From: Daniel Stenberg <daniel@haxx.se>
Date: Fri, 28 Sep 2012 11:56:03 +0000 (+0200)
Subject: Curl_reconnect_request: clear pointer on failure
X-Git-Tag: curl-7_28_0~22
X-Git-Url: http://git.ipfire.org/?a=commitdiff_plain;h=628c4e7af1a28ea2d8463a29d59a58d30eb1f710;p=thirdparty%2Fcurl.git

Curl_reconnect_request: clear pointer on failure

The Curl_reconnect_request() function could end up returning a pointer
to a free()d struct when Curl_done() failed inside. Clearing the pointer
unconditionally after Curl_done() avoids this risk.

Reported by: Ho-chi Chen
Bug: http://curl.haxx.se/mail/lib-2012-09/0188.html
---

diff --git a/lib/transfer.c b/lib/transfer.c
index 73456ec3e7..2ad5fad46f 100644
--- a/lib/transfer.c
+++ b/lib/transfer.c
@@ -1985,7 +1985,9 @@ Curl_reconnect_request(struct connectdata **connp)
   conn->bits.close = TRUE; /* enforce close of this connection */
   result = Curl_done(&conn, result, FALSE); /* we are so done with this */
 
-  /* conn may no longer be a good pointer */
+  /* conn may no longer be a good pointer, clear it to avoid mistakes by
+     parent functions */
+  *connp = NULL;
 
   /*
    * According to bug report #1330310. We need to check for CURLE_SEND_ERROR