From 2627299ef053ed40a73cb40e954e6b611d7e450b Mon Sep 17 00:00:00 2001
From: "teor (Tim Wilson-Brown)" <teor2345@gmail.com>
Date: Fri, 4 Mar 2016 18:41:49 +0100
Subject: [PATCH 1/2] Avoid freeing an uninitialised pointer in
 get_interface_addresses_ioctl

---
 changes/bug18454     | 8 ++++++++
 src/common/address.c | 2 +-
 2 files changed, 9 insertions(+), 1 deletion(-)
 create mode 100644 changes/bug18454

diff --git a/changes/bug18454 b/changes/bug18454
new file mode 100644
index 0000000000..c573dae417
--- /dev/null
+++ b/changes/bug18454
@@ -0,0 +1,8 @@
+  o Minor bugfixes (memory safety):
+    - Avoid freeing an uninitialised pointer when opening a socket fails
+      in get_interface_addresses_ioctl.
+      Fixes bug 18454; bugfix on 9f06ec0c in tor-0.2.3.11-alpha.
+      Reported by "toralf" and "cypherpunks", patch by "teor".
+    - Correctly duplicate addresses in get_interface_address6_list.
+      Fixes bug 18454; bugfix on 110765f5 in tor-0.2.8.1-alpha.
+      Reported by "toralf", patch by "cypherpunks".
diff --git a/src/common/address.c b/src/common/address.c
index 8f1ce9dab7..c77b0f3c94 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1525,6 +1525,7 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
 {
   /* Some older unixy systems make us use ioctl(SIOCGIFCONF) */
   struct ifconf ifc;
+  ifc.ifc_buf = NULL;
   int fd;
   smartlist_t *result = NULL;
 
@@ -1547,7 +1548,6 @@ get_interface_addresses_ioctl(int severity, sa_family_t family)
   }
 
   int mult = 1;
-  ifc.ifc_buf = NULL;
   do {
     mult *= 2;
     ifc.ifc_len = mult * IFREQ_SIZE;

From 9f98e6535ac58afa0cc56a4a5d9164fedead4b3c Mon Sep 17 00:00:00 2001
From: "teor (Tim Wilson-Brown)" <teor2345@gmail.com>
Date: Fri, 4 Mar 2016 18:42:27 +0100
Subject: [PATCH 2/2] Correctly duplicate addresses in
 get_interface_address6_list

---
 src/common/address.c | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/src/common/address.c b/src/common/address.c
index c77b0f3c94..793a40effc 100644
--- a/src/common/address.c
+++ b/src/common/address.c
@@ -1790,7 +1790,7 @@ MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
     if (get_interface_address6_via_udp_socket_hack(severity,AF_INET,
                                                    &addr) == 0) {
       if (include_internal || !tor_addr_is_internal(&addr, 0)) {
-        smartlist_add(addrs, tor_dup_addr(&addr));
+        smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
       }
     }
   }
@@ -1799,7 +1799,7 @@ MOCK_IMPL(smartlist_t *,get_interface_address6_list,(int severity,
     if (get_interface_address6_via_udp_socket_hack(severity,AF_INET6,
                                                    &addr) == 0) {
       if (include_internal || !tor_addr_is_internal(&addr, 0)) {
-        smartlist_add(addrs, tor_dup_addr(&addr));
+        smartlist_add(addrs, tor_memdup(&addr, sizeof(addr)));
       }
     }
   }