Suspicious code in net_socket.c
Roman S
roman at savelyev.net
Mon Mar 6 11:00:45 CET 2017
Good afternoon!
Module - net_socket.c
Function - get_known_addresses
---------------------------------------------------
struct addrinfo *nai = xzalloc(sizeof *nai);
if(ai)
ai->ai_next = nai;
ai = nai;
--------------------------------------------------
For my opinion, possible causes:
1. Lost trails (ai_next)
2. ai_next not initialized
3. Possible segfault during "freeaddrinfo" call in do_outgoing_connections
May be I don't understand logic?
If no misunderstandings, please, test fix before commiting.
Sorry, but I don't have enough time for complete testing, but fixed module
works well on Linux and Windows (1.14pre crashed under Windows after 1-600
sec. )
-----------------------------------
diff net_socket.c ~/tincn/tinc-1.1-7a54fe5/src/net_socket.c
573d572
< struct addrinfo *oai = NULL;
589,590c588,591
< oai=ai;
< ai = xzalloc(sizeof *ai);
---
> struct addrinfo *nai = xzalloc(sizeof *nai);
> if(ai)
> ai->ai_next = nai;
> ai = nai;
597,599d597
< ai->ai_next = oai;
< }
-----------------------------------
--
Rgds!
Roman Savelyev
More information about the tinc-devel
mailing list