A while ago I reported a problem with the following condition in
Curl_http that happened when first_host was actually null

  if(ptr && (!data->state.this_is_a_follow ||
             curl_strequal(data->state.first_host, conn->host.name))) {

The attached proxyauth.c file reproduces the problem consistently -
just define PROXY to point to a real proxy (the PROXYUSERPWD param may
optionally be changed, see below). In essence this is due to
connection reuse and proxy authentication negotiation, although the
failure does not depend on the authentication actually succeeding. The
following simple patch fixes the problem (although admittedly it may
run deeper than just the improper use of a null pointer). I believe
that my earlier encounter with this bug was when I tried to follow
redirections (again with connection reuse).

Cheers,
Shmul

Index: http.c
===================================================================
--- http.c (revision 1730)
+++ http.c (revision 1731)
@@ -1836,7 +1836,8 @@

   ptr = checkheaders(data, "Host:");
   if(ptr && (!data->state.this_is_a_follow ||
- curl_strequal(data->state.first_host, conn->host.name))) {
+ (data->state.first_host &&
+ curl_strequal(data->state.first_host, conn->host.name)))) {
 #if !defined(CURL_DISABLE_COOKIES)
     /* If we have a given custom Host: header, we extract the host name in
        order to possibly use it for cookie reasons later on. We only allow the