[Pidgin] #10433: fail-safe implementation in dnsquery.c mishandles hostname variable
Pidgin
trac at pidgin.im
Sat Oct 3 23:06:01 EDT 2009
#10433: fail-safe implementation in dnsquery.c mishandles hostname variable
-------------------------+--------------------------------------------------
Reporter: jochendesmet | Type: patch
Status: new | Component: libpurple
Version: 2.6.2 | Keywords:
-------------------------+--------------------------------------------------
In resolve_host (starting at line 917), there's two issues:
- if inet_aton returns true, the code will do a g_free(hostname) while
hostname is not initialized
- the error path in the gethostbyname case doesn't do a g_free(hostname)
when it should.
Potential patch below:
{{{
--- libpurple/dnsquery.c 2009-09-05 17:12:04.000000000 -0400
+++ libpurple/dnsquery.c 2009-10-03 22:58:21.000000000 -0400
@@ -948,6 +948,7 @@
if(!(hp = gethostbyname(hostname))) {
char message[1024];
+ g_free(hostname);
g_snprintf(message, sizeof(message), _("Error
resolving %s: %d"),
query_data->hostname, h_errno);
purple_dnsquery_failed(query_data, message);
@@ -956,11 +957,11 @@
memset(&sin, 0, sizeof(struct sockaddr_in));
memcpy(&sin.sin_addr.s_addr, hp->h_addr, hp->h_length);
sin.sin_family = hp->h_addrtype;
+ g_free(hostname);
} else
sin.sin_family = AF_INET;
sin.sin_port = htons(query_data->port);
- g_free(hostname);
hosts = g_slist_append(hosts, GINT_TO_POINTER(sizeof(sin)));
hosts = g_slist_append(hosts, g_memdup(&sin, sizeof(sin)));
}}}
--
Ticket URL: <http://developer.pidgin.im/ticket/10433>
Pidgin <http://pidgin.im>
Pidgin
More information about the Tracker
mailing list