Bug 8355 - Use pointer after freeaddrinfo()
Use pointer after freeaddrinfo()
Status: RESOLVED FIXED
Product: rsync
Classification: Unclassified
Component: core
3.0.9
All All
: P5 critical
: ---
Assigned To: Wayne Davison
Rsync QA Contact
:
Depends on:
Blocks:
  Show dependency treegraph
 
Reported: 2011-08-05 20:01 UTC by Andrey Zonov
Modified: 2011-08-06 18:24 UTC (History)
0 users

See Also:


Attachments
patch (951 bytes, text/plain)
2011-08-05 20:06 UTC, Andrey Zonov
no flags Details

Note You need to log in before you can comment on or make changes to this bug.
Description Andrey Zonov 2011-08-05 20:01:45 UTC
Build and install rsync 3.0.8 then try to connect unavaliable host and you've got segmentation fault.

$ rsync rsync://10.0.0.1
rsync: failed to connect to 10.0.0.1 (10.0.0.1): Operation timed out (60)
Segmentation fault: 11

There's an error in open_socket_out() function in socket.c. It's need to call freeaddrinfo() in the end of the function. Like this:

--- socket.c.orig       2011-08-05 23:55:06.000000000 +0400
+++ socket.c    2011-08-05 23:55:17.000000000 +0400
@@ -299,7 +299,6 @@
                }
                break;
        }
-       freeaddrinfo(res0);

        if (s < 0) {
                char buf[2048];
@@ -313,6 +312,7 @@
                s = -1;
        }

+       freeaddrinfo(res0);
        free(errnos);

        return s;

but there is an another error over calling inet_ntop().

Full patch is in attachment.
Comment 1 Andrey Zonov 2011-08-05 20:06:14 UTC
Created attachment 6757 [details]
patch
Comment 2 Wayne Davison 2011-08-05 23:11:07 UTC
This was fixed in git back on July 11.  Thanks, though!
Comment 3 Andrey Zonov 2011-08-06 12:36:18 UTC
(In reply to comment #2)
> This was fixed in git back on July 11.  Thanks, though!

I think I found another bug over there. Please, inspect this patch:


diff --git a/socket.c b/socket.c
index 0f596e0..84f9b0c 100644
--- a/socket.c
+++ b/socket.c
@@ -303,7 +303,7 @@ int open_socket_out(char *host, int port, const char *bind_addr,
                }
                if (DEBUG_GTE(CONNECT, 2)) {
                        char buf[2048];
-                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST) != 0))
+                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0)
                                snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error));
                        rprintf(FINFO, "Connected to %s (%s)\n", h, buf);
                }
@@ -315,7 +315,7 @@ int open_socket_out(char *host, int port, const char *bind_addr,
                for (res = res0, j = 0; res; res = res->ai_next, j++) {
                        if (errnos[j] == 0)
                                continue;
-                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST) != 0))
+                       if ((error = getnameinfo(res->ai_addr, res->ai_addrlen, buf, sizeof buf, NULL, 0, NI_NUMERICHOST)) != 0)
                                snprintf(buf, sizeof buf, "*getnameinfo failure: %s*", gai_strerror(error));
                        rsyserr(FERROR, errnos[j], "failed to connect to %s (%s)", h, buf);
                }
Comment 4 Wayne Davison 2011-08-06 18:24:52 UTC
Committed -- much appreciated!