Commit 628c4e7a authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Curl_reconnect_request: clear pointer on failure 

The Curl_reconnect_request() function could end up returning a pointer
to a free()d struct when Curl_done() failed inside. Clearing the pointer
unconditionally after Curl_done() avoids this risk.

Reported by: Ho-chi Chen
Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
parent 4ea7a65a

lib/transfer.c

+3 −1
Original line number Original line Diff line number Diff line
@@ -1985,7 +1985,9 @@ Curl_reconnect_request(struct connectdata **connp) 
  conn->bits.close = TRUE; /* enforce close of this connection */

  conn->bits.close = TRUE; /* enforce close of this connection */

  result = Curl_done(&conn, result, FALSE); /* we are so done with this */

  result = Curl_done(&conn, result, FALSE); /* we are so done with this */





  /* conn may no longer be a good pointer */

  /* conn may no longer be a good pointer, clear it to avoid mistakes by

     parent functions */

  *connp = NULL;





  /*

  /*

   * According to bug report #1330310. We need to check for CURLE_SEND_ERROR

   * According to bug report #1330310. We need to check for CURLE_SEND_ERROR