From e9bb7b771287026596d03b75c3767a64b0cf3952 Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Thu, 21 Feb 2008 17:52:16 +0000
Subject: - Zmey Petroff found a crash when libcurl accessed a NULL pointer,
 which   happened if you set the connection cache size to 1 and for example
 failed to   login to an FTP site. Bug report #1896698  
 (http://curl.haxx.se/bug/view.cgi?id=1896698)

---
 lib/transfer.c | 8 ++++++--
 1 file changed, 6 insertions(+), 2 deletions(-)

(limited to 'lib')

diff --git a/lib/transfer.c b/lib/transfer.c
index 86dcfe24f..6288cec44 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -2389,8 +2389,12 @@ CURLcode Curl_perform(struct SessionHandle *data)
         if(CURLE_OK == res)
           res = res2;
       }
-      else
-        /* Curl_do() failed, clean up left-overs in the done-call */
+      else if(conn)
+        /* Curl_do() failed, clean up left-overs in the done-call, but note
+           that at some cases the conn pointer is NULL when Curl_do() failed
+           and the connection cache is very small so only call Curl_done() if
+           conn is still "alive".
+        */
         res2 = Curl_done(&conn, res, FALSE);
 
       /*
-- 
cgit v1.2.3