Clear connection options and status fields in free_connection_partially().
authorGuus Sliepen <guus@tinc-vpn.org>
Sat, 6 Oct 2012 19:15:19 +0000 (21:15 +0200)
committerGuus Sliepen <guus@tinc-vpn.org>
Sat, 6 Oct 2012 19:15:19 +0000 (21:15 +0200)
Most fields should be zero when reusing a connection. In particular, when an
outgoing connection to a node which is reachable on more than one address is
made, the second connection to that node will have status.encryptout set but
outctx will be NULL, causing a NULL pointer dereference when
EVP_EncryptUpdate() is called in send_meta() when it shouldn't.

src/connection.c
src/connection.h

index fafec5db7e85e8e5b4a50b7d0da7990146a4e1a3..0293100e709400b39afae9d79724db76ec0e5c43 100644 (file)
@@ -83,9 +83,21 @@ void free_connection_partially(connection_t *c) {
 
        c->socket = -1;
 
+       c->options = 0;
+       c->status.pinged = false;
+       c->status.connecting = false;
+       c->status.encryptout = false;
+       c->status.decryptin = false;
+       c->status.mst = false;
+       c->status.control = false;
+       c->status.pcap = false;
+       c->status.log = false;
+
        c->protocol_major = 0;
        c->protocol_minor = 0;
        c->allow_request = 0;
+       c->tcplen = 0;
+       c->last_ping_time = 0;
 }
 
 void free_connection(connection_t *c) {
index 854e29f23a56bbb5a8540bb27749afb152ca3d46..3ed0e31744e90f4bab4355573380bb99b3582939 100644 (file)
@@ -38,7 +38,7 @@ typedef struct connection_status_t {
                unsigned int pinged:1;                  /* sent ping */
                unsigned int active:1;                  /* 1 if active.. */
                unsigned int connecting:1;              /* 1 if we are waiting for a non-blocking connect() to finish */
-               unsigned int termreq:1;                 /* the termination of this connection was requested */
+               unsigned int unused_termreq:1;          /* the termination of this connection was requested */
                unsigned int remove_unused:1;           /* Set to 1 if you want this connection removed */
                unsigned int timeout_unused:1;          /* 1 if gotten timeout */
                unsigned int encryptout:1;              /* 1 if we can encrypt outgoing traffic */