curl/curl
1
1
Fork 0
mirror of https://github.com/curl/curl.git synced 2025-09-10 14:12:41 +03:00
Code Issues Packages Projects Releases Wiki Activity

multi: call protocol handler done() if PROTOCONNECT or later

Browse Source 
The protocol handlers' done() function would previous get called
unconditionally in multi_done(), no matter how far the easy handle's
state machine has transitioned.

This caused problems in IMAP which in imap_connect() initializes things
that the imap_done() function assumes has occured. I think that seems
like a correct assumption and we should rather make sure that the done()
function is only called if we have reached the PROTOCONNECT state.

This problem was found using OSS-Fuzz.

Assisted-by: Catena cyber

Closes #16681
This commit is contained in:
Daniel Stenberg 2025-03-12 11:22:49 +01:00
parent 886569e2db
commit 0bb8465b1e
No known key found for this signature in database
GPG Key ID: 5CC908FDB71E12C2
1 changed files with 1 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
lib/multi.c
View File

@ -570,7 +570,7 @@ static CURLcode multi_done(struct Curl_easy *data,
} }
/* this calls the protocol-specific function pointer previously set */ /* this calls the protocol-specific function pointer previously set */
if(conn->handler->done) if(conn->handler->done && (data->mstate >= MSTATE_PROTOCONNECT))
result = conn->handler->done(data, status, premature); result = conn->handler->done(data, status, premature);
else else
result = status; result = status;