From: Daniel Stenberg <daniel@haxx.se>
Date: Sat, 30 Jul 2016 23:09:04 +0000 (+0200)
Subject: curl_multi_cleanup: clear connection pointer for easy handles
X-Git-Tag: curl-7_50_1~4
X-Git-Url: http://git.ipfire.org/cgi-bin/gitweb.cgi?a=commitdiff_plain;h=75dc096e01ef1e21b6c57690d99371dedb2c0b80;p=thirdparty%2Fcurl.git

curl_multi_cleanup: clear connection pointer for easy handles

CVE-2016-5421
Bug: https://curl.haxx.se/docs/adv_20160803C.html
Reported-by: Marcelo Echeverria and Fernando Muñoz
---

diff --git a/lib/multi.c b/lib/multi.c
index 9ee3523533..8bb93660de 100644
--- a/lib/multi.c
+++ b/lib/multi.c
@@ -2157,6 +2157,8 @@ static void close_all_connections(struct Curl_multi *multi)
     conn->data = multi->closure_handle;
 
     sigpipe_ignore(conn->data, &pipe_st);
+    conn->data->easy_conn = NULL; /* clear the easy handle's connection
+                                     pointer */
     /* This will remove the connection from the cache */
     (void)Curl_disconnect(conn, FALSE);
     sigpipe_restore(&pipe_st);