From cffebd7fd6b7d9f24793f94fbae2a62c05c46eb0 Mon Sep 17 00:00:00 2001 From: Daniel Stenberg Date: Tue, 7 Mar 2006 23:11:41 +0000 Subject: [PATCH] Markus Koetter filed debian bug report #355715 which identified a problem with the multi interface and multi-part formposts. The fix from February 22nd could make the Curl_done() function get called twice on the same connection and it was not designed for that and thus tried to call free() on an already freed memory area! --- CHANGES | 6 ++++++ RELEASE-NOTES | 4 +++- lib/url.c | 6 ++++++ lib/urldata.h | 4 ++++ 4 files changed, 19 insertions(+), 1 deletion(-) diff --git a/CHANGES b/CHANGES index bb1c24d25..95a9c2a49 100644 --- a/CHANGES +++ b/CHANGES @@ -7,6 +7,12 @@ Changelog Daniel (7 March 2006) +- Markus Koetter filed debian bug report #355715 which identified a problem + with the multi interface and multi-part formposts. The fix from February + 22nd could make the Curl_done() function get called twice on the same + connection and it was not designed for that and thus tried to call free() on + an already freed memory area! + - Peter Heuchert made sure the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is used properly. diff --git a/RELEASE-NOTES b/RELEASE-NOTES index a54f8d9dd..4de87c211 100644 --- a/RELEASE-NOTES +++ b/RELEASE-NOTES @@ -15,6 +15,7 @@ This release includes the following changes: This release includes the following bugfixes: + o multi-part formpost with multi interface crash o the CURLFTPSSL_CONTROL setting for CURLOPT_FTP_SSL is acknowledged o "SSL: couldn't set callback" is now a less serious problem o Interix build fix @@ -28,6 +29,7 @@ Other curl-related news since the previous public release: This release would not have looked like this without help, code, reports and advice from friends like these: - Gisle Vanem, Dan Fandrich, Thomas Klausner, Todd Vierling, Peter Heuchert + Gisle Vanem, Dan Fandrich, Thomas Klausner, Todd Vierling, Peter Heuchert, + Markus Koetter Thanks! (and sorry if I forgot to mention someone) diff --git a/lib/url.c b/lib/url.c index 4eeb1dc9a..9a715c9f0 100644 --- a/lib/url.c +++ b/lib/url.c @@ -3982,6 +3982,11 @@ CURLcode Curl_done(struct connectdata **connp, struct connectdata *conn = *connp; struct SessionHandle *data=conn->data; + if(conn->bits.done) + return CURLE_OK; /* Curl_done() has already been called */ + + conn->bits.done = TRUE; /* called just now! */ + /* cleanups done even if the connection is re-used */ if(conn->bits.rangestringalloc) { free(conn->range); @@ -4047,6 +4052,7 @@ CURLcode Curl_do(struct connectdata **connp, bool *done) struct connectdata *conn = *connp; struct SessionHandle *data=conn->data; + conn->bits.done = FALSE; /* Curl_done() is not called yet */ conn->bits.do_more = FALSE; /* by default there's no curl_do_more() to use */ if(conn->curl_do) { diff --git a/lib/urldata.h b/lib/urldata.h index a3802b7c3..6cb3729b9 100644 --- a/lib/urldata.h +++ b/lib/urldata.h @@ -432,6 +432,10 @@ struct ConnectBits { bool trailerHdrPresent; /* Set when Trailer: header found in HTTP response. Required to determine whether to look for trailers in case of Transfer-Encoding: chunking */ + bool done; /* set to FALSE when Curl_do() is called and set to TRUE + when Curl_done() is called, to prevent Curl_done() to + get invoked twice when the multi interface is + used. */ }; struct hostname {