Commit cffebd7f authored by Daniel Stenberg's avatar Daniel Stenberg
Browse files

Markus Koetter filed debian bug report #355715 which identified a problem 

with the multi interface and multi-part formposts. The fix from February
22nd could make the Curl_done() function get called twice on the same
connection and it was not designed for that and thus tried to call free() on
an already freed memory area!
parent b8c8e734

CHANGES

+6 −0
Original line number Diff line number Diff line
@@ -7,6 +7,12 @@ 
                                  Changelog



Daniel (7 March 2006)

- Markus Koetter filed debian bug report #355715 which identified a problem

  with the multi interface and multi-part formposts. The fix from February

  22nd could make the Curl_done() function get called twice on the same

  connection and it was not designed for that and thus tried to call free() on

  an already freed memory area!



- Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL

  is used properly.

RELEASE-NOTES

+3 −1
Original line number Diff line number Diff line
@@ -15,6 +15,7 @@ This release includes the following changes: 


This release includes the following bugfixes:



 o multi-part formpost with multi interface crash

 o the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged

 o "SSL: couldn't set callback" is now a less serious problem

 o Interix build fix
@@ -28,6 +29,7 @@ Other curl-related news since the previous public release: 
This release would not have looked like this without help, code, reports and

advice from friends like these:



 Gisle Vanem, Dan Fandrich, Thomas Klausner, Todd Vierling, Peter Heuchert

 Gisle Vanem, Dan Fandrich, Thomas Klausner, Todd Vierling, Peter Heuchert,

 Markus Koetter



        Thanks! (and sorry if I forgot to mention someone)

lib/url.c

+6 −0
Original line number Diff line number Diff line
@@ -3982,6 +3982,11 @@ CURLcode Curl_done(struct connectdata **connp, 
  struct connectdata *conn = *connp;

  struct SessionHandle *data=conn->data;



  if(conn->bits.done)

    return CURLE_OK; /* Curl_done() has already been called */



  conn->bits.done = TRUE; /* called just now! */



  /* cleanups done even if the connection is re-used */

  if(conn->bits.rangestringalloc) {

    free(conn->range);
@@ -4047,6 +4052,7 @@ CURLcode Curl_do(struct connectdata **connp, bool *done) 
  struct connectdata *conn = *connp;

  struct SessionHandle *data=conn->data;



  conn->bits.done = FALSE; /* Curl_done() is not called yet */

  conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */



  if(conn->curl_do) {

lib/urldata.h

+4 −0
Original line number Diff line number Diff line
@@ -432,6 +432,10 @@ struct ConnectBits { 
  bool trailerHdrPresent; /* Set when Trailer: header found in HTTP response.

                             Required to determine whether to look for trailers

                             in case of Transfer-Encoding: chunking */

  bool done;          /* set to FALSE when Curl_do() is called and set to TRUE

                         when Curl_done() is called, to prevent Curl_done() to

                         get invoked twice when the multi interface is

                         used. */

};



struct hostname {