From cffebd7fd6b7d9f24793f94fbae2a62c05c46eb0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 7 Mar 2006 23:11:41 +0000 Subject: Markus Koetter filed debian bug report #355715 which identified a problem with the multi interface and multi-part formposts. The fix from February 22nd could make the Curl_done() function get called twice on the same connection and it was not designed for that and thus tried to call free() on an already freed memory area! --- lib/url.c | 6 ++++++ lib/urldata.h | 4 ++++ 2 files changed, 10 insertions(+) (limited to 'lib') diff --git a/lib/url.c b/lib/url.c index 4eeb1dc9a..9a715c9f0 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3982,6 +3982,11 @@ CURLcode Curl_done(struct connectdata **connp, struct connectdata *conn = *connp; struct SessionHandle *data=conn->data; + if(conn->bits.done) + return CURLE_OK; /* Curl_done() has already been called */ + + conn->bits.done = TRUE; /* called just now! */ + /* cleanups done even if the connection is re-used */ if(conn->bits.rangestringalloc) { free(conn->range); @@ -4047,6 +4052,7 @@ CURLcode Curl_do(struct connectdata **connp, bool *done) struct connectdata *conn = *connp; struct SessionHandle *data=conn->data; + conn->bits.done = FALSE; /* Curl_done() is not called yet */ conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */ if(conn->curl_do) { diff --git a/lib/urldata.h b/lib/urldata.h index a3802b7c3..6cb3729b9 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -432,6 +432,10 @@ struct ConnectBits { bool trailerHdrPresent; /* Set when Trailer: header found in HTTP response. Required to determine whether to look for trailers in case of Transfer-Encoding: chunking */ + bool done; /* set to FALSE when Curl_do() is called and set to TRUE + when Curl_done() is called, to prevent Curl_done() to + get invoked twice when the multi interface is + used. */ }; struct hostname { -- cgit v1.2.3