Fix use of pointer to freed object

author: David Lönnhager <david.l@mullvad.net> 2021-01-05 13:42:16 +0100
committer: David Lönnhager <david.l@mullvad.net> 2021-01-07 11:59:54 +0100
commit: 34e56beea95a1ec22df4eb0bb2ee45f3207fab03 (patch)
tree: 629ea60afa7575b8ac88acb344aad347d1e1c65a
parent: 9740b6d92ceec738ed672a844c02483656bd7ea8 (diff)
download: mullvadvpn-34e56beea95a1ec22df4eb0bb2ee45f3207fab03.tar.xz
mullvadvpn-34e56beea95a1ec22df4eb0bb2ee45f3207fab03.zip
1 files changed, 24 insertions, 25 deletions
diff --git a/talpid-core/src/firewall/windows.rs b/talpid-core/src/firewall/windows.rs
index 8375eb55d6..a7e7f3d918 100644
--- a/talpid-core/src/firewall/windows.rs
+++ b/talpid-core/src/firewall/windows.rs
@@ -57,23 +57,22 @@ impl FirewallT for Firewall {
 
         if args.initialize_blocked {
             let cfg = &WinFwSettings::new(args.allow_lan);
-
-            let winfw_allowed_endpoint = if let Some(allowed_endpoint) = args.allowed_endpoint {
-                let allowed_endpoint_ip = Self::widestring_ip(allowed_endpoint.address.ip());
-                Some(WinFwEndpoint {
-                    ip: allowed_endpoint_ip.as_ptr(),
-                    port: allowed_endpoint.address.port(),
-                    protocol: WinFwProt::from(allowed_endpoint.protocol),
-                })
-            } else {
-                None
-            };
-
+            let allowed_endpoint_ip = args
+                .allowed_endpoint
+                .map(|endpoint| (endpoint, widestring_ip(endpoint.address.ip())));
+            let allowed_endpoint =
+                allowed_endpoint_ip
+                    .as_ref()
+                    .map(|(endpoint, ip)| WinFwEndpoint {
+                        ip: ip.as_ptr(),
+                        port: endpoint.address.port(),
+                        protocol: WinFwProt::from(endpoint.protocol),
+                    });
             unsafe {
                 WinFw_InitializeBlocked(
                     WINFW_TIMEOUT_SECONDS,
                     &cfg,
-                    winfw_allowed_endpoint.as_ptr(),
+                    allowed_endpoint.as_ptr(),
                     Some(log_sink),
                     logging_context,
                 )
@@ -161,7 +160,7 @@ impl Firewall {
         relay_client: &Path,
     ) -> Result<(), Error> {
         trace!("Applying 'connecting' firewall policy");
-        let ip_str = Self::widestring_ip(endpoint.address.ip());
+        let ip_str = widestring_ip(endpoint.address.ip());
         let winfw_relay = WinFwEndpoint {
             ip: ip_str.as_ptr(),
             port: endpoint.address.port(),
@@ -173,7 +172,7 @@ impl Firewall {
 
         let pingable_addresses = pingable_hosts
             .iter()
-            .map(|ip| Self::widestring_ip(*ip))
+            .map(|ip| widestring_ip(*ip))
             .collect::<Vec<_>>();
         let pingable_address_ptrs = pingable_addresses
             .iter()
@@ -190,7 +189,7 @@ impl Firewall {
             None
         };
 
-        let allowed_endpoint_ip = Self::widestring_ip(allowed_endpoint.address.ip());
+        let allowed_endpoint_ip = widestring_ip(allowed_endpoint.address.ip());
         let winfw_allowed_endpoint = Some(WinFwEndpoint {
             ip: allowed_endpoint_ip.as_ptr(),
             port: allowed_endpoint.address.port(),
@@ -210,11 +209,6 @@ impl Firewall {
         }
     }
 
-    fn widestring_ip(ip: IpAddr) -> WideCString {
-        let buf = ip.to_string().encode_utf16().collect::<Vec<_>>();
-        WideCString::new(buf).unwrap()
-    }
-
     fn set_connected_state(
         &mut self,
         endpoint: &Endpoint,
@@ -224,11 +218,11 @@ impl Firewall {
         relay_client: &Path,
     ) -> Result<(), Error> {
         trace!("Applying 'connected' firewall policy");
-        let ip_str = Self::widestring_ip(endpoint.address.ip());
-        let v4_gateway = Self::widestring_ip(tunnel_metadata.ipv4_gateway.into());
+        let ip_str = widestring_ip(endpoint.address.ip());
+        let v4_gateway = widestring_ip(tunnel_metadata.ipv4_gateway.into());
         let v6_gateway = tunnel_metadata
             .ipv6_gateway
-            .map(|v6_ip| Self::widestring_ip(v6_ip.into()));
+            .map(|v6_ip| widestring_ip(v6_ip.into()));
 
         let tunnel_alias =
             WideCString::new(tunnel_metadata.interface.encode_utf16().collect::<Vec<_>>()).unwrap();
@@ -292,7 +286,7 @@ impl Firewall {
     ) -> Result<(), Error> {
         trace!("Applying 'blocked' firewall policy");
 
-        let allowed_endpoint_ip = Self::widestring_ip(allowed_endpoint.address.ip());
+        let allowed_endpoint_ip = widestring_ip(allowed_endpoint.address.ip());
         let winfw_allowed_endpoint = Some(WinFwEndpoint {
             ip: allowed_endpoint_ip.as_ptr(),
             port: allowed_endpoint.address.port(),
@@ -320,6 +314,11 @@ impl<T> NullablePointer<T> for Option<T> {
     }
 }
 
+fn widestring_ip(ip: IpAddr) -> WideCString {
+    let buf = ip.to_string().encode_utf16().collect::<Vec<_>>();
+    WideCString::new(buf).unwrap()
+}
+
 #[allow(non_snake_case)]
 mod winfw {
     use super::Error;
author	David Lönnhager <david.l@mullvad.net>	2021-01-05 13:42:16 +0100
committer	David Lönnhager <david.l@mullvad.net>	2021-01-07 11:59:54 +0100
commit	34e56beea95a1ec22df4eb0bb2ee45f3207fab03 (patch)
tree	629ea60afa7575b8ac88acb344aad347d1e1c65a
parent	9740b6d92ceec738ed672a844c02483656bd7ea8 (diff)
download	mullvadvpn-34e56beea95a1ec22df4eb0bb2ee45f3207fab03.tar.xz mullvadvpn-34e56beea95a1ec22df4eb0bb2ee45f3207fab03.zip