From 7296fc9e7e2fd7f8661a597dd3f1cd9facc938fa Mon Sep 17 00:00:00 2001 From: Marc Hoersken Date: Fri, 18 Apr 2014 23:56:54 +0200 Subject: connect.c: fix multiple possible dereferences of null pointers In case the first address in the tempaddr array is NULL, the code would previously dereference an unchecked null pointer. --- lib/connect.c | 18 ++++++++++-------- 1 file changed, 10 insertions(+), 8 deletions(-) diff --git a/lib/connect.c b/lib/connect.c index 90283fe85..b35c36c00 100644 --- a/lib/connect.c +++ b/lib/connect.c @@ -545,7 +545,7 @@ static CURLcode trynextip(struct connectdata *conn, conn->tempsock[tempindex] = CURL_SOCKET_BAD; if(sockindex == FIRSTSOCKET) { - Curl_addrinfo *ai; + Curl_addrinfo *ai = NULL; int family; if(conn->tempaddr[tempindex]) { @@ -553,7 +553,7 @@ static CURLcode trynextip(struct connectdata *conn, family = conn->tempaddr[tempindex]->ai_family; ai = conn->tempaddr[tempindex]->ai_next; } - else { + else if(conn->tempaddr[0]) { /* happy eyeballs - try the other protocol family */ int firstfamily = conn->tempaddr[0]->ai_family; #ifdef ENABLE_IPV6 @@ -811,14 +811,16 @@ CURLcode Curl_is_connected(struct connectdata *conn, char ipaddress[MAX_IPADR_LEN]; data->state.os_errno = error; SET_SOCKERRNO(error); - Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN); - infof(data, "connect to %s port %ld failed: %s\n", - ipaddress, conn->port, Curl_strerror(conn, error)); + if(conn->tempaddr[i]) { + Curl_printable_address(conn->tempaddr[i], ipaddress, MAX_IPADR_LEN); + infof(data, "connect to %s port %ld failed: %s\n", + ipaddress, conn->port, Curl_strerror(conn, error)); - conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ? - allow : allow / 2; + conn->timeoutms_per_addr = conn->tempaddr[i]->ai_next == NULL ? + allow : allow / 2; - code = trynextip(conn, sockindex, i); + code = trynextip(conn, sockindex, i); + } } } -- cgit v1.2.3