From d0b8b5a1990a31f37fcab925cb8b59bee958d41d Mon Sep 17 00:00:00 2001
From: Daniel Stenberg <daniel@haxx.se>
Date: Mon, 3 Nov 2008 16:24:56 +0000
Subject: [PATCH] - Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480)
 pointed out a   problem with my CURLINFO_PRIMARY_IP fix from October 7th that
 caused a NULL   pointer read. I also took the opportunity to clean up this
 logic (storing of   the connection's IP address) somewhat as we had it stored
 in two different   places and ways previously and they are now unified.

---
 CHANGES       |  7 ++++++
 lib/connect.c | 30 +++++++-------------------
 lib/connect.h |  2 --
 lib/url.c     | 60 ++++++++++++++++++++++++---------------------------
 lib/urldata.h |  7 +++---
 5 files changed, 46 insertions(+), 60 deletions(-)

diff --git a/CHANGES b/CHANGES
index 5b6c8976c..7efbba7c1 100644
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,13 @@
 
                                   Changelog
 
+Daniel Stenberg (3 Nov 2008)
+- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a
+  problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL
+  pointer read. I also took the opportunity to clean up this logic (storing of
+  the connection's IP address) somewhat as we had it stored in two different
+  places and ways previously and they are now unified.
+
 Daniel Stenberg (2 Nov 2008)
 - Daniel Johnson reported and fixed:
 
diff --git a/lib/connect.c b/lib/connect.c
index 7fc808e86..b602731fe 100644
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -555,25 +555,6 @@ static bool verifyconnect(curl_socket_t sockfd, int *error)
   return rc;
 }
 
-CURLcode Curl_store_ip_addr(struct connectdata *conn)
-{
-  char addrbuf[256];
-  Curl_printable_address(conn->ip_addr, addrbuf, sizeof(addrbuf));
-
-  /* save the string */
-  Curl_safefree(conn->ip_addr_str);
-  conn->ip_addr_str = strdup(addrbuf);
-  if(!conn->ip_addr_str)
-    return CURLE_OUT_OF_MEMORY; /* FAIL */
-
-#ifdef PF_INET6
-  if(conn->ip_addr->ai_family == PF_INET6)
-    conn->bits.ipv6 = TRUE;
-#endif
-
-  return CURLE_OK;
-}
-
 /* Used within the multi interface. Try next IP address, return TRUE if no
    more address exists or error */
 static bool trynextip(struct connectdata *conn,
@@ -600,8 +581,7 @@ static bool trynextip(struct connectdata *conn,
       /* store the new socket descriptor */
       conn->sock[sockindex] = sockfd;
       conn->ip_addr = ai;
-
-      return (bool)(Curl_store_ip_addr(conn) != CURLE_OK);
+      break;
     }
     ai = ai->ai_next;
   }
@@ -824,21 +804,27 @@ singleipconnect(struct connectdata *conn,
           ((const struct sockaddr_un*)(&addr.sa_addr))->sun_path);
     snprintf(data->info.ip, MAX_IPADR_LEN, "%s",
              ((const struct sockaddr_un*)(&addr.sa_addr))->sun_path);
+    strcpy(conn->ip_addr_str, data->info.ip);
   }
   else
 #endif
   {
 #ifdef ENABLE_IPV6
-    if(addr.family == AF_INET6)
+    if(addr.family == AF_INET6) {
       iptoprint = &sa6->sin6_addr;
+      conn->bits.ipv6 = TRUE;
+    }
     else
 #endif
+    {
       iptoprint = &sa4->sin_addr;
+    }
 
     if(Curl_inet_ntop(addr.family, iptoprint, addr_buf,
                       sizeof(addr_buf)) != NULL) {
       infof(data, "  Trying %s... ", addr_buf);
       snprintf(data->info.ip, MAX_IPADR_LEN, "%s", addr_buf);
+      strcpy(conn->ip_addr_str, data->info.ip);
     }
   }
 
diff --git a/lib/connect.h b/lib/connect.h
index 8e55cc941..38ed4125b 100644
--- a/lib/connect.h
+++ b/lib/connect.h
@@ -37,8 +37,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,
                           Curl_addrinfo **addr, /* the one we used */
                           bool *connected); /* truly connected? */
 
-CURLcode Curl_store_ip_addr(struct connectdata *conn);
-
 /* generic function that returns how much time there's left to run, according
    to the timeouts set */
 long Curl_timeleft(struct connectdata *conn,
diff --git a/lib/url.c b/lib/url.c
index 944741709..8612262be 100644
--- a/lib/url.c
+++ b/lib/url.c
@@ -2174,7 +2174,6 @@ static void conn_free(struct connectdata *conn)
   Curl_safefree(conn->allocptr.ref);
   Curl_safefree(conn->allocptr.host);
   Curl_safefree(conn->allocptr.cookiehost);
-  Curl_safefree(conn->ip_addr_str);
   Curl_safefree(conn->trailer);
   Curl_safefree(conn->host.rawalloc); /* host name buffer */
   Curl_safefree(conn->proxy.rawalloc); /* proxy name buffer */
@@ -2479,9 +2478,9 @@ ConnectionExists(struct SessionHandle *data,
       }
 
 #ifdef CURLRES_ASYNCH
-      /* ip_addr_str is NULL only if the resolving of the name hasn't completed
-         yet and until then we don't re-use this connection */
-      if(!check->ip_addr_str) {
+      /* ip_addr_str[0] is NUL only if the resolving of the name hasn't
+         completed yet and until then we don't re-use this connection */
+      if(!check->ip_addr_str[0]) {
         infof(data,
               "Connection #%ld hasn't finished name resolve, can't reuse\n",
               check->connectindex);
@@ -2727,36 +2726,33 @@ static CURLcode ConnectPlease(struct SessionHandle *data,
     conn->dns_entry = hostaddr;
     conn->ip_addr = addr;
 
-    result = Curl_store_ip_addr(conn);
-
-    if(CURLE_OK == result) {
-      switch(data->set.proxytype) {
+    switch(data->set.proxytype) {
 #ifndef CURL_DISABLE_PROXY
-      case CURLPROXY_SOCKS5:
-      case CURLPROXY_SOCKS5_HOSTNAME:
-        result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
-                             conn->host.name, conn->remote_port,
-                             FIRSTSOCKET, conn);
-        break;
-      case CURLPROXY_SOCKS4:
-        result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
-                             conn->remote_port, FIRSTSOCKET, conn, FALSE);
-        break;
-      case CURLPROXY_SOCKS4A:
-        result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
-                             conn->remote_port, FIRSTSOCKET, conn, TRUE);
-        break;
+    case CURLPROXY_SOCKS5:
+    case CURLPROXY_SOCKS5_HOSTNAME:
+      result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
+                           conn->host.name, conn->remote_port,
+                           FIRSTSOCKET, conn);
+      break;
+    case CURLPROXY_SOCKS4:
+      result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                           conn->remote_port, FIRSTSOCKET, conn, FALSE);
+      break;
+    case CURLPROXY_SOCKS4A:
+      result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                           conn->remote_port, FIRSTSOCKET, conn, TRUE);
+      break;
 #endif /* CURL_DISABLE_PROXY */
-      case CURLPROXY_HTTP:
-        /* do nothing here. handled later. */
-        break;
-      default:
-        failf(data, "unknown proxytype option given");
-        result = CURLE_COULDNT_CONNECT;
-        break;
-      }
-    }
-  }
+    case CURLPROXY_HTTP:
+      /* do nothing here. handled later. */
+      break;
+    default:
+      failf(data, "unknown proxytype option given");
+      result = CURLE_COULDNT_CONNECT;
+      break;
+    } /* switch proxytype */
+  } /* if result is ok */
+
   if(result)
     *connected = FALSE; /* mark it as not connected */
 
diff --git a/lib/urldata.h b/lib/urldata.h
index 4d24f1cab..42da3e862 100644
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -908,11 +908,10 @@ struct connectdata {
      cache entry remains locked. It gets unlocked in Curl_done() */
   Curl_addrinfo *ip_addr;
 
-  /* 'ip_addr_str' is the ip_addr data as a human readable malloc()ed string.
+  /* 'ip_addr_str' is the ip_addr data as a human readable string.
      It remains available as long as the connection does, which is longer than
-     the ip_addr itself. Set with Curl_store_ip_addr() when ip_addr has been
-     set. */
-  char *ip_addr_str;
+     the ip_addr itself. */
+  char ip_addr_str[MAX_IPADR_LEN];
 
   unsigned int scope;    /* address scope for IPv6 */