diff options
author | Daniel Stenberg <daniel@haxx.se> | 2021-12-28 14:48:51 +0100 |
---|---|---|
committer | Daniel Stenberg <daniel@haxx.se> | 2021-12-29 23:20:03 +0100 |
commit | f77292663ca2ce7b82b52cb8a49d2704d6a8322a (patch) | |
tree | 050e72cd65b13b593428bf2d544496cb2723fc4a | |
parent | 8fbd6feddfa587cfd38d2a874f17d8580f01f511 (diff) | |
download | curl-f77292663ca2ce7b82b52cb8a49d2704d6a8322a.tar.gz |
http_proxy: don't close the socket (too early)
... and double-check in the OpenSSL shutdown that the socket is actually
still there before it is used.
Fixes #8193
Closes #8195
Reported-by: Leszek Kubik
-rw-r--r-- | lib/http_proxy.c | 2 | ||||
-rw-r--r-- | lib/vtls/openssl.c | 6 |
2 files changed, 6 insertions, 2 deletions
diff --git a/lib/http_proxy.c b/lib/http_proxy.c index e788babed..e13f485a7 100644 --- a/lib/http_proxy.c +++ b/lib/http_proxy.c @@ -674,8 +674,6 @@ static CURLcode CONNECT(struct Curl_easy *data, data->req.newurl = NULL; /* failure, close this connection to avoid re-use */ streamclose(conn, "proxy CONNECT failure"); - Curl_closesocket(data, conn, conn->sock[sockindex]); - conn->sock[sockindex] = CURL_SOCKET_BAD; } /* to back to init state */ diff --git a/lib/vtls/openssl.c b/lib/vtls/openssl.c index e508d4813..f836c63b0 100644 --- a/lib/vtls/openssl.c +++ b/lib/vtls/openssl.c @@ -1435,6 +1435,12 @@ static void ossl_closeone(struct Curl_easy *data, if(backend->handle) { char buf[32]; set_logger(conn, data); + /* + * The conn->sock[0] socket is passed to openssl with SSL_set_fd(). Make + * sure the socket is not closed before calling OpenSSL functions that + * will use it. + */ + DEBUGASSERT(conn->sock[FIRSTSOCKET] != CURL_SOCKET_BAD); /* Maybe the server has already sent a close notify alert. Read it to avoid an RST on the TCP connection. */ |