diff --git a/CHANGES b/CHANGES index d66e23ac907086296ba4232e84649c758dd9d388..95cb39cf44fe354a89d3cd9532037150c395d47e 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,12 @@ Changelog +Daniel S (21 Feb 2008) +- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which + happened if you set the connection cache size to 1 and for example failed to + login to an FTP site. Bug report #1896698 + (http://curl.haxx.se/bug/view.cgi?id=1896698) + Daniel S (20 Feb 2008) - Fixed test case 405 to not fail when libcurl is built with GnuTLS diff --git a/RELEASE-NOTES b/RELEASE-NOTES index 4993be1fd47358f7321ff87380e6baa97a019e9e..5b3ed07c1aa54abd651ea083aa0503a6aab1f090 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -29,6 +29,7 @@ This release includes the following bugfixes: a transfer going on, the connection is now closed by force o bad re-use of SSL connections in non-complete state o test case 405 failures with GnuTLS builds + o crash when connection cache size is 1 and Curl_do() failed This release includes the following known bugs: @@ -47,6 +48,6 @@ advice from friends like these: Michal Marek, Dmitry Kurochkin, Niklas Angebrand, Günter Knauf, Yang Tse, Dan Fandrich, Mike Hommey, Pooyan McSporran, Jerome Muffat-Meridol, - Kaspar Brand, Gautam Kachroo + Kaspar Brand, Gautam Kachroo, Zmey Petroff Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/transfer.c b/lib/transfer.c index 86dcfe24fcd3d0026d538e9d40d71600c0a8a1dc..6288cec44b0495d135d4cc2ca054cc0bee8a011b 100644 --- a/lib/transfer.c +++ b/lib/transfer.c @@ -2389,8 +2389,12 @@ CURLcode Curl_perform(struct SessionHandle *data) if(CURLE_OK == res) res = res2; } - else - /* Curl_do() failed, clean up left-overs in the done-call */ + else if(conn) + /* Curl_do() failed, clean up left-overs in the done-call, but note + that at some cases the conn pointer is NULL when Curl_do() failed + and the connection cache is very small so only call Curl_done() if + conn is still "alive". + */ res2 = Curl_done(&conn, res, FALSE); /*