From 0f53f489916eae57dd47b7c871295efb9bf02323 Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Sat, 6 Oct 2012 21:05:02 +0200 Subject: [PATCH] Clear connection options and status fields in free_connection_partially(). Most fields should be zero when reusing a connection. In particular, when an outgoing connection to a node which is reachable on more than one address is made, the second connection to that node will have status.encryptout set but outctx will be NULL, causing a NULL pointer dereference when EVP_EncryptUpdate() is called in send_meta() when it shouldn't. --- src/connection.c | 11 +++++++++++ src/connection.h | 2 +- 2 files changed, 12 insertions(+), 1 deletion(-) diff --git a/src/connection.c b/src/connection.c index 9b752fad..fd7ae843 100644 --- a/src/connection.c +++ b/src/connection.c @@ -73,6 +73,15 @@ void free_connection_partially(connection_t *c) { c->hischallenge = NULL; c->outbuf = NULL; + c->status.pinged = false; + c->status.active = false; + c->status.connecting = false; + c->status.timeout = false; + c->status.encryptout = false; + c->status.decryptin = false; + c->status.mst = false; + + c->options = 0; c->buflen = 0; c->reqlen = 0; c->tcplen = 0; @@ -80,6 +89,8 @@ void free_connection_partially(connection_t *c) { c->outbuflen = 0; c->outbufsize = 0; c->outbufstart = 0; + c->last_ping_time = 0; + c->last_flushed_time = 0; if(c->inctx) { EVP_CIPHER_CTX_cleanup(c->inctx); diff --git a/src/connection.h b/src/connection.h index fbe4e02c..877601fe 100644 --- a/src/connection.h +++ b/src/connection.h @@ -35,7 +35,7 @@ typedef struct connection_status_t { unsigned int pinged:1; /* sent ping */ unsigned int active:1; /* 1 if active.. */ unsigned int connecting:1; /* 1 if we are waiting for a non-blocking connect() to finish */ - unsigned int termreq:1; /* the termination of this connection was requested */ + unsigned int unused_termreq:1; /* the termination of this connection was requested */ unsigned int remove:1; /* Set to 1 if you want this connection removed */ unsigned int timeout:1; /* 1 if gotten timeout */ unsigned int encryptout:1; /* 1 if we can encrypt outgoing traffic */ -- 2.20.1