When looping through addrinfo lists matching addresses, keep a copy
of the original addrinfo pointers to free instead of ending up at the
terminating NULLs and trying to free those.
In the best case this fixes a mem leak. In implementations such as musl
where freeaddrinfo(NULL) is not safe (which is not required by the spec),
this fixes a segfault.
Some command line options, like e.g -V, will cause conserver
to exit before the IPv6 address variables are initialized.
Avoid the calls to freeaddrinfo() in these cases.
Signed-off-by: Bjørn Mork <bjorn@mork.no>
We have seen conserver crash due to a buffer overflow which was
tracked down to the following code in Spawn():
if (pCLmall->fd != (CONSFILE *)0) {
int fd;
fd = FileUnopen(pCLmall->fd);
pCLmall->fd = (CONSFILE *)0;
CONDDEBUG((1, "Spawn(): closing Master() client fd %d", fd));
close(fd);
* FD_CLR(fd, &rinit);
FD_CLR(fd, &winit);
}
FileUnopen had returned -1 (which can happen for CONSFILEs of type
SSLSocket), and that was passed to FD_CLR, which essentially uses it
as an array index.
The signature of the crash is as follows:
*** buffer overflow detected ***: /usr/sbin/conserver terminated
======= Backtrace: =========
/lib64/libc.so.6(__fortify_fail+0x37)[0x7facde1987a7]
/lib64/libc.so.6(+0x116922)[0x7facde196922]
/lib64/libc.so.6(+0x118707)[0x7facde198707]
/usr/sbin/conserver(+0x158d2)[0x558ddb5468d2]
/usr/sbin/conserver(+0x2581a)[0x558ddb55681a]
/usr/sbin/conserver(+0x1944f)[0x558ddb54a44f]
/usr/sbin/conserver(+0x78f8)[0x558ddb5388f8]
/lib64/libc.so.6(__libc_start_main+0xf5)[0x7facde0a2555]
/usr/sbin/conserver(+0x7c79)[0x558ddb538c79]
This happens after the server receives a HUP signal.
There are only two callers of FileUnopen, and the above call site is the
only one which uses the return value. For that reason, I decided to
always return a valid file descriptor instead of changing the caller to
check for -1. Note that FileUnopen() could still return -1 in theory:
switch (cfp->ftype) {
...
default:
retval = -1;
break;
}
However, after auditing the code, I don't see how we would have a
CONSFILE that is not properly initialized with a type. If I missed
such a case, then we would also need to modify the caller to check
for -1.
Signed-off-by: Jeff Moyer <jmoyer@redhat.com>
`true` coming from some macos configurations is a define in `stdbool`. This
means it can't be redefined or turned into a reference.
Use a different variable name.
When having "examine" print baud/parity increase the maximum string
width from 6 to 7 digits. And while here try to indicate more baud
values in the manual going up to 4000000.
If compiling with IPv6 support and setproctitle two places are using
the wrong type (char *) instead of (ushort) or a non-existent variable.
Fix these to make --with-ipv6 compile on FreeBSD.
Linux (and others) allow higher baud rates than POSIX.
Add the definitions so that baud rates up to 4Mb/s are recognised
and can be used.
Signed-off-by: Peter Chubb <peter.chubb@data61.csiro.au>
