summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--changes/bug184548
-rw-r--r--src/common/address.c6
2 files changed, 11 insertions, 3 deletions
diff --git a/changes/bug18454 b/changes/bug18454
new file mode 100644
index 0000000000..c573dae417
--- /dev/null
+++ b/changes/bug18454
@@ -0,0 +1,8 @@
+ o Minor bugfixes (memory safety):
+ - Avoid freeing an uninitialised pointer when opening a socket fails
+ in get_interface_addresses_ioctl.
+ Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha.
+ Reported by "toralf" and "cypherpunks", patch by "teor".
+ - Correctly duplicate addresses in get_interface_address6_list.
+ Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha.
+ Reported by "toralf", patch by "cypherpunks".
diff --git a/src/common/address.c b/src/common/address.c
index 8f1ce9dab7..793a40effc 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1525,6 +1525,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
{
/* Some older unixy systems make us use ioctl(SIOCGIFCONF) */
struct ifconf ifc;
+ ifc.ifc_buf = NULL;
int fd;
smartlist_t *result = NULL;
@@ -1547,7 +1548,6 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
}
int mult = 1;
- ifc.ifc_buf = NULL;
do {
mult *= 2;
ifc.ifc_len = mult * IFREQ_SIZE;
@@ -1790,7 +1790,7 @@ MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
if (get_interface_address6_via_udp_socket_hack(severity,AF_INET,
&addr) == 0) {
if (include_internal || !tor_addr_is_internal(&addr, 0)) {
- smartlist_add(addrs, tor_dup_addr(&addr));
+ smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
}
}
}
@@ -1799,7 +1799,7 @@ MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
if (get_interface_address6_via_udp_socket_hack(severity,AF_INET6,
&addr) == 0) {
if (include_internal || !tor_addr_is_internal(&addr, 0)) {
- smartlist_add(addrs, tor_dup_addr(&addr));
+ smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
}
}
}
7apu2bq3rhoylwmucxizk54afw5jyda7pho4j5zdcqpwkufke7zdzwad.onion