[PATCH] segfault when explicitly setting Host header and using CURLOPT_FOLLOWLOCATION
Date: Wed, 22 Apr 2009 19:55:54 -0700
We're running into a segfault when setting an explicit "Host:" header with
CURLOPT_HTTPHEADER and CURLOPT_FOLLOWLOCATION is set to 1. The bug occurs
when the server returns a redirect and curl is trying to decide whether to
keep track of the original host name for cookies.
The line of code that crashes is in Curl_http(). It is trying to
string-compare data->state.first_host, unfortunately data->state.first_host
is null at that point because this_is_a_follow is true at the time we called
Curl_http_connect(). In the other place we check the first_host field (in
http_output_auth()), we first check if it is null. So I think the
null-check was inadvertently left off.
I've attached a patch. This patch seems to fix the problem.
- application/octet-stream attachment: libcurl_nullptr_host_followlocation.diff