summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorDaniel Stenberg <daniel@haxx.se>2018-06-20 23:00:36 +0200
committerDaniel Stenberg <daniel@haxx.se>2018-06-21 09:44:04 +0200
commit2c15693a3c355d8296a1828123a864397296460b (patch)
tree4c63ede95b6ad7ee2924464ba5a27a5314c55736
parentdfb873e308eb19ee31064bb2a398f7da7b58873c (diff)
downloadcurl-2c15693a3c355d8296a1828123a864397296460b.tar.gz
url: fix dangling conn->data pointer
By masking sure to use the *current* easy handle with extracted connections from the cache, and make sure to NULLify the ->data pointer when the connection is put into the cache to make this mistake easier to detect in the future. Reported-by: Will Dietz Fixes #2669 Closes #2672
-rw-r--r--lib/conncache.c3
-rw-r--r--lib/connect.c6
-rw-r--r--lib/url.c2
3 files changed, 7 insertions, 4 deletions
diff --git a/lib/conncache.c b/lib/conncache.c
index 6bd06582a..066542915 100644
--- a/lib/conncache.c
+++ b/lib/conncache.c
@@ -6,7 +6,7 @@
* \___|\___/|_| \_\_____|
*
* Copyright (C) 2012 - 2016, Linus Nielsen Feltzing, <linus@haxx.se>
- * Copyright (C) 2012 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 2012 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -451,6 +451,7 @@ bool Curl_conncache_return_conn(struct connectdata *conn)
}
CONN_LOCK(data);
conn->inuse = FALSE; /* Mark the connection unused */
+ conn->data = NULL; /* no owner */
CONN_UNLOCK(data);
return (conn_candidate == conn) ? FALSE : TRUE;
diff --git a/lib/connect.c b/lib/connect.c
index 12ae817e3..41f220268 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -5,7 +5,7 @@
* | (__| |_| | _ <| |___
* \___|\___/|_| \_\_____|
*
- * Copyright (C) 1998 - 2017, Daniel Stenberg, <daniel@haxx.se>, et al.
+ * Copyright (C) 1998 - 2018, Daniel Stenberg, <daniel@haxx.se>, et al.
*
* This software is licensed as described in the file COPYING, which
* you should have received as part of this distribution. The terms
@@ -1259,9 +1259,11 @@ curl_socket_t Curl_getconnectinfo(struct Curl_easy *data,
return CURL_SOCKET_BAD;
}
- if(connp)
+ if(connp) {
/* only store this if the caller cares for it */
*connp = c;
+ c->data = data;
+ }
return c->sock[FIRSTSOCKET];
}
else
diff --git a/lib/url.c b/lib/url.c
index d29eddaea..0cab0a303 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -965,6 +965,7 @@ static bool extract_if_dead(struct connectdata *conn,
use */
bool dead;
+ conn->data = data;
if(conn->handler->connection_check) {
/* The protocol has a special method for checking the state of the
connection. Use it to check if the connection is dead. */
@@ -979,7 +980,6 @@ static bool extract_if_dead(struct connectdata *conn,
}
if(dead) {
- conn->data = data;
infof(data, "Connection %ld seems to be dead!\n", conn->connection_id);
Curl_conncache_remove_conn(conn, FALSE);
return TRUE;