commit 2627299ef053ed40a73cb40e954e6b611d7e450b Author: teor (Tim Wilson-Brown) <teor2345@gmail.com> Date: Fri Mar 4 18:41:49 2016 +0100 Avoid freeing an uninitialised pointer in get_interface_addresses_ioctl --- changes/bug18454 | 8 ++++++++ src/common/address.c | 2 +- 2 files changed, 9 insertions(+), 1 deletion(-) diff --git a/changes/bug18454 b/changes/bug18454 new file mode 100644 index 0000000..c573dae --- /dev/null +++ b/changes/bug18454 @@ -0,0 +1,8 @@ + o Minor bugfixes (memory safety): + - Avoid freeing an uninitialised pointer when opening a socket fails + in get_interface_addresses_ioctl. + Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha. + Reported by "toralf" and "cypherpunks", patch by "teor". + - Correctly duplicate addresses in get_interface_address6_list. + Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha. + Reported by "toralf", patch by "cypherpunks". diff --git a/src/common/address.c b/src/common/address.c index 8f1ce9d..c77b0f3 100644 --- a/src/common/address.c +++ b/src/common/address.c @@ -1525,6 +1525,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family) { /* Some older unixy systems make us use ioctl(SIOCGIFCONF) */ struct ifconf ifc; + ifc.ifc_buf = NULL; int fd; smartlist_t *result = NULL; @@ -1547,7 +1548,6 @@ get_interface_addresses_ioctl(int severity, sa_family_t family) } int mult = 1; - ifc.ifc_buf = NULL; do { mult *= 2; ifc.ifc_len = mult * IFREQ_SIZE;