diff --git a/CHANGES b/CHANGES
index d66e23ac907086296ba4232e84649c758dd9d388..95cb39cf44fe354a89d3cd9532037150c395d47e 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,12 @@
Changelog
+Daniel S (21 Feb 2008)
+- Zmey Petroff found a crash when libcurl accessed a NULL pointer, which
+ happened if you set the connection cache size to 1 and for example failed to
+ login to an FTP site. Bug report #1896698
+ (http://curl.haxx.se/bug/view.cgi?id=1896698)
+
Daniel S (20 Feb 2008)
- Fixed test case 405 to not fail when libcurl is built with GnuTLS
diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 4993be1fd47358f7321ff87380e6baa97a019e9e..5b3ed07c1aa54abd651ea083aa0503a6aab1f090 100644
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -29,6 +29,7 @@ This release includes the following bugfixes:
a transfer going on, the connection is now closed by force
o bad re-use of SSL connections in non-complete state
o test case 405 failures with GnuTLS builds
+ o crash when connection cache size is 1 and Curl_do() failed
This release includes the following known bugs:
@@ -47,6 +48,6 @@ advice from friends like these:
Michal Marek, Dmitry Kurochkin, Niklas Angebrand, Günter Knauf, Yang Tse,
Dan Fandrich, Mike Hommey, Pooyan McSporran, Jerome Muffat-Meridol,
- Kaspar Brand, Gautam Kachroo
+ Kaspar Brand, Gautam Kachroo, Zmey Petroff
Thanks! (and sorry if I forgot to mention someone)
diff --git a/lib/transfer.c b/lib/transfer.c
index 86dcfe24fcd3d0026d538e9d40d71600c0a8a1dc..6288cec44b0495d135d4cc2ca054cc0bee8a011b 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -2389,8 +2389,12 @@ CURLcode Curl_perform(struct SessionHandle *data)
if(CURLE_OK == res)
res = res2;
}
- else
- /* Curl_do() failed, clean up left-overs in the done-call */
+ else if(conn)
+ /* Curl_do() failed, clean up left-overs in the done-call, but note
+ that at some cases the conn pointer is NULL when Curl_do() failed
+ and the connection cache is very small so only call Curl_done() if
+ conn is still "alive".
+ */
res2 = Curl_done(&conn, res, FALSE);
/*