On Fri, Nov 08 2019, Frederic Cambus <f...@statdns.com> wrote:
> Hi ports@,
>
> slowhttptest doesn't check that the argument passed to freeaddrinfo(3)
> is not NULL, resulting in a segmentation fault.
>
> This can be triggered in the current version by running:
>
> slowhttptest -u example.org
>
> The following diff fixes it.
>
> Comments? OK?
As discussed with fcambus the behavior of our freeaddrinfo when passed
NULL differs from glibc and now FreeBSD, but this was intentional
(catching programmer errors).
Looks like this is the only patch for this in our tree, so I think it's
fine to just fix slowhttptest and move along for now.
ok jca@
> Index: Makefile
> ===================================================================
> RCS file: /cvs/ports/www/slowhttptest/Makefile,v
> retrieving revision 1.15
> diff -u -p -r1.15 Makefile
> --- Makefile 2 Nov 2019 08:48:07 -0000 1.15
> +++ Makefile 8 Nov 2019 13:39:33 -0000
> @@ -5,6 +5,7 @@ COMMENT= test tool for slow HTTP reads/p
> GH_ACCOUNT= shekyan
> GH_PROJECT= slowhttptest
> GH_TAGNAME= v1.8.1
> +REVISION= 0
>
> CATEGORIES= www security
>
> Index: patches/patch-src_slowhttptest_cc
> ===================================================================
> RCS file: patches/patch-src_slowhttptest_cc
> diff -N patches/patch-src_slowhttptest_cc
> --- /dev/null 1 Jan 1970 00:00:00 -0000
> +++ patches/patch-src_slowhttptest_cc 8 Nov 2019 13:39:33 -0000
> @@ -0,0 +1,18 @@
> +$OpenBSD$
> +
> +Check that the argument passed to freeaddrinfo(3) is not NULL.
> +
> +Index: src/slowhttptest.cc
> +--- src/slowhttptest.cc.orig
> ++++ src/slowhttptest.cc
> +@@ -152,7 +152,9 @@ SlowHTTPTest::SlowHTTPTest(int delay, int duration,
> + }
> +
> + SlowHTTPTest::~SlowHTTPTest() {
> +- freeaddrinfo(addr_);
> ++ if (addr_) {
> ++ freeaddrinfo(addr_);
> ++ }
> +
> + for(std::vector<StatsDumper*>::iterator i = dumpers_.begin();
> + i != dumpers_.end(); ++i) {
>
--
jca | PGP : 0x1524E7EE / 5135 92C1 AD36 5293 2BDF DDCC 0DFA 74AE 1524 E7EE
