Stop invoking undefined behaviour by using tor_free() on an unaligned pointer

... in get_interface_addresses_ioctl(). This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have 8-byte ints.) Fixes bug 24733; not in any released version of tor.
author: teor <teor2345@gmail.com> 2017-12-24 22:36:52 +1100
committer: Nick Mathewson <nickm@torproject.org> 2018-01-10 12:57:13 -0500
commit: 54899b404cbde5a24984e4865eed112f303398f6 (patch)
tree: be390f047d447e139e659c43fbb05139e16e2faa /src/common/address.c
parent: f5d89fab2525fd8a105f9f0ea9258147bf16290e (diff)
download: tor-54899b404cbde5a24984e4865eed112f303398f6.tar.gz
tor-54899b404cbde5a24984e4865eed112f303398f6.zip
1 files changed, 5 insertions, 1 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 0c0ba782ae..ea14e63926 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1601,7 +1601,11 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
  done:
   if (fd >= 0)
     close(fd);
-  tor_free(ifc.ifc_buf);
+  /* On macOS, tor_free() loads ifc.ifc_buf, which leads to undefined
+   * behaviour, because it is always aligned at 8-bytes (ifc) plus 4 bytes
+   * (ifc_len and pragma pack(4)). So we use raw_free() instead. */
+  raw_free(ifc.ifc_buf);
+  ifc.ifc_buf = NULL;
   return result;
 }
 #endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */
author	teor <teor2345@gmail.com>	2017-12-24 22:36:52 +1100
committer	Nick Mathewson <nickm@torproject.org>	2018-01-10 12:57:13 -0500
commit	54899b404cbde5a24984e4865eed112f303398f6 (patch)
tree	be390f047d447e139e659c43fbb05139e16e2faa /src/common/address.c
parent	f5d89fab2525fd8a105f9f0ea9258147bf16290e (diff)
download	tor-54899b404cbde5a24984e4865eed112f303398f6.tar.gz tor-54899b404cbde5a24984e4865eed112f303398f6.zip