From 057f97ab42f4ea805657f317ecf895dc19ad11be Mon Sep 17 00:00:00 2001
From: Fabian Mauchle <fabian.mauchle@switch.ch>
Date: Tue, 26 Jun 2018 10:27:19 +0200
Subject: [PATCH] never free resconf passed to confserver_cb

---
 ChangeLog     |  1 +
 radsecproxy.c | 23 +++++++++++++----------
 2 files changed, 14 insertions(+), 10 deletions(-)

diff --git a/ChangeLog b/ChangeLog
index 02e5b38..2f3a089 100644
--- a/ChangeLog
+++ b/ChangeLog
@@ -36,6 +36,7 @@
 	- Fix refcounting in error cases when loading configuration (RADSECPROXY-42)
 	- Fix potential crash when rewriting malformed vendor attributes.
 	- Properly cleanup expired requests from server output-queue.
+	- Fix crash when dynamic discovered server doesn't resolve.
 
 2017-08-02 1.6.9
 		Misc:
diff --git a/radsecproxy.c b/radsecproxy.c
index eea29c7..78ee7eb 100644
--- a/radsecproxy.c
+++ b/radsecproxy.c
@@ -2911,7 +2911,7 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
     struct clsrvconf *conf, *resconf;
     char *conftype = NULL, *rewriteinalias = NULL;
     long int retryinterval = LONG_MIN, retrycount = LONG_MIN, addttl = LONG_MIN;
-    uint8_t ipv4only = 0, ipv6only = 0;
+    uint8_t ipv4only = 0, ipv6only = 0, confmerged = 0;
 
     debug(DBG_DBG, "confserver_cb called for %s", block);
 
@@ -3023,14 +3023,15 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
     }
 
     if (resconf) {
-	if (!mergesrvconf(resconf, conf))
-	    goto errexit;
-	free(conf);
-	conf = resconf;
-	if (conf->dynamiclookupcommand) {
-	    free(conf->dynamiclookupcommand);
-	    conf->dynamiclookupcommand = NULL;
-	}
+        if (!mergesrvconf(resconf, conf))
+            goto errexit;
+        free(conf);
+        conf = resconf;
+        confmerged = 1;
+        if (conf->dynamiclookupcommand) {
+            free(conf->dynamiclookupcommand);
+            conf->dynamiclookupcommand = NULL;
+        }
     }
 
     if (resconf || !conf->dynamiclookupcommand) {
@@ -3062,7 +3063,9 @@ int confserver_cb(struct gconffile **cf, void *arg, char *block, char *opt, char
 errexit:
     free(conftype);
     free(rewriteinalias);
-    freeclsrvconf(conf);
+    /* if conf was merged into resconf, don't free it */
+    if (!confmerged)
+        freeclsrvconf(conf);
     return 0;
 }