connectd: patch valgrind error w/ buffers for error msgs

The `tmpctx` is free'd before the error is read out/sent over the wire;
there's a call that will copy the array before sending it, let's use
that instead and take() the object?

------------------------------- Valgrind errors --------------------------------
Valgrind error file: valgrind-errors.2181501
==2181501== Syscall param write(buf) points to unaddressable byte(s)
==2181501==    at 0x49E4077: write (write.c:26)
==2181501==    by 0x1C79A3: do_write (io.c:189)
==2181501==    by 0x1C80AB: do_plan (io.c:394)
==2181501==    by 0x1C81BA: io_ready (io.c:423)
==2181501==    by 0x1CA45B: io_loop (poll.c:453)
==2181501==    by 0x118593: main (connectd.c:2053)
==2181501==  Address 0x4afb158 is 40 bytes inside a block of size 140 free'd
==2181501==    at 0x483F0C3: free (vg_replace_malloc.c:872)
==2181501==    by 0x1D103C: del_tree (tal.c:421)
==2181501==    by 0x1D130A: tal_free (tal.c:486)
==2181501==    by 0x1364B8: clean_tmpctx (utils.c:172)
==2181501==    by 0x1266DD: daemon_poll (daemon.c:87)
==2181501==    by 0x1CA334: io_loop (poll.c:420)
==2181501==    by 0x118593: main (connectd.c:2053)
==2181501==  Block was alloc'd at
==2181501==    at 0x483C855: malloc (vg_replace_malloc.c:381)
==2181501==    by 0x1D0AC5: allocate (tal.c:250)
==2181501==    by 0x1D1086: tal_alloc_ (tal.c:428)
==2181501==    by 0x1D124F: tal_alloc_arr_ (tal.c:471)
==2181501==    by 0x126204: cryptomsg_encrypt_msg (cryptomsg.c:161)
==2181501==    by 0x11335F: peer_connected (connectd.c:318)
==2181501==    by 0x118A8A: peer_init_received (peer_exchange_initmsg.c:135)
==2181501==    by 0x1C751E: next_plan (io.c:59)
==2181501==    by 0x1C8126: do_plan (io.c:407)
==2181501==    by 0x1C8168: io_ready (io.c:417)
==2181501==    by 0x1CA45B: io_loop (poll.c:453)
==2181501==    by 0x118593: main (connectd.c:2053)
==2181501==
{
   <insert_a_suppression_name_here>
   Memcheck:Param
   write(buf)
   fun:write
   fun:do_write
   fun:do_plan
   fun:io_ready
   fun:io_loop
   fun:main
}
--------------------------------------------------------------------------------
This commit is contained in:
niftynei 2022-10-19 15:39:13 -05:00 committed by Rusty Russell
parent 89f382cf39
commit 0b8ea2299a

View File

@ -47,6 +47,7 @@
#include <sys/types.h>
#include <sys/wait.h>
#include <unistd.h>
#include <wire/wire_io.h>
#include <wire/wire_sync.h>
/*~ We are passed two file descriptors when exec'ed from `lightningd`: the
@ -305,8 +306,8 @@ struct io_plan *peer_connected(struct io_conn *conn,
status_peer_unusual(id, "Unsupported feature %u", unsup);
msg = towire_warningfmt(NULL, NULL, "Unsupported feature %u",
unsup);
msg = cryptomsg_encrypt_msg(tmpctx, cs, take(msg));
return io_write(conn, msg, tal_count(msg), io_close_cb, NULL);
msg = cryptomsg_encrypt_msg(NULL, cs, take(msg));
return io_write_wire(conn, take(msg), io_close_cb, NULL);
}
if (!feature_check_depends(their_features, &depender, &missing)) {
@ -315,8 +316,8 @@ struct io_plan *peer_connected(struct io_conn *conn,
msg = towire_warningfmt(NULL, NULL,
"Feature %zu requires feature %zu",
depender, missing);
msg = cryptomsg_encrypt_msg(tmpctx, cs, take(msg));
return io_write(conn, msg, tal_count(msg), io_close_cb, NULL);
msg = cryptomsg_encrypt_msg(NULL, cs, take(msg));
return io_write_wire(conn, take(msg), io_close_cb, NULL);
}
/* We've successfully connected. */