From 167a92810a77b3abd973ea987a1306cfa155d65c Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Sun, 18 Oct 2009 00:10:13 +0000
Subject: [PATCH] - Kevin Baughman found a double close() problem with
 libcurl-NSS, as when   libcurl called NSS to close the SSL "session" it also
 closed the actual   socket.

---
 CHANGES       | 5 +++++
 RELEASE-NOTES | 2 ++
 lib/nss.c     | 8 ++++++--
 3 files changed, 13 insertions(+), 2 deletions(-)

diff --git a/CHANGES b/CHANGES
index 1c71e74036..cfb6ffd517 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,11 @@
 
                                   Changelog
 
+Daniel Stenberg (18 Oct 2009)
+- Kevin Baughman found a double close() problem with libcurl-NSS, as when
+  libcurl called NSS to close the SSL "session" it also closed the actual
+  socket.
+
 Yang Tse (17 Oct 2009)
 - Bug report #2866724 indicated
   (http://curl.haxx.se/bug/view.cgi?id=2866724) that curl on Windows failed
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 6d6530632b..8556b54b8c 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -36,6 +36,7 @@ This release includes the following bugfixes:
  o don't shrink SO_SNDBUF on windows for those who have it set large already
  o connect next bug
  o invalid file name characters handling on Windows
+ o double close() on the primary socket with libcurl-NSS
 
 This release includes the following known bugs:
 
@@ -48,5 +49,6 @@ advice from friends like these:
  Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
  Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
  Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
+ Kevin Baughman
 
         Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/nss.c b/lib/nss.c
index abc1a4c319..866b1d0c8f 100644
--- a/lib/nss.c
+++ b/lib/nss.c
@@ -927,11 +927,15 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)
 
   if(connssl->handle) {
     PR_Close(connssl->handle);
+
+    /* NSS closes the socket we previously handed to it, so we must mark it
+       as closed to avoid double close */
+    conn->sock[sockindex] = CURL_SOCKET_BAD;
     if(connssl->client_nickname != NULL) {
       free(connssl->client_nickname);
       connssl->client_nickname = NULL;
     }
-#ifdef HAVE_PK11_CREATEGENERICOBJECT      
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
     if(connssl->key)
       (void)PK11_DestroyGenericObject(connssl->key);
     if(connssl->cacert[1])
@@ -973,7 +977,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)
 
   connssl->data = data;
 
-#ifdef HAVE_PK11_CREATEGENERICOBJECT  
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
   connssl->cacert[0] = NULL;
   connssl->cacert[1] = NULL;
   connssl->key = NULL;
-- 
GitLab