From c3a749957318fc4fc330fa38e46337811cce9ab6 Mon Sep 17 00:00:00 2001
From: Rusty Russell <rusty@rustcorp.com.au>
Date: Wed, 20 Apr 2022 04:24:32 +0930
Subject: [PATCH] connectd: avoid use-after-free on reconnect with remote_addr.

I was seeing a strange crash:
	Connectd gave bad CONNECT_PEER_CONNECTED message

The message is indeed mangled, around the remote_addr!
A quick review of the code revealed that we were not making a copy
when it was a reconnect, and so the remote_addr pointer was pointing
to memory which was freed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
---
 connectd/connectd.c | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/connectd/connectd.c b/connectd/connectd.c
index 3add35b3f..daa159f66 100644
--- a/connectd/connectd.c
+++ b/connectd/connectd.c
@@ -269,7 +269,7 @@ static struct io_plan *peer_reconnected(struct io_conn *conn,
 	pr->id = *id;
 	pr->cs = *cs;
 	pr->addr = *addr;
-	pr->remote_addr = remote_addr;
+	pr->remote_addr = tal_dup_or_null(pr, struct wireaddr, remote_addr);
 	pr->incoming = incoming;
 
 	/*~ Note that tal_dup_talarr() will do handle the take() of features