From 43a915a1b741b7c5bad2f622de90f353cdae7694 Mon Sep 17 00:00:00 2001
From: Khaidi Chu <i@2333.moe>
Date: Mon, 4 Feb 2019 10:38:07 +0800
Subject: [PATCH] fix: init bufp before reject .onion to make it can be free
 correctly (#241)

When querying a .onion domain, it returns directly without setting bufp to NULL. A subsequent free() that occurs can cause a segmentation fault.

Fix By: Khaidi Chu (@XadillaX)
---
 ares_create_query.c | 8 ++++----
 1 file changed, 4 insertions(+), 4 deletions(-)

diff --git a/ares_create_query.c b/ares_create_query.c
index 1606b1a1..9efce17c 100644
--- a/ares_create_query.c
+++ b/ares_create_query.c
@@ -94,14 +94,14 @@ int ares_create_query(const char *name, int dnsclass, int type,
   size_t buflen;
   unsigned char *buf;
 
-  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
-  if (ares__is_onion_domain(name))
-    return ARES_ENOTFOUND;
-
   /* Set our results early, in case we bail out early with an error. */
   *buflenp = 0;
   *bufp = NULL;
 
+  /* Per RFC 7686, reject queries for ".onion" domain names with NXDOMAIN. */
+  if (ares__is_onion_domain(name))
+    return ARES_ENOTFOUND;
+
   /* Allocate a memory area for the maximum size this packet might need. +2
    * is for the length byte and zero termination if no dots or ecscaping is
    * used.