From: Guus Sliepen Date: Sat, 6 Oct 2012 19:15:19 +0000 (+0200) Subject: Clear connection options and status fields in free_connection_partially(). X-Git-Tag: release-1.1pre3~28 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=86116bb022f0b885638ff9ba21b359fc9f55286a;p=oweals%2Ftinc.git Clear connection options and status fields in free_connection_partially(). Most fields should be zero when reusing a connection. In particular, when an outgoing connection to a node which is reachable on more than one address is made, the second connection to that node will have status.encryptout set but outctx will be NULL, causing a NULL pointer dereference when EVP_EncryptUpdate() is called in send_meta() when it shouldn't. --- diff --git a/src/connection.c b/src/connection.c index fafec5d..0293100 100644 --- a/src/connection.c +++ b/src/connection.c @@ -83,9 +83,21 @@ void free_connection_partially(connection_t *c) { c->socket = -1; + c->options = 0; + c->status.pinged = false; + c->status.connecting = false; + c->status.encryptout = false; + c->status.decryptin = false; + c->status.mst = false; + c->status.control = false; + c->status.pcap = false; + c->status.log = false; + c->protocol_major = 0; c->protocol_minor = 0; c->allow_request = 0; + c->tcplen = 0; + c->last_ping_time = 0; } void free_connection(connection_t *c) { diff --git a/src/connection.h b/src/connection.h index 854e29f..3ed0e31 100644 --- a/src/connection.h +++ b/src/connection.h @@ -38,7 +38,7 @@ typedef struct connection_status_t { unsigned int pinged:1; /* sent ping */ unsigned int active:1; /* 1 if active.. */ unsigned int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ - unsigned int termreq:1; /* the termination of this connection was requested */ + unsigned int unused_termreq:1; /* the termination of this connection was requested */ unsigned int remove_unused:1; /* Set to 1 if you want this connection removed */ unsigned int timeout_unused:1; /* 1 if gotten timeout */ unsigned int encryptout:1; /* 1 if we can encrypt outgoing traffic */