tinc 1.1: freeaddrinfo(NULL) crash on windows
Guus Sliepen
guus at tinc-vpn.org
Mon Jan 22 18:08:22 CET 2018
On Mon, Jan 22, 2018 at 09:51:33AM -0700, Todd C. Miller wrote:
> On Windows, freeaddrinfo(NULL) will result in a segv. In
> get_recent_address(), there is the following block of code:
>
> if(cache->aip) {
> sockaddr_t *sa = (sockaddr_t *)cache->aip->ai_addr;
> cache->aip = cache->aip->ai_next;
>
> if(!cache->aip) {
> freeaddrinfo(cache->aip);
> cache->aip = NULL;
> }
>
> return sa;
> }
>
> where freeaddrinfo() is called when cache->aip is guaranteed to be
> NULL. I get a bit confused with respect to cache->ai vs. cache->aip
> but that part of the code looks suspicious.
Thanks for reporting this bug! Indeed, that code is wrong. It should
free cache->ai instead of cache->aip. Even if it didn't crash on Linux,
it was a memory leak. A fix is now in the git repository.
--
Met vriendelijke groet / with kind regards,
Guus Sliepen <guus at tinc-vpn.org>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: signature.asc
Type: application/pgp-signature
Size: 833 bytes
Desc: not available
URL: <http://www.tinc-vpn.org/pipermail/tinc-devel/attachments/20180122/673ca4ba/attachment.sig>
More information about the tinc-devel
mailing list