- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a

problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL pointer read. I also took the opportunity to clean up this logic (storing of the connection's IP address) somewhat as we had it stored in two different places and ways previously and they are now unified.
2008-11-03 16:24:56 +00:00 · 2008-11-03 16:24:56 +00:00 · d0b8b5a199
parent efe2ce3647
commit d0b8b5a199
5 changed files with 46 additions and 60 deletions
--- a/7
+++ b/7
@ -6,6 +6,13 @@

                                  Changelog

+Daniel Stenberg (3 Nov 2008)
+- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a
+  problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL
+  pointer read. I also took the opportunity to clean up this logic (storing of
+  the connection's IP address) somewhat as we had it stored in two different
+  places and ways previously and they are now unified.
+
 Daniel Stenberg (2 Nov 2008)
 - Daniel Johnson reported and fixed:

--- a/lib/connect.c
+++ b/lib/connect.c
@ -555,25 +555,6 @@ static bool verifyconnect(curl_socket_t sockfd, int *error)
  return rc;
 }

-CURLcode Curl_store_ip_addr(struct connectdata *conn)
-{
-  char addrbuf[256];
-  Curl_printable_address(conn->ip_addr, addrbuf, sizeof(addrbuf));
-
-  /* save the string */
-  Curl_safefree(conn->ip_addr_str);
-  conn->ip_addr_str = strdup(addrbuf);
-  if(!conn->ip_addr_str)
-    return CURLE_OUT_OF_MEMORY; /* FAIL */
-
-#ifdef PF_INET6
-  if(conn->ip_addr->ai_family == PF_INET6)
-    conn->bits.ipv6 = TRUE;
-#endif
-
-  return CURLE_OK;
-}
-
 /* Used within the multi interface. Try next IP address, return TRUE if no
   more address exists or error */
 static bool trynextip(struct connectdata *conn,
@ -600,8 +581,7 @@ static bool trynextip(struct connectdata *conn,
      /* store the new socket descriptor */
      conn->sock[sockindex] = sockfd;
      conn->ip_addr = ai;
-
-      return (bool)(Curl_store_ip_addr(conn) != CURLE_OK);
+      break;
    }
    ai = ai->ai_next;
  }
@ -824,21 +804,27 @@ singleipconnect(struct connectdata *conn,
          ((const struct sockaddr_un*)(&addr.sa_addr))->sun_path);
    snprintf(data->info.ip, MAX_IPADR_LEN, "%s",
             ((const struct sockaddr_un*)(&addr.sa_addr))->sun_path);
+    strcpy(conn->ip_addr_str, data->info.ip);
  }
  else
 #endif
  {
 #ifdef ENABLE_IPV6
-    if(addr.family == AF_INET6)
+    if(addr.family == AF_INET6) {
      iptoprint = &sa6->sin6_addr;
+      conn->bits.ipv6 = TRUE;
+    }
    else
 #endif
+    {
      iptoprint = &sa4->sin_addr;
+    }

    if(Curl_inet_ntop(addr.family, iptoprint, addr_buf,
                      sizeof(addr_buf)) != NULL) {
      infof(data, "  Trying %s... ", addr_buf);
      snprintf(data->info.ip, MAX_IPADR_LEN, "%s", addr_buf);
+      strcpy(conn->ip_addr_str, data->info.ip);
    }
  }

--- a/lib/connect.h
+++ b/lib/connect.h
@ -37,8 +37,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,
                          Curl_addrinfo **addr, /* the one we used */
                          bool *connected); /* truly connected? */

-CURLcode Curl_store_ip_addr(struct connectdata *conn);
-
 /* generic function that returns how much time there's left to run, according
   to the timeouts set */
 long Curl_timeleft(struct connectdata *conn,
--- a/lib/url.c
+++ b/lib/url.c
@ -2174,7 +2174,6 @@ static void conn_free(struct connectdata *conn)
  Curl_safefree(conn->allocptr.ref);
  Curl_safefree(conn->allocptr.host);
  Curl_safefree(conn->allocptr.cookiehost);
-  Curl_safefree(conn->ip_addr_str);
  Curl_safefree(conn->trailer);
  Curl_safefree(conn->host.rawalloc); /* host name buffer */
  Curl_safefree(conn->proxy.rawalloc); /* proxy name buffer */
@ -2479,9 +2478,9 @@ ConnectionExists(struct SessionHandle *data,
      }

 #ifdef CURLRES_ASYNCH
-      /* ip_addr_str is NULL only if the resolving of the name hasn't completed
-         yet and until then we don't re-use this connection */
-      if(!check->ip_addr_str) {
+      /* ip_addr_str[0] is NUL only if the resolving of the name hasn't
+         completed yet and until then we don't re-use this connection */
+      if(!check->ip_addr_str[0]) {
        infof(data,
              "Connection #%ld hasn't finished name resolve, can't reuse\n",
              check->connectindex);
@ -2727,36 +2726,33 @@ static CURLcode ConnectPlease(struct SessionHandle *data,
    conn->dns_entry = hostaddr;
    conn->ip_addr = addr;

-    result = Curl_store_ip_addr(conn);
-
-    if(CURLE_OK == result) {
-      switch(data->set.proxytype) {
+    switch(data->set.proxytype) {
 #ifndef CURL_DISABLE_PROXY
-      case CURLPROXY_SOCKS5:
-      case CURLPROXY_SOCKS5_HOSTNAME:
-        result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
-                             conn->host.name, conn->remote_port,
-                             FIRSTSOCKET, conn);
-        break;
-      case CURLPROXY_SOCKS4:
-        result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
-                             conn->remote_port, FIRSTSOCKET, conn, FALSE);
-        break;
-      case CURLPROXY_SOCKS4A:
-        result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
-                             conn->remote_port, FIRSTSOCKET, conn, TRUE);
-        break;
+    case CURLPROXY_SOCKS5:
+    case CURLPROXY_SOCKS5_HOSTNAME:
+      result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
+                           conn->host.name, conn->remote_port,
+                           FIRSTSOCKET, conn);
+      break;
+    case CURLPROXY_SOCKS4:
+      result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                           conn->remote_port, FIRSTSOCKET, conn, FALSE);
+      break;
+    case CURLPROXY_SOCKS4A:
+      result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                           conn->remote_port, FIRSTSOCKET, conn, TRUE);
+      break;
 #endif /* CURL_DISABLE_PROXY */
-      case CURLPROXY_HTTP:
-        /* do nothing here. handled later. */
-        break;
-      default:
-        failf(data, "unknown proxytype option given");
-        result = CURLE_COULDNT_CONNECT;
-        break;
-      }
-    }
-  }
+    case CURLPROXY_HTTP:
+      /* do nothing here. handled later. */
+      break;
+    default:
+      failf(data, "unknown proxytype option given");
+      result = CURLE_COULDNT_CONNECT;
+      break;
+    } /* switch proxytype */
+  } /* if result is ok */
+
  if(result)
    *connected = FALSE; /* mark it as not connected */

--- a/lib/urldata.h
+++ b/lib/urldata.h
@ -908,11 +908,10 @@ struct connectdata {
     cache entry remains locked. It gets unlocked in Curl_done() */
  Curl_addrinfo *ip_addr;

-  /* 'ip_addr_str' is the ip_addr data as a human readable malloc()ed string.
+  /* 'ip_addr_str' is the ip_addr data as a human readable string.
     It remains available as long as the connection does, which is longer than
-     the ip_addr itself. Set with Curl_store_ip_addr() when ip_addr has been
-     set. */
-  char *ip_addr_str;
+     the ip_addr itself. */
+  char ip_addr_str[MAX_IPADR_LEN];

  unsigned int scope;    /* address scope for IPv6 */