aboutsummaryrefslogtreecommitdiff
path: root/src/common
diff options
context:
space:
mode:
authorteor <teor2345@gmail.com>2017-12-24 22:36:52 +1100
committerNick Mathewson <nickm@torproject.org>2018-01-10 12:57:13 -0500
commit54899b404cbde5a24984e4865eed112f303398f6 (patch)
treebe390f047d447e139e659c43fbb05139e16e2faa /src/common
parentf5d89fab2525fd8a105f9f0ea9258147bf16290e (diff)
downloadtor-54899b404cbde5a24984e4865eed112f303398f6.tar.gz
tor-54899b404cbde5a24984e4865eed112f303398f6.zip
Stop invoking undefined behaviour by using tor_free() on an unaligned pointer
... in get_interface_addresses_ioctl(). This pointer alignment issue exists on x86_64 macOS, but is unlikely to exist elsewhere. (i386 macOS only requires 4-byte alignment, and other OSs have 8-byte ints.) Fixes bug 24733; not in any released version of tor.
Diffstat (limited to 'src/common')
-rw-r--r--src/common/address.c6
1 files changed, 5 insertions, 1 deletions
diff --git a/src/common/address.c b/src/common/address.c
index 0c0ba782ae..ea14e63926 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1601,7 +1601,11 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
done:
if (fd >= 0)
close(fd);
- tor_free(ifc.ifc_buf);
+ /* On macOS, tor_free() loads ifc.ifc_buf, which leads to undefined
+ * behaviour, because it is always aligned at 8-bytes (ifc) plus 4 bytes
+ * (ifc_len and pragma pack(4)). So we use raw_free() instead. */
+ raw_free(ifc.ifc_buf);
+ ifc.ifc_buf = NULL;
return result;
}
#endif /* defined(HAVE_IFCONF_TO_SMARTLIST) */