1 files changed, 36 insertions, 0 deletions

diff --git a/user/c-ares/onion-segfault.patch b/user/c-ares/onion-segfault.patch
new file mode 100644
index 000000000..7e5a712cd
--- /dev/null
+++ b/user/c-ares/onion-segfault.patch
@@ -0,0 +1,36 @@
+From 43a915a1b741b7c5bad2f622de90f353cdae7694 Mon Sep 17 00:00:00 2001
+From: Khaidi Chu <i@2333.moe>
+Date: Mon, 4 Feb 2019 10:38:07 +0800
+Subject: [PATCH] fix: init bufp before reject .onion to make it can be free
+ correctly (#241)
+
+When querying a .onion domain, it returns directly without setting bufp to NULL. A subsequent free() that occurs can cause a segmentation fault.
+
+Fix By: Khaidi Chu (@XadillaX)
+---
+ ares_create_query.c | 8 ++++----
+ 1 file changed, 4 insertions(+), 4 deletions(-)
+
+diff --git a/ares_create_query.c b/ares_create_query.c
+index 1606b1a1..9efce17c 100644
+--- a/ares_create_query.c
++++ b/ares_create_query.c
+@@ -94,14 +94,14 @@ int ares_create_query(const char *name, int dnsclass, int type,
+   size_t buflen;
+   unsigned char *buf;
+ 
+-  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
+-  if (ares__is_onion_domain(name))
+-    return ARES_ENOTFOUND;
+-
+   /* Set our results early, in case we bail out early with an error. */
+   *buflenp = 0;
+   *bufp = NULL;
+ 
++  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
++  if (ares__is_onion_domain(name))
++    return ARES_ENOTFOUND;
++
+   /* Allocate a memory area for the maximum size this packet might need. +2
+    * is for the length byte and zero termination if no dots or ecscaping is
+    * used.