aljaz/lightning
1
0
Fork 0
mirror of https://github.com/aljazceru/lightning.git synced 2025-12-22 16:44:20 +01:00
Code Issues Packages Projects Releases Wiki Activity

connectd: avoid use-after-free on reconnect with remote_addr.

Browse Source 
I was seeing a strange crash:
	Connectd gave bad CONNECT_PEER_CONNECTED message

The message is indeed mangled, around the remote_addr!
A quick review of the code revealed that we were not making a copy
when it was a reconnect, and so the remote_addr pointer was pointing
to memory which was freed.

Signed-off-by: Rusty Russell <rusty@rustcorp.com.au>
This commit is contained in:
Rusty Russell
2022-04-20 04:24:32 +09:30
parent 151d009435
commit c3a7499573
1 changed files with 1 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
connectd/connectd.c
View File

@@ -269,7 +269,7 @@ static struct io_plan *peer_reconnected(struct io_conn *conn,
pr->id = *id; pr->id = *id;
pr->cs = *cs; pr->cs = *cs;
pr->addr = *addr; pr->addr = *addr;
pr->remote_addr = remote_addr; pr->remote_addr = tal_dup_or_null(pr, struct wireaddr, remote_addr);
pr->incoming = incoming; pr->incoming = incoming;
/*~ Note that tal_dup_talarr() will do handle the take() of features /*~ Note that tal_dup_talarr() will do handle the take() of features