romenskiy2012/curl
1
0
Fork 0
mirror of https://github.com/curl/curl.git synced 2026-06-24 10:05:43 +03:00
Code Issues Projects Releases Packages Wiki Activity

pingpong: return error when trying to send without connection

Browse source 
When imap_done() got called before a connection is setup, it would try
to "finish up" and dereffed a NULL pointer.

Test case 1553 managed to reproduce. I had to actually use a host name
to try to resolve to slow it down, as using the normal local server IP
will make libcurl get a connection in the first curl_multi_perform()
loop and then the bug doesn't trigger.

Fixes #1953
Assisted-by: Max Dymond
This commit is contained in:
Daniel Stenberg 2017-10-06 17:20:54 +02:00
parent 0af5ac27c3
commit 5b54df06d2
No known key found for this signature in database
GPG key ID: 5CC908FDB71E12C2
5 changed files with 175 additions and 4 deletions
Download patch file Download diff file Expand all files Collapse all files

11
lib/pingpong.c
View file

@ -168,16 +168,22 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
char *s;
CURLcode result;
struct connectdata *conn = pp->conn;
struct Curl_easy *data = conn->data;
struct Curl_easy *data;
#ifdef HAVE_GSSAPI
enum protection_level data_sec = conn->data_prot;
enum protection_level data_sec;
#endif
DEBUGASSERT(pp->sendleft == 0);
DEBUGASSERT(pp->sendsize == 0);
DEBUGASSERT(pp->sendthis == NULL);
if(!conn)
/* can't send without a connection! */
return CURLE_SEND_ERROR;
data = conn->data;
fmt_crlf = aprintf("%s\r\n", fmt); /* append a trailing CRLF */
if(!fmt_crlf)
return CURLE_OUT_OF_MEMORY;
@ -205,6 +211,7 @@ CURLcode Curl_pp_vsendf(struct pingpong *pp,
result = Curl_write(conn, conn->sock[FIRSTSOCKET], s, write_len,
&bytes_written);
#ifdef HAVE_GSSAPI
data_sec = conn->data_prot;
DEBUGASSERT(data_sec > PROT_NONE && data_sec < PROT_LAST);
conn->data_prot = data_sec;
#endif