- Kevin Baughman found a double close() problem with libcurl-NSS, as when

libcurl called NSS to close the SSL "session" it also closed the actual socket.
2009-10-18 00:10:13 +00:00 · 2009-10-18 00:10:13 +00:00 · 167a92810a
parent b8b8c3d538
commit 167a92810a
3 changed files with 13 additions and 2 deletions
--- a/5
+++ b/5
@ -6,6 +6,11 @@

                                  Changelog

+Daniel Stenberg (18 Oct 2009)
+- Kevin Baughman found a double close() problem with libcurl-NSS, as when
+  libcurl called NSS to close the SSL "session" it also closed the actual
+  socket.
+
 Yang Tse (17 Oct 2009)
 - Bug report #2866724 indicated
  (http://curl.haxx.se/bug/view.cgi?id=2866724) that curl on Windows failed
--- a/2
+++ b/2
@ -36,6 +36,7 @@ This release includes the following bugfixes:
 o don't shrink SO_SNDBUF on windows for those who have it set large already
 o connect next bug
 o invalid file name characters handling on Windows
+ o double close() on the primary socket with libcurl-NSS

 This release includes the following known bugs:

@ -48,5 +49,6 @@ advice from friends like these:
 Michal Marek, Eric Wong, Guenter Knauf, Peter Sylvester, Daniel Johnson,
 Claes Jakobsson, Sven Anders, Chris Mumford, John P. McCaskey,
 Constantine Sapuntzakis, Michael Stillwell, Tom Mueller, Dan Fandrich,
+ Kevin Baughman

        Thanks! (and sorry if I forgot to mention someone)
--- a/lib/nss.c
+++ b/lib/nss.c
@ -927,11 +927,15 @@ void Curl_nss_close(struct connectdata *conn, int sockindex)

  if(connssl->handle) {
    PR_Close(connssl->handle);
+
+    /* NSS closes the socket we previously handed to it, so we must mark it
+       as closed to avoid double close */
+    conn->sock[sockindex] = CURL_SOCKET_BAD;
    if(connssl->client_nickname != NULL) {
      free(connssl->client_nickname);
      connssl->client_nickname = NULL;
    }
-#ifdef HAVE_PK11_CREATEGENERICOBJECT      
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
    if(connssl->key)
      (void)PK11_DestroyGenericObject(connssl->key);
    if(connssl->cacert[1])
@ -973,7 +977,7 @@ CURLcode Curl_nss_connect(struct connectdata *conn, int sockindex)

  connssl->data = data;

-#ifdef HAVE_PK11_CREATEGENERICOBJECT  
+#ifdef HAVE_PK11_CREATEGENERICOBJECT
  connssl->cacert[0] = NULL;
  connssl->cacert[1] = NULL;
  connssl->key = NULL;