[Pidgin] #10433: fail-safe implementation in dnsquery.c mishandles hostname variable

Pidgin trac at pidgin.im
Sat Oct 3 23:06:01 EDT 2009


#10433: fail-safe implementation in dnsquery.c mishandles hostname variable
-------------------------+--------------------------------------------------
Reporter:  jochendesmet  |        Type:  patch    
  Status:  new           |   Component:  libpurple
 Version:  2.6.2         |    Keywords:           
-------------------------+--------------------------------------------------
 In resolve_host (starting at line 917), there's two issues:

 - if inet_aton returns true, the code will do a g_free(hostname) while
 hostname is not initialized

 - the error path in the gethostbyname case doesn't do a g_free(hostname)
 when it should.

 Potential patch below:
 {{{
 --- libpurple/dnsquery.c        2009-09-05 17:12:04.000000000 -0400
 +++ libpurple/dnsquery.c        2009-10-03 22:58:21.000000000 -0400
 @@ -948,6 +948,7 @@

                 if(!(hp = gethostbyname(hostname))) {
                         char message[1024];
 +                       g_free(hostname);
                         g_snprintf(message, sizeof(message), _("Error
 resolving %s: %d"),
                                         query_data->hostname, h_errno);
                         purple_dnsquery_failed(query_data, message);
 @@ -956,11 +957,11 @@
                 memset(&sin, 0, sizeof(struct sockaddr_in));
                 memcpy(&sin.sin_addr.s_addr, hp->h_addr, hp->h_length);
                 sin.sin_family = hp->h_addrtype;
 +               g_free(hostname);
         } else
                 sin.sin_family = AF_INET;
         sin.sin_port = htons(query_data->port);

 -       g_free(hostname);
         hosts = g_slist_append(hosts, GINT_TO_POINTER(sizeof(sin)));
         hosts = g_slist_append(hosts, g_memdup(&sin, sizeof(sin)));
 }}}

-- 
Ticket URL: <http://developer.pidgin.im/ticket/10433>
Pidgin <http://pidgin.im>
Pidgin


More information about the Tracker mailing list