- Norbert Frese filed bug report #1951588: "Problem with curlftpfs and

  libcurl" (http://curl.haxx.se/bug/view.cgi?id=1951588) which seems to be an
  identical report to what Denis Golovan reported in
  http://curl.haxx.se/mail/lib-2008-02/0108.html The FTP code didn't reset the
  user/password pointers properly even though there might've been a new
  struct/cconnection getting used.

diff --git a/CHANGES b/CHANGES
index 600afab..ae614ab 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -7,6 +7,14 @@
                                   Changelog
 
 
+Daniel Stenberg (28 Apr 2008)
+- Norbert Frese filed bug report #1951588: "Problem with curlftpfs and
+  libcurl" (http://curl.haxx.se/bug/view.cgi?id=1951588) which seems to be an
+  identical report to what Denis Golovan reported in
+  http://curl.haxx.se/mail/lib-2008-02/0108.html The FTP code didn't reset the
+  user/password pointers properly even though there might've been a new
+  struct/cconnection getting used.
+
 Daniel Stenberg (26 Apr 2008)
 - Reverted back to use automake 1.9.6 in the next release (from automake
   1.10.1) since it *still* suffers from Solaris-related bugs. Our previous

diff --git a/RELEASE-NOTES b/RELEASE-NOTES
index 20ae4f2..13bd9e7 100644 (file)
--- a/RELEASE-NOTES
+++ b/RELEASE-NOTES
@@ -23,6 +23,8 @@ This release includes the following bugfixes:
  o malloc() failure check in Negotiate
  o -i and -I together now work the same no matter what order they're used
  o the typechecker can be bypassed by defining CURL_DISABLE_TYPECHECK
+ o a pointer mixup could make the FTP code send bad user+password under rare
+   circumstances (found when using curlftpfs)
 
 This release includes the following known bugs:
 
@@ -30,7 +32,9 @@ This release includes the following known bugs:
 
 Other curl-related news:
 
- o 
+ o pycurl 7.18.1 was released: http://pycurl.sf.net/
+ o brand new curl Haskell binding:
+   http://hackage.haskell.org/cgi-bin/hackage-scripts/package/curl
 
 New curl mirrors:
 
@@ -41,6 +45,6 @@ advice from friends like these:
 
  Michal Marek, Daniel Fandrich, Scott Barrett, Alexey Simak, Daniel Black,
  Rafa Muyo, Andre Guibert de Bruet, Brock Noland, Sandor Feldi, Stefan Krause,
- David Shaw
+ David Shaw, Norbert Frese
 
         Thanks! (and sorry if I forgot to mention someone)

diff --git a/lib/ftp.c b/lib/ftp.c
index 02f9a2a..649da81 100644 (file)
--- a/lib/ftp.c
+++ b/lib/ftp.c
@@ -3006,20 +3006,22 @@ static CURLcode ftp_easy_statemach(struct connectdata *conn)
 static CURLcode ftp_init(struct connectdata *conn)
 {
   struct SessionHandle *data = conn->data;
-  struct FTP *ftp;
-  if(data->state.proto.ftp)
-    return CURLE_OK;
-
-  ftp = (struct FTP *)calloc(sizeof(struct FTP), 1);
-  if(!ftp)
-    return CURLE_OUT_OF_MEMORY;
+  struct FTP *ftp = data->state.proto.ftp;
+  if(!ftp) {
+    ftp = (struct FTP *)calloc(sizeof(struct FTP), 1);
+    if(!ftp)
+      return CURLE_OUT_OF_MEMORY;
 
-  data->state.proto.ftp = ftp;
+    data->state.proto.ftp = ftp;
+  }
 
   /* get some initial data into the ftp struct */
   ftp->bytecountp = &data->req.bytecount;
 
-  /* no need to duplicate them, this connectdata struct won't change */
+  /* No need to duplicate user+password, the connectdata struct won't change
+     during a session, but we re-init them here since on subsequent inits
+     since the conn struct may have changed or been replaced.
+  */
   ftp->user = conn->user;
   ftp->passwd = conn->passwd;
   if(isBadFtpString(ftp->user) || isBadFtpString(ftp->passwd))