From 321cada1d73fa35dac5be7e2764dd7c0ff01bab1 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 1 Feb 2019 11:37:30 -0800
Subject: [PATCH 1/4] Wrong criteria was wrong. Now with less wrong.

---
 controller/EmbeddedNetworkController.cpp | 5 +----
 1 file changed, 1 insertion(+), 4 deletions(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 96dde42ff..203dcdd56 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1521,12 +1521,9 @@ void EmbeddedNetworkController::_request(
 				const std::string ips = ipAssignments[i];
 				InetAddress ip(ips.c_str());
 
-				// IP assignments are only pushed if there is a corresponding local route. We also now get the netmask bits from
-				// this route, ignoring the netmask bits field of the assigned IP itself. Using that was worthless and a source
-				// of user error / poor UX.
 				int routedNetmaskBits = -1;
 				for(unsigned int rk=0;rk<nc->routeCount;++rk) {
-					if ( (!nc->routes[rk].via.ss_family) && (reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->containsAddress(ip)) )
+					if (reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->containsAddress(ip))
 						routedNetmaskBits = reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->netmaskBits();
 				}
 

From 541e91ed8ead2bd3e5c436175b82e74ae615b411 Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Sun, 27 Jan 2019 14:43:29 -0800
Subject: [PATCH 2/4] Fixed potential memory leak in RingBuffer

---
 node/RingBuffer.hpp | 5 +++++
 1 file changed, 5 insertions(+)

diff --git a/node/RingBuffer.hpp b/node/RingBuffer.hpp
index dab81b9e7..0d90152ba 100644
--- a/node/RingBuffer.hpp
+++ b/node/RingBuffer.hpp
@@ -72,6 +72,11 @@ public:
 		memset(buf, 0, sizeof(T) * size);
 	}
 
+	~RingBuffer()
+	{
+		delete [] buf;
+	}
+
 	/**
 	 * @return A pointer to the underlying buffer
 	 */

From d0f78f1e03f89e276a95507d66adffcc7f2235a9 Mon Sep 17 00:00:00 2001
From: Joseph Henry <josephjah@gmail.com>
Date: Wed, 30 Jan 2019 22:29:51 -0800
Subject: [PATCH 3/4] Bugfix for heap-use-after-free in concurrent packet
 processing code (manifests only after terminate() is called)

---
 service/OneService.cpp | 2 ++
 1 file changed, 2 insertions(+)

diff --git a/service/OneService.cpp b/service/OneService.cpp
index b8289d2b8..b66731982 100644
--- a/service/OneService.cpp
+++ b/service/OneService.cpp
@@ -625,6 +625,8 @@ public:
 						break;
 					if (!pkt)
 						break;
+					if (!_run)
+						break;
 
 					const ZT_ResultCode rc = _node->processWirePacket(nullptr,pkt->now,pkt->sock,&(pkt->from),pkt->data,pkt->size,&_nextBackgroundTaskDeadline);
 					{

From a3b2aeb00115ed6f4c962640db89e15abb8aa174 Mon Sep 17 00:00:00 2001
From: Adam Ierymenko <adam.ierymenko@gmail.com>
Date: Fri, 1 Feb 2019 14:05:29 -0800
Subject: [PATCH 4/4] Take netmask bits from most specific route.

---
 controller/EmbeddedNetworkController.cpp | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/controller/EmbeddedNetworkController.cpp b/controller/EmbeddedNetworkController.cpp
index 203dcdd56..8b3f1517f 100644
--- a/controller/EmbeddedNetworkController.cpp
+++ b/controller/EmbeddedNetworkController.cpp
@@ -1523,8 +1523,11 @@ void EmbeddedNetworkController::_request(
 
 				int routedNetmaskBits = -1;
 				for(unsigned int rk=0;rk<nc->routeCount;++rk) {
-					if (reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->containsAddress(ip))
-						routedNetmaskBits = reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->netmaskBits();
+					if (reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->containsAddress(ip)) {
+						const int nb = (int)(reinterpret_cast<const InetAddress *>(&(nc->routes[rk].target))->netmaskBits());
+						if (nb > routedNetmaskBits)
+							routedNetmaskBits = nb;
+					}
 				}
 
 				if (routedNetmaskBits >= 0) {