From 42874d60e2554393094ea5cc1325ab2984750cbc Mon Sep 17 00:00:00 2001 From: Guus Sliepen Date: Wed, 29 Jan 2020 09:28:25 +0100 Subject: [PATCH] Fix potential segmentation fault on iOS. The PONG handler could call freeaddrinfo() on a struct that was not allocated with getaddrinfo(). On most platforms this apparently works fine, but on iOS it will try to free memory that wasn't allocated. Fix this by moving the code to reset an outgoing_t to a separate function, and calling that from the PONG handler. --- src/net.h | 1 + src/net_socket.c | 25 +++++++++++++++---------- src/protocol_misc.c | 11 +---------- src/utcp | 2 +- 4 files changed, 18 insertions(+), 21 deletions(-) diff --git a/src/net.h b/src/net.h index 262696d8..7cddebde 100644 --- a/src/net.h +++ b/src/net.h @@ -93,6 +93,7 @@ extern char *get_name(struct meshlink_handle *mesh) __attribute__((__warn_unused extern void load_all_nodes(struct meshlink_handle *mesh); extern bool setup_myself_reloadable(struct meshlink_handle *mesh) __attribute__((__warn_unused_result__)); extern bool setup_network(struct meshlink_handle *mesh) __attribute__((__warn_unused_result__)); +extern void reset_outgoing(struct outgoing_t *); extern void setup_outgoing_connection(struct meshlink_handle *mesh, struct outgoing_t *); extern void close_network_connections(struct meshlink_handle *mesh); extern void main_loop(struct meshlink_handle *mesh); diff --git a/src/net_socket.c b/src/net_socket.c index eb9e3fc4..7e05ab93 100644 --- a/src/net_socket.c +++ b/src/net_socket.c @@ -592,6 +592,20 @@ begin: io_add(&mesh->loop, &c->io, handle_meta_io, c, c->socket, IO_READ | IO_WRITE); } +void reset_outgoing(outgoing_t *outgoing) { + if(outgoing->ai) { + if(outgoing->state == OUTGOING_RECENT || outgoing->state == OUTGOING_KNOWN) { + free_known_addresses(outgoing->ai); + } else { + freeaddrinfo(outgoing->ai); + } + } + + outgoing->ai = NULL; + outgoing->aip = NULL; + outgoing->state = OUTGOING_START; +} + void setup_outgoing_connection(meshlink_handle_t *mesh, outgoing_t *outgoing) { timeout_del(&mesh->loop, &outgoing->ev); @@ -602,16 +616,7 @@ void setup_outgoing_connection(meshlink_handle_t *mesh, outgoing_t *outgoing) { return; } - - if(outgoing->ai) { - if(outgoing->state == OUTGOING_RECENT || outgoing->state == OUTGOING_KNOWN) { - free_known_addresses(outgoing->ai); - } else { - freeaddrinfo(outgoing->ai); - } - } - - outgoing->state = OUTGOING_START; + reset_outgoing(outgoing); if(outgoing->node->status.blacklisted) { return; diff --git a/src/protocol_misc.c b/src/protocol_misc.c index af3caddf..c6a3630a 100644 --- a/src/protocol_misc.c +++ b/src/protocol_misc.c @@ -109,17 +109,8 @@ bool pong_h(meshlink_handle_t *mesh, connection_t *c, const char *request) { /* Successful connection, reset timeout if this is an outgoing connection. */ - // TODO: completely remove this outgoing, let the autoconnect algorithm handle it if(c->outgoing) { - c->outgoing->timeout = 0; - c->outgoing->state = OUTGOING_START; - - if(c->outgoing->ai) { - freeaddrinfo(c->outgoing->ai); - } - - c->outgoing->ai = NULL; - c->outgoing->aip = NULL; + reset_outgoing(c->outgoing); } return true; diff --git a/src/utcp b/src/utcp index 19f3f446..eb85ec4a 160000 --- a/src/utcp +++ b/src/utcp @@ -1 +1 @@ -Subproject commit 19f3f4462c52eaa766ab76ce671921f0e4dc4ebd +Subproject commit eb85ec4ae5f32102430e0622e3855aaba110c032 -- 2.39.5