From 59f1209fadb6a32f7a957318d881185480580e91 Mon Sep 17 00:00:00 2001
From: Christian Grothoff <christian@grothoff.org>
Date: Wed, 27 Nov 2013 23:28:26 +0100
Subject: [PATCH] curl_easy_getopt: Handle API violation gracefully

This fixes a NULL dereference in the case where the client asks for
CURLINFO_TLS_SESSION data after the (TLS) session has already been
destroyed (i.e. curl_easy_perform has already completed for this
handle). Instead of crashing, we now return a CURLSSLBACKEND_NONE
error.
---
 lib/getinfo.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/lib/getinfo.c b/lib/getinfo.c
index 6a4e72e..cd5a62a 100644
--- a/lib/getinfo.c
+++ b/lib/getinfo.c
@@ -288,6 +288,9 @@ static CURLcode getinfo_slist(struct SessionHandle *data, CURLINFO info,
       tlsinfo->ssl_backend = CURLSSLBACKEND_NONE;
       tlsinfo->internals = NULL;
 
+      if(!conn)
+        break;
+
       /* Find the active ("in use") SSL connection, if any */
       while((sockindex < sizeof(conn->ssl) / sizeof(conn->ssl[0])) &&
             (!conn->ssl[sockindex].use))
-- 
2.7.4