[Devel] [Fwd: [Serdev] [Patch] Access to freed memory in resolve.c]

[Bogdan-Andrei Iancu]

Hi Klaus,

thanks for pointing it out - I applied a modified version of it on the 
CVS head and 1.1.0

regards,
bogdan

Klaus Darilion wrote:

> sounds useful to openser too
>
> regards
> klaus
>
> -------- Original Message --------
> Subject: [Serdev] [Patch] Access to freed memory in resolve.c
> Date: Wed, 29 Nov 2006 11:31:20 +0100
> From: Jan Andres <jan.andres at freenet-ag.de>
> Organization: freenet Cityline GmbH
> To: serdev at iptel.org
>
> Hi,
>
> The function free_rdata_list() in CVS HEAD's resolve.c iterates through
> a linked list of "struct rdata *", accessing each element's "next"
> pointer after that element has already been freed. Here's the fix:
>
> --- resolve.c.orig    2006-11-29 11:01:56.000000000 +0100
> +++ resolve.c    2006-11-28 17:23:33.000000000 +0100
> @@ -366,11 +366,13 @@
>  /* frees completely a struct rdata list */
>  void free_rdata_list(struct rdata* head)
>  {
> -    struct rdata* l;
> -    for(l=head; l; l=l->next){
> +    struct rdata* l = head;
> +    while (l != 0) {
> +        struct rdata* next_l = l->next;
>          /* free the parsed rdata*/
>          if (l->rdata) local_free(l->rdata);
>          local_free(l);
> +        l = next_l;
>      }
>  }
>
>
> Regards,
> Jan
>