ssl_sessionid_unlock(conn);
+    Curl_ssl_sessionid_unlock(conn);
     BACKEND->cred = NULL;
   }
 
-- 
cgit v1.2.3