Noticed reproducible crashes when reusing easy_handle to download file from FTPS sites.

The code tries to list the directory content first, and then reuses the same easy_handle to download the file. At first, we thought the crash was related to the fact that we were using libcurl in a multiple threaded environment, but the POC code showed the crashes happened even with one thread. We also tried the locking callback mentioned in https://curl.haxx.se/libcurl/c/threaded-ssl.html, and it still crashed. We tried 4 different FTPS sites, and they all crashed in the same manner.

Similar code does not crash with FTP or SFTP sites (with minor CURL_OPT settings changes for FTP and SFTP sites).

Proof of Concept code (login, path, host had to be removed, no error checking, code duplication was intentional)

See attachment
ftp.zip

I expected the following

No crash.
curl_easy_handle is reusable by simply resetting CURLOPT_URL.

curl/libcurl version

libcurl: 7.59.0
openssl: OpenSSL 1.0.2n (We cannot use 1.1 yet)

Verbose Output:

See attachment above

Core dump:

Program terminated with signal SIGSEGV, Segmentation fault.
#0 0x00000000004d6c64 in SSL_write ()
(gdb) bt
#0 0x00000000004d6c64 in SSL_write ()
#1 0x000000000048227f in ossl_send ()
#2 0x000000000045e22d in Curl_write ()
#3 0x000000000045a551 in Curl_add_buffer_send ()
#4 0x000000000044736f in Curl_proxyCONNECT ()
#5 0x0000000000447df6 in Curl_proxy_connect ()
#6 0x000000000048ad25 in ftp_do_more ()
#7 0x0000000000443bad in multi_runsingle ()
#8 0x0000000000444c4b in curl_multi_perform ()
#9 0x000000000043f03c in curl_easy_perform ()
#10 0x000000000043e241 in main (argc=, argv=)
at main.cpp:91

operating system

Red Hat Enterprise Linux Server release 6.8