From 0f5895faee96934fdeea82f42f45bb3e53b915e5 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Thu, 11 Dec 2008 23:52:56 +0000 Subject: [PATCH] - Bug report #2416182 titled "crash in ConnectionExists when using duphandle+curl_mutli" (http://curl.haxx.se/bug/view.cgi?id=2416182) showed that curl_easy_duphandle() wrongly also copied the pointer to the connection cache, which was plain wrong and caused a segfault if the handle would be used in a different multi handle than the handle it was duplicated from. --- CHANGES | 7 +++++++ RELEASE-NOTES | 1 + lib/easy.c | 9 ++------- 3 files changed, 10 insertions(+), 7 deletions(-) diff --git a/CHANGES b/CHANGES index b428af81c..8398d27e9 100644 --- a/CHANGES +++ b/CHANGES @@ -6,6 +6,13 @@ Changelog +Daniel Stenberg (12 Dec 2008) +- Bug report #2416182 titled "crash in ConnectionExists when using + duphandle+curl_mutli" (http://curl.haxx.se/bug/view.cgi?id=2416182) showed + that curl_easy_duphandle() wrongly also copied the pointer to the connection + cache, which was plain wrong and caused a segfault if the handle would be + used in a different multi handle than the handle it was duplicated from. + Daniel Stenberg (11 Dec 2008) - Keshav Krity found out that libcurl failed to deal with dotted IPv6 addresses if they were very long (>39 letters) due to a too strict address diff --git a/RELEASE-NOTES b/RELEASE-NOTES index da0d98ba9..5d7de1253 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -28,6 +28,7 @@ This release includes the following bugfixes: o 550 response from SIZE no longer treated as missing file o ftps:// control connections now use explicit protection level o dotted IPv6 addresses longer than 39 bytes failed + o curl_easy_duphandle() doesn't try to duplicate the connection cache pointer This release includes the following known bugs: diff --git a/lib/easy.c b/lib/easy.c index 2c2490142..ae669f9be 100644 --- a/lib/easy.c +++ b/lib/easy.c @@ -624,13 +624,8 @@ CURL *curl_easy_duphandle(CURL *incurl) if(Curl_dupset(outcurl, data) != CURLE_OK) break; - if(data->state.used_interface == Curl_if_multi) - outcurl->state.connc = data->state.connc; - else - outcurl->state.connc = Curl_mk_connc(CONNCACHE_PRIVATE, -1); - - if(!outcurl->state.connc) - break; + /* the connection cache is setup on demand */ + outcurl->state.connc = NULL; outcurl->state.lastconnect = -1;