checkconnection: don't call with NULL pointer

When checking if an existing RTSP connection is alive or not, the
checkconnection function might be called with a SessionHandle pointer
being NULL and then referenced causing a crash. This happened only using
the multi interface.

Reported by: Tinus van den Berg

Bug: http://curl.haxx.se/bug/view.cgi?id=3280739

diff --git a/lib/connect.c b/lib/connect.c
index 261b215..3cde180 100644 (file)
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -1122,6 +1122,9 @@ curl_socket_t Curl_getconnectinfo(struct SessionHandle *data,
                                   struct connectdata **connp)
 {
   curl_socket_t sockfd;
+
+  DEBUGASSERT(data);
+
   if((data->state.lastconnect != -1) &&
      (data->state.connc->connects[data->state.lastconnect] != NULL)) {
     struct connectdata *c =

diff --git a/lib/rtsp.c b/lib/rtsp.c
index 52cf5ef..56998c1 100644 (file)
--- a/lib/rtsp.c
+++ b/lib/rtsp.c
@@ -124,10 +124,10 @@ bool Curl_rtsp_connisdead(struct connectdata *check)
     /* socket is in an error state */
     ret_val = TRUE;
   }
-  else if (sval & CURL_CSELECT_IN) {
-    /* readable with no error. could be closed or could be alive */
-    curl_socket_t connectinfo =
-      Curl_getconnectinfo(check->data, &check);
+  else if ((sval & CURL_CSELECT_IN) && check->data) {
+    /* readable with no error. could be closed or could be alive but we can
+       only check if we have a proper SessionHandle for the connection */
+    curl_socket_t connectinfo = Curl_getconnectinfo(check->data, &check);
     if(connectinfo != CURL_SOCKET_BAD)
       ret_val = FALSE;
   }