generic-library/curl
1
0
Fork 0
Code Issues Pull Requests Releases Wiki Activity

curl_easy_getopt: Handle API violation gracefully

Browse Source 
This fixes a NULL dereference in the case where the client asks for
CURLINFO_TLS_SESSION data after the (TLS) session has already been
destroyed (i.e. curl_easy_perform has already completed for this
handle). Instead of crashing, we now return a CURLSSLBACKEND_NONE
error.
This commit is contained in:
Christian Grothoff 2013-11-27 23:28:26 +01:00 committed by Steve Holme
parent 7b9365c65f
commit 59f1209fad
1 changed files with 3 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
lib/getinfo.c
View File

@ -288,6 +288,9 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
tlsinfo->ssl_backend = CURLSSLBACKEND_NONE;
tlsinfo->internals = NULL;
if(!conn)
break;
/* Find the active ("in use") SSL connection, if any */
while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
(!conn->ssl[sockindex].use))