From: Guus Sliepen <guus@tinc-vpn.org>
Date: Sat, 6 Oct 2012 19:05:02 +0000 (+0200)
Subject: Clear connection options and status fields in free_connection_partially().
X-Git-Tag: release-1.0.20~20
X-Git-Url: https://www.tinc-vpn.org/git/browse?p=tinc;a=commitdiff_plain;h=0f53f489916eae57dd47b7c871295efb9bf02323

Clear connection options and status fields in free_connection_partially().

Most fields should be zero when reusing a connection. In particular, when an
outgoing connection to a node which is reachable on more than one address is
made, the second connection to that node will have status.encryptout set but
outctx will be NULL, causing a NULL pointer dereference when
EVP_EncryptUpdate() is called in send_meta() when it shouldn't.
---

diff --git a/src/connection.c b/src/connection.c
index 9b752fad..fd7ae843 100644
--- a/src/connection.c
+++ b/src/connection.c
@@ -73,6 +73,15 @@ void free_connection_partially(connection_t *c) {
 	c->hischallenge = NULL;
 	c->outbuf = NULL;
 
+	c->status.pinged = false;
+	c->status.active = false;
+	c->status.connecting = false;
+	c->status.timeout = false;
+	c->status.encryptout = false;
+	c->status.decryptin = false;
+	c->status.mst = false;
+
+	c->options = 0;
 	c->buflen = 0;
 	c->reqlen = 0;
 	c->tcplen = 0;
@@ -80,6 +89,8 @@ void free_connection_partially(connection_t *c) {
 	c->outbuflen = 0;
 	c->outbufsize = 0;
 	c->outbufstart = 0;
+	c->last_ping_time = 0;
+	c->last_flushed_time = 0;
 
 	if(c->inctx) {
 		EVP_CIPHER_CTX_cleanup(c->inctx);
diff --git a/src/connection.h b/src/connection.h
index fbe4e02c..877601fe 100644
--- a/src/connection.h
+++ b/src/connection.h
@@ -35,7 +35,7 @@ typedef struct connection_status_t {
 	unsigned int pinged:1;				/* sent ping */
 	unsigned int active:1;				/* 1 if active.. */
 	unsigned int connecting:1;			/* 1 if we are waiting for a non-blocking connect() to finish */
-	unsigned int termreq:1;				/* the termination of this connection was requested */
+	unsigned int unused_termreq:1;			/* the termination of this connection was requested */
 	unsigned int remove:1;				/* Set to 1 if you want this connection removed */
 	unsigned int timeout:1;				/* 1 if gotten timeout */
 	unsigned int encryptout:1;			/* 1 if we can encrypt outgoing traffic */