path: root/abs/core/curl/0001-connection_check-restore-original-conn-data-after-th.patch
diff options
Diffstat (limited to 'abs/core/curl/0001-connection_check-restore-original-conn-data-after-th.patch')
1 files changed, 77 insertions, 0 deletions
diff --git a/abs/core/curl/0001-connection_check-restore-original-conn-data-after-th.patch b/abs/core/curl/0001-connection_check-restore-original-conn-data-after-th.patch
new file mode 100644
index 0000000..e5ed809
--- /dev/null
+++ b/abs/core/curl/0001-connection_check-restore-original-conn-data-after-th.patch
@@ -0,0 +1,77 @@
+From 4015fae044ce52a639c9358e22a9e948f287c89f Mon Sep 17 00:00:00 2001
+Message-Id: <>
+From: Jay Satiro <>
+Date: Mon, 11 Feb 2019 23:00:00 -0500
+Subject: [PATCH] connection_check: restore original conn->data after the check
+- Save the original conn->data before it's changed to the specified
+ data transfer for the connection check and then restore it afterwards.
+This is a follow-up to 38d8e1b 2019-02-11.
+It was discovered a month ago that before checking whether to extract a
+dead connection that that connection should be associated with a "live"
+transfer for the check (ie original conn->data ignored and set to the
+passed in data). A fix was landed in 54b201b which did that and also
+cleared conn->data after the check. The original conn->data was not
+restored, so presumably it was thought that a valid conn->data was no
+longer needed.
+Several days later it was discovered that a valid conn->data was needed
+after the check and follow-up fix was landed in bbae24c which partially
+reverted the original fix and attempted to limit the scope of when
+conn->data was changed to only when pruning dead connections. In that
+case conn->data was not cleared and the original conn->data not
+A month later it was discovered that the original fix was somewhat
+correct; a "live" transfer is needed for the check in all cases
+because original conn->data could be null which could cause a bad deref
+at arbitrary points in the check. A fix was landed in 38d8e1b which
+expanded the scope to all cases. conn->data was not cleared and the
+original conn->data not restored.
+A day later it was discovered that not restoring the original conn->data
+may lead to busy loops in applications that use the event interface, and
+given this observation it's a pretty safe assumption that there is some
+code path that still needs the original conn->data. This commit is the
+follow-up fix for that, it restores the original conn->data after the
+connection check.
+Closes #3559
+ lib/url.c | 3 ++-
+ 1 file changed, 2 insertions(+), 1 deletion(-)
+diff --git a/lib/url.c b/lib/url.c
+index bc47685db..46c8fb5fb 100644
+--- a/lib/url.c
++++ b/lib/url.c
+@@ -964,8 +964,10 @@ static bool extract_if_dead(struct connectdata *conn,
+ /* The protocol has a special method for checking the state of the
+ connection. Use it to check if the connection is dead. */
+ unsigned int state;
++ struct Curl_easy *olddata = conn->data;
+ conn->data = data; /* use this transfer for now */
+ state = conn->handler->connection_check(conn, CONNCHECK_ISDEAD);
++ conn->data = olddata;
+ dead = (state & CONNRESULT_DEAD);
+ }
+ else {
+@@ -994,7 +996,6 @@ struct prunedead {
+ static int call_extract_if_dead(struct connectdata *conn, void *param)
+ {
+ struct prunedead *p = (struct prunedead *)param;
+- conn->data = p->data; /* transfer to use for this check */
+ if(extract_if_dead(conn, p->data)) {
+ /* stop the iteration here, pass back the connection that was extracted */
+ p->extracted = conn;