Fix potential segmentation fault on iOS.

The PONG handler could call freeaddrinfo() on a struct that was not
allocated with getaddrinfo(). On most platforms this apparently works
fine, but on iOS it will try to free memory that wasn't allocated. Fix
this by moving the code to reset an outgoing_t to a separate function,
and calling that from the PONG handler.

diff --git a/src/net.h b/src/net.h
index 262696d823a7522c7656a70d1dc20ddd222ec9b3..7cddebde22016982a6f7cd330e3afbcf2823c64b 100644 (file)
--- a/src/net.h
+++ b/src/net.h
@@ -93,6 +93,7 @@ extern char *get_name(struct meshlink_handle *mesh) __attribute__((__warn_unused
 extern void load_all_nodes(struct meshlink_handle *mesh);
 extern bool setup_myself_reloadable(struct meshlink_handle *mesh) __attribute__((__warn_unused_result__));
 extern bool setup_network(struct meshlink_handle *mesh) __attribute__((__warn_unused_result__));
+extern void reset_outgoing(struct outgoing_t *);
 extern void setup_outgoing_connection(struct meshlink_handle *mesh, struct outgoing_t *);
 extern void close_network_connections(struct meshlink_handle *mesh);
 extern void main_loop(struct meshlink_handle *mesh);

diff --git a/src/net_socket.c b/src/net_socket.c
index eb9e3fc41f98fca0fe15bf8d0b998425e69553fd..7e05ab9362b4ecd9d6d81b268a25ff75d8f25f93 100644 (file)
--- a/src/net_socket.c
+++ b/src/net_socket.c
@@ -592,6 +592,20 @@ begin:
        io_add(&mesh->loop, &c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE);
 }
 
+void reset_outgoing(outgoing_t *outgoing) {
+       if(outgoing->ai) {
+               if(outgoing->state == OUTGOING_RECENT || outgoing->state == OUTGOING_KNOWN) {
+                       free_known_addresses(outgoing->ai);
+               } else {
+                       freeaddrinfo(outgoing->ai);
+               }
+       }
+
+       outgoing->ai = NULL;
+       outgoing->aip = NULL;
+       outgoing->state = OUTGOING_START;
+}
+
 void setup_outgoing_connection(meshlink_handle_t *mesh, outgoing_t *outgoing) {
        timeout_del(&mesh->loop, &outgoing->ev);
 
@@ -602,16 +616,7 @@ void setup_outgoing_connection(meshlink_handle_t *mesh, outgoing_t *outgoing) {
                return;
        }
 
-
-       if(outgoing->ai) {
-               if(outgoing->state == OUTGOING_RECENT || outgoing->state == OUTGOING_KNOWN) {
-                       free_known_addresses(outgoing->ai);
-               } else {
-                       freeaddrinfo(outgoing->ai);
-               }
-       }
-
-       outgoing->state = OUTGOING_START;
+       reset_outgoing(outgoing);
 
        if(outgoing->node->status.blacklisted) {
                return;

diff --git a/src/protocol_misc.c b/src/protocol_misc.c
index af3caddf8957f38006a540ddc331cfe0823efcdd..c6a3630ae2ea190fc27ee41dbe8b9206c85591b9 100644 (file)
--- a/src/protocol_misc.c
+++ b/src/protocol_misc.c
@@ -109,17 +109,8 @@ bool pong_h(meshlink_handle_t *mesh, connection_t *c, const char *request) {
 
        /* Successful connection, reset timeout if this is an outgoing connection. */
 
-       // TODO: completely remove this outgoing, let the autoconnect algorithm handle it
        if(c->outgoing) {
-               c->outgoing->timeout = 0;
-               c->outgoing->state = OUTGOING_START;
-
-               if(c->outgoing->ai) {
-                       freeaddrinfo(c->outgoing->ai);
-               }
-
-               c->outgoing->ai = NULL;
-               c->outgoing->aip = NULL;
+               reset_outgoing(c->outgoing);
        }
 
        return true;

diff --git a/src/utcp b/src/utcp
index 19f3f4462c52eaa766ab76ce671921f0e4dc4ebd..eb85ec4ae5f32102430e0622e3855aaba110c032 160000 (submodule)
--- a/src/utcp
+++ b/src/utcp
@@ -1 +1 @@
-Subproject commit 19f3f4462c52eaa766ab76ce671921f0e4dc4ebd
+Subproject commit eb85ec4ae5f32102430e0622e3855aaba110c032