From 0bb8465b1e529f4ac1f764baa56117ea1fd73fe4 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Wed, 12 Mar 2025 11:22:49 +0100 Subject: [PATCH] multi: call protocol handler done() if PROTOCONNECT or later The protocol handlers' done() function would previous get called unconditionally in multi_done(), no matter how far the easy handle's state machine has transitioned. This caused problems in IMAP which in imap_connect() initializes things that the imap_done() function assumes has occured. I think that seems like a correct assumption and we should rather make sure that the done() function is only called if we have reached the PROTOCONNECT state. This problem was found using OSS-Fuzz. Assisted-by: Catena cyber Closes #16681 --- lib/multi.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/multi.c b/lib/multi.c index 71a7479d82..ee3cad724a 100644 --- a/lib/multi.c +++ b/lib/multi.c @@ -570,7 +570,7 @@ static CURLcode multi_done(struct Curl_easy *data, } /* this calls the protocol-specific function pointer previously set */ - if(conn->handler->done) + if(conn->handler->done && (data->mstate >= MSTATE_PROTOCONNECT)) result = conn->handler->done(data, status, premature); else result = status; -- 2.47.2