1) The sockaddr_t * returned may be part of memory freed by the call to
freeaddrinfo().
2) The sockaddr_t * returned from a recently seen address not in the
cache was cast from struct addrinfo *ai, not the struct sockaddr *
inside of it.
3) In do_outgoing_connection(), when filling in the address in the
connection_t, there is a buffer overflow (read, not write) if
the sa returned by get_recent_address() didn't come from the
cache of recently seen addresses. That is, it was really a
struct sockaddr * and not a sockaddr_t *. This last was
found by building tinc with address sanitizer.
projects / tinc / commitdiff