- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a

  problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL
  pointer read. I also took the opportunity to clean up this logic (storing of
  the connection's IP address) somewhat as we had it stored in two different
  places and ways previously and they are now unified.

diff --git a/CHANGES b/CHANGES
index 5b6c8976c1184b6688368f6396c647421e1abbbd..7efbba7c1149d87d8747204df79231ad33f467c2 100644 (file)
--- a/CHANGES
+++ b/CHANGES
@@ -6,6 +6,13 @@
 
                                   Changelog
 
+Daniel Stenberg (3 Nov 2008)
+- Bug #2218480 (http://curl.haxx.se/bug/view.cgi?id=2218480) pointed out a
+  problem with my CURLINFO_PRIMARY_IP fix from October 7th that caused a NULL
+  pointer read. I also took the opportunity to clean up this logic (storing of
+  the connection's IP address) somewhat as we had it stored in two different
+  places and ways previously and they are now unified.
+
 Daniel Stenberg (2 Nov 2008)
 - Daniel Johnson reported and fixed:
 

diff --git a/lib/connect.c b/lib/connect.c
index 7fc808e8677a99df514fb0d2d295e800d22d8842..b602731fe9e105dcdca7543896d6587e7d0de6ee 100644 (file)
--- a/lib/connect.c
+++ b/lib/connect.c
@@ -555,25 +555,6 @@ static bool verifyconnect(curl_socket_t sockfd, int *error)
   return rc;
 }
 
-CURLcode Curl_store_ip_addr(struct connectdata *conn)
-{
-  char addrbuf[256];
-  Curl_printable_address(conn->ip_addr, addrbuf, sizeof(addrbuf));
-
-  /* save the string */
-  Curl_safefree(conn->ip_addr_str);
-  conn->ip_addr_str = strdup(addrbuf);
-  if(!conn->ip_addr_str)
-    return CURLE_OUT_OF_MEMORY; /* FAIL */
-
-#ifdef PF_INET6
-  if(conn->ip_addr->ai_family == PF_INET6)
-    conn->bits.ipv6 = TRUE;
-#endif
-
-  return CURLE_OK;
-}
-
 /* Used within the multi interface. Try next IP address, return TRUE if no
    more address exists or error */
 static bool trynextip(struct connectdata *conn,
@@ -600,8 +581,7 @@ static bool trynextip(struct connectdata *conn,
       /* store the new socket descriptor */
       conn->sock[sockindex] = sockfd;
       conn->ip_addr = ai;
-
-      return (bool)(Curl_store_ip_addr(conn) != CURLE_OK);
+      break;
     }
     ai = ai->ai_next;
   }
@@ -824,21 +804,27 @@ singleipconnect(struct connectdata *conn,
           ((const struct sockaddr_un*)(&addr.sa_addr))->sun_path);
     snprintf(data->info.ip, MAX_IPADR_LEN, "%s",
              ((const struct sockaddr_un*)(&addr.sa_addr))->sun_path);
+    strcpy(conn->ip_addr_str, data->info.ip);
   }
   else
 #endif
   {
 #ifdef ENABLE_IPV6
-    if(addr.family == AF_INET6)
+    if(addr.family == AF_INET6) {
       iptoprint = &sa6->sin6_addr;
+      conn->bits.ipv6 = TRUE;
+    }
     else
 #endif
+    {
       iptoprint = &sa4->sin_addr;
+    }
 
     if(Curl_inet_ntop(addr.family, iptoprint, addr_buf,
                       sizeof(addr_buf)) != NULL) {
       infof(data, "  Trying %s... ", addr_buf);
       snprintf(data->info.ip, MAX_IPADR_LEN, "%s", addr_buf);
+      strcpy(conn->ip_addr_str, data->info.ip);
     }
   }
 

diff --git a/lib/connect.h b/lib/connect.h
index 8e55cc9412df609e55b756bb26d02e3a9f95d028..38ed4125b64771e355977f82331197ae3d6d4d98 100644 (file)
--- a/lib/connect.h
+++ b/lib/connect.h
@@ -37,8 +37,6 @@ CURLcode Curl_connecthost(struct connectdata *conn,
                           Curl_addrinfo **addr, /* the one we used */
                           bool *connected); /* truly connected? */
 
-CURLcode Curl_store_ip_addr(struct connectdata *conn);
-
 /* generic function that returns how much time there's left to run, according
    to the timeouts set */
 long Curl_timeleft(struct connectdata *conn,

diff --git a/lib/url.c b/lib/url.c
index 944741709c33184637bb4975ea2f19f8c3e4e290..8612262be8b6be0e498fca527945699823abb8f6 100644 (file)
--- a/lib/url.c
+++ b/lib/url.c
@@ -2174,7 +2174,6 @@ static void conn_free(struct connectdata *conn)
   Curl_safefree(conn->allocptr.ref);
   Curl_safefree(conn->allocptr.host);
   Curl_safefree(conn->allocptr.cookiehost);
-  Curl_safefree(conn->ip_addr_str);
   Curl_safefree(conn->trailer);
   Curl_safefree(conn->host.rawalloc); /* host name buffer */
   Curl_safefree(conn->proxy.rawalloc); /* proxy name buffer */
@@ -2479,9 +2478,9 @@ ConnectionExists(struct SessionHandle *data,
       }
 
 #ifdef CURLRES_ASYNCH
-      /* ip_addr_str is NULL only if the resolving of the name hasn't completed
-         yet and until then we don't re-use this connection */
-      if(!check->ip_addr_str) {
+      /* ip_addr_str[0] is NUL only if the resolving of the name hasn't
+         completed yet and until then we don't re-use this connection */
+      if(!check->ip_addr_str[0]) {
         infof(data,
               "Connection #%ld hasn't finished name resolve, can't reuse\n",
               check->connectindex);
@@ -2727,36 +2726,33 @@ static CURLcode ConnectPlease(struct SessionHandle *data,
     conn->dns_entry = hostaddr;
     conn->ip_addr = addr;
 
-    result = Curl_store_ip_addr(conn);
-
-    if(CURLE_OK == result) {
-      switch(data->set.proxytype) {
+    switch(data->set.proxytype) {
 #ifndef CURL_DISABLE_PROXY
-      case CURLPROXY_SOCKS5:
-      case CURLPROXY_SOCKS5_HOSTNAME:
-        result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
-                             conn->host.name, conn->remote_port,
-                             FIRSTSOCKET, conn);
-        break;
-      case CURLPROXY_SOCKS4:
-        result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
-                             conn->remote_port, FIRSTSOCKET, conn, FALSE);
-        break;
-      case CURLPROXY_SOCKS4A:
-        result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
-                             conn->remote_port, FIRSTSOCKET, conn, TRUE);
-        break;
+    case CURLPROXY_SOCKS5:
+    case CURLPROXY_SOCKS5_HOSTNAME:
+      result = Curl_SOCKS5(conn->proxyuser, conn->proxypasswd,
+                           conn->host.name, conn->remote_port,
+                           FIRSTSOCKET, conn);
+      break;
+    case CURLPROXY_SOCKS4:
+      result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                           conn->remote_port, FIRSTSOCKET, conn, FALSE);
+      break;
+    case CURLPROXY_SOCKS4A:
+      result = Curl_SOCKS4(conn->proxyuser, conn->host.name,
+                           conn->remote_port, FIRSTSOCKET, conn, TRUE);
+      break;
 #endif /* CURL_DISABLE_PROXY */
-      case CURLPROXY_HTTP:
-        /* do nothing here. handled later. */
-        break;
-      default:
-        failf(data, "unknown proxytype option given");
-        result = CURLE_COULDNT_CONNECT;
-        break;
-      }
-    }
-  }
+    case CURLPROXY_HTTP:
+      /* do nothing here. handled later. */
+      break;
+    default:
+      failf(data, "unknown proxytype option given");
+      result = CURLE_COULDNT_CONNECT;
+      break;
+    } /* switch proxytype */
+  } /* if result is ok */
+
   if(result)
     *connected = FALSE; /* mark it as not connected */
 

diff --git a/lib/urldata.h b/lib/urldata.h
index 4d24f1cab1c295a418df6b8466095200fe86024d..42da3e8624dbdbe103b39ea00b46e967ebb9bc9b 100644 (file)
--- a/lib/urldata.h
+++ b/lib/urldata.h
@@ -908,11 +908,10 @@ struct connectdata {
      cache entry remains locked. It gets unlocked in Curl_done() */
   Curl_addrinfo *ip_addr;
 
-  /* 'ip_addr_str' is the ip_addr data as a human readable malloc()ed string.
+  /* 'ip_addr_str' is the ip_addr data as a human readable string.
      It remains available as long as the connection does, which is longer than
-     the ip_addr itself. Set with Curl_store_ip_addr() when ip_addr has been
-     set. */
-  char *ip_addr_str;
+     the ip_addr itself. */
+  char ip_addr_str[MAX_IPADR_LEN];
 
   unsigned int scope;    /* address scope for IPv6 */