From mboxrd@z Thu Jan 1 00:00:00 1970 X-Msuck: nntp://news.gmane.org/gmane.linux.lib.musl.general/13814 Path: news.gmane.org!.POSTED.blaine.gmane.org!not-for-mail From: Markus Wichmann Newsgroups: gmane.linux.lib.musl.general Subject: Error in getaddrinfo()? Date: Tue, 19 Feb 2019 21:27:00 +0100 Message-ID: <20190219202700.GB19969@voyager> Reply-To: musl@lists.openwall.com Mime-Version: 1.0 Content-Type: text/plain; charset=us-ascii Injection-Info: blaine.gmane.org; posting-host="blaine.gmane.org:195.159.176.226"; logging-data="266608"; mail-complaints-to="usenet@blaine.gmane.org" User-Agent: Mutt/1.10.1 (2018-07-13) To: musl@lists.openwall.com Original-X-From: musl-return-13830-gllmg-musl=m.gmane.org@lists.openwall.com Tue Feb 19 21:28:11 2019 Return-path: Envelope-to: gllmg-musl@m.gmane.org Original-Received: from mother.openwall.net ([195.42.179.200]) by blaine.gmane.org with smtp (Exim 4.89) (envelope-from ) id 1gwBzu-0017GE-OG for gllmg-musl@m.gmane.org; Tue, 19 Feb 2019 21:28:10 +0100 Original-Received: (qmail 21612 invoked by uid 550); 19 Feb 2019 20:28:08 -0000 Mailing-List: contact musl-help@lists.openwall.com; run by ezmlm Precedence: bulk List-Post: List-Help: List-Unsubscribe: List-Subscribe: List-ID: Original-Received: (qmail 21579 invoked from network); 19 Feb 2019 20:28:07 -0000 Content-Disposition: inline X-Provags-ID: V03:K1:/kjtBHr4TWbMqFrpkQalvGIN/sHG45ckAELFyDx6hKk7aMA72yv q3AjYX6ycrCkGMTkmrqNNovI7dP/d+4LLhVTvEYSagC59vUFgVjM6Vug6yLzlvNUNMkIYRp ogB4h8IeHGlz0CVHMVUZAZ5bMTC5tzaRzQnrC0HJblvMEC3JgvLdowle+N6bEFgHckUGKSk KLRo3ZS43T5lme91NkHfg== X-UI-Out-Filterresults: notjunk:1;V03:K0:dG6TsdXIYoA=:kiioLSisYLD1Kuq7dkwMbk 5MQt16Q6jIIqOJicy0+t7tDM6BuvDghM7gi9vP630WvtzGw/CYaxLEeHi50z361Eeqsk5tfQu aChIVzpbwlUVfgr8Pq/zDUQwNEzXbiYDmu6exIhGt0hfGK+c9rVWQKnzOEaFPeaCg3k7u38EH 2fjj4iblh6AyWmdB5KbrBjfkRJnxymNCAgx57Tc2B7a8yRs5rdmgl0m1n/zGngcGMm5BjSeW4 l9ypl8nNqV++9STGwxCkzRlpef+KEO0cPRYTocVEDHJgkaPln2QtOT6e4XeekX8GZ52fRCJyF c2vIEeqw684bF4c5dOy6vZT5Pus8fCLdRp6hSsvviSm5AdaEMpkFhy/Ls7AzEpvXX+OmhQADb MOx4U2VCG98dU4JMh+q+4OWavHrOSDkhVXSVlUAAzRe4Vo/X9y1WvbdVvnS615SYIWgbfAuyn niFrriav7TIODuBJIIwtc+h2ZJX4Ao2R5cDSBghqT54vZXqwBxjcqehlgQYcwGTIWEZhD4e9l 5pDq2mg4VQnz3FtPr3WhTigCRqdvb41ALRATos49/+477YuYeXzOIL9XcZnau0O7035aAPCFI sEc5rGZzGthTmIWZ8Uv3Jj7gmalCo3gm9B5TpFDrpz1kPLQces4pE6QlwicX7W7dnTGUNktek IoTEnTm1omWUO5Jk2KhBYshoq0JMZiwOAkdc6Suw5cB5jf2hwj4zC5Za+DEwVfRyi4pJkW9va l1K67R9khEe0dLs1fOaweJKvGciAOOStNY/HdvVvlncqQOtjd4e2ImX3sIqZqVui4U/gR40z Xref: news.gmane.org gmane.linux.lib.musl.general:13814 Archived-At: Hi all, I was just reading the getaddrinfo() source code, and I noticed something funny. On line 107 we have the wonderful text: out[k].slot = i; In context, k counts through all the outputs, i counts all the addresses and j counts the ports. I was wondering about this line and looked for where slot might be used. Its only use is in freeaddrinfo(), where it is used to find the head of the output array. But then the slot should be set to k, right? I mean, it works wonderfully in the normal use case, where you call freeaddrinfo() with the first element of the list. It also works in all cases if nservs == 1, which is the case if the IPPROTO is set explicitly in the hints structure. But otherwise? According to POSIX, freeaddrinfo() has to support freeing "arbitrary sublists" of the list originally returned by getaddrinfo(). I presume that means "tail", because there is no way to free only a certain middle part of the list. And while we're on the subject, a few lines later we get .ai_next = &out[k+1].ai }; Now, for the last k, isn't this calculation undefined? The array index is out of bounds, then. It won't matter what is calculated here, since the last .ai_next is explicitly nulled a few lines further down, but the calculation might invoke undefined behavior, and these last few years compilers have gotten really agressive about that. Ciao, Markus