Bug 8355 - Use pointer after freeaddrinfo()
Summary: Use pointer after freeaddrinfo()
Status: RESOLVED FIXED
Alias: None
Product: rsync
Classification: Unclassified
Component: core (show other bugs)
Version: 3.0.9
Hardware: All All
: P5 critical (vote)
Target Milestone: ---
Assignee: Wayne Davison
QA Contact: Rsync QA Contact
URL:
Keywords:
Depends on:
Blocks:
 
Reported: 2011-08-05 20:01 UTC by Andrey Zonov
Modified: 2011-08-06 18:24 UTC (History)
0 users

See Also:

Attachments
patch (951 bytes, text/plain)
2011-08-05 20:06 UTC, Andrey Zonov 		no flags Details
View All Add an attachment (proposed patch, testcase, etc.)

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Zonov 2011-08-05 20:01:45 UTC 
Build and install rsync 3.0.8 then try to connect unavaliable host and you've got segmentation fault.

$ rsync rsync://10.0.0.1
rsync: failed to connect to 10.0.0.1 (10.0.0.1): Operation timed out (60)
Segmentation fault: 11

There's an error in open_socket_out() function in socket.c. It's need to call freeaddrinfo() in the end of the function. Like this:

--- socket.c.orig       2011-08-05 23:55:06.000000000 +0400
+++ socket.c    2011-08-05 23:55:17.000000000 +0400
@@ -299,7 +299,6 @@
                }
                break;
        }
-       freeaddrinfo(res0);

        if (s < 0) {
                char buf[2048];
@@ -313,6 +312,7 @@
                s = -1;
        }

+       freeaddrinfo(res0);
        free(errnos);

        return s;

but there is an another error over calling inet_ntop().

Full patch is in attachment.
Comment 1 Andrey Zonov 2011-08-05 20:06:14 UTC 
Created attachment 6757 [details]
patch
Comment 2 Wayne Davison 2011-08-05 23:11:07 UTC 
This was fixed in git back on July 11.  Thanks, though!
Comment 3 Andrey Zonov 2011-08-06 12:36:18 UTC 
(In reply to comment #2)
> This was fixed in git back on July 11.  Thanks, though!

I think I found another bug over there. Please, inspect this patch:


diff --git a/socket.c b/socket.c
index 0f596e0..84f9b0c 100644
--- a/socket.c
+++ b/socket.c
@@ -303,7 +303,7 @@ int open_socket_out(char *host, int port, const char *bind_addr,
                }
                if (DEBUG_GTE(CONNECT, 2)) {
                        char buf[2048];
-                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST) != 0))
+                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0)
                                snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error));
                        rprintf(FINFO, "Connected to %s (%s)\n", h, buf);
                }
@@ -315,7 +315,7 @@ int open_socket_out(char *host, int port, const char *bind_addr,
                for (res = res0, j = 0; res; res = res->ai_next, j++) {
                        if (errnos[j] == 0)
                                continue;
-                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST) != 0))
+                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0)
                                snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error));
                        rsyserr(FERROR, errnos[j], "failed to connect to %s (%s)", h, buf);
                }
Comment 4 Wayne Davison 2011-08-06 18:24:52 UTC 
Committed -- much appreciated!