From e962f5e4cc10efae20dfbfddeb4030b19a649675 Mon Sep 17 00:00:00 2001
From: Jonas 'Sortie' Termansen <sortie@maxsi.org>
Date: Tue, 26 Jul 2016 13:16:21 +0200
Subject: [PATCH] Fix use after free in getaddrinfo(3) error case.

---
 libc/netdb/getaddrinfo.c | 10 +++++++---
 1 file changed, 7 insertions(+), 3 deletions(-)

diff --git a/libc/netdb/getaddrinfo.c b/libc/netdb/getaddrinfo.c
index 90574bc3..80abfb9c 100644
--- a/libc/netdb/getaddrinfo.c
+++ b/libc/netdb/getaddrinfo.c
@@ -41,9 +41,13 @@ static bool linkaddrinfo(struct addrinfo** restrict* res_ptr,
 	if ( !link->ai_addr )
 		return free(link), false;
 	memcpy(link->ai_addr, templ->ai_addr, templ->ai_addrlen);
-	link->ai_canonname = templ->ai_canonname ? strdup(templ->ai_canonname) : NULL;
-	if ( templ->ai_canonname && !link->ai_canonname )
-		return free(link), free(link->ai_addr), false;
+	link->ai_canonname = NULL;
+	if ( templ->ai_canonname )
+	{
+		link->ai_canonname = strdup(templ->ai_canonname);
+		if ( !link->ai_canonname )
+			return free(link->ai_addr), free(link), false;
+	}
 	**res_ptr = link;
 	*res_ptr = &link->ai_next;
 	return true;