From b0424276443d35afc73a0dbd63c6a2f32f439ff3 Mon Sep 17 00:00:00 2001
From: Christoph Kraemer <christoph.kraemer@greenbone.net>
Date: Tue, 28 Sep 2021 12:05:31 +0200
Subject: [PATCH 1/2] use duplicate host function

---
 CHANGELOG.md | 1 +
 src/attack.c | 2 +-
 2 files changed, 2 insertions(+), 1 deletion(-)

diff --git a/CHANGELOG.md b/CHANGELOG.md
index 813c7b6c4..726415a5d 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -10,6 +10,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
   - Backport [#853](https://github.com/greenbone/openvas/pull/853)
   - Backport [#862](https://github.com/greenbone/openvas/pull/862)
   - Add `find_all` to eregmatch() nasl function [#875](https://github.com/greenbone/openvas/pull/875)
+- Fix Segmentation fault when freeing hosts and alive hosts [#888](https://github.com/greenbone/openvas/pull/888)
 
 ### Changed
 - Changed defaults for installation locations [#826](https://github.com/greenbone/openvas-scanner/pull/826)
diff --git a/src/attack.c b/src/attack.c
index 60ffeb3c8..ed336eee6 100644
--- a/src/attack.c
+++ b/src/attack.c
@@ -1388,7 +1388,7 @@ attack_network (struct scan_globals *globals)
 
           if (host)
             {
-              gvm_hosts_add (alive_hosts_list, host);
+              gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
             }
           else
             g_debug ("%s: got NULL host, stop/finish scan", __func__);

From 2618855d1d0cde262aed066ce7eee283a1aedcee Mon Sep 17 00:00:00 2001
From: Christoph Kraemer <christoph.kraemer@greenbone.net>
Date: Wed, 29 Sep 2021 10:49:26 +0200
Subject: [PATCH 2/2] prevent memory leak

---
 src/attack.c | 14 +++++++++-----
 1 file changed, 9 insertions(+), 5 deletions(-)

diff --git a/src/attack.c b/src/attack.c
index ed336eee6..ef20ec342 100644
--- a/src/attack.c
+++ b/src/attack.c
@@ -1340,6 +1340,7 @@ attack_network (struct scan_globals *globals)
       if (test_alive_hosts_only)
         {
           struct in6_addr tmpaddr;
+          gvm_host_t *buf;
 
           while (1)
             {
@@ -1383,13 +1384,16 @@ attack_network (struct scan_globals *globals)
                 break;
             }
 
-          if (gvm_host_get_addr6 (host, &tmpaddr) == 0)
-            host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
-
-          if (host)
+          if (host && gvm_host_get_addr6 (host, &tmpaddr) == 0)
             {
-              gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
+              buf = host;
+              host = gvm_host_find_in_hosts (host, &tmpaddr, hosts);
+              gvm_host_free (buf);
+              buf = NULL;
             }
+
+          if (host)
+            gvm_hosts_add (alive_hosts_list, gvm_duplicate_host (host));
           else
             g_debug ("%s: got NULL host, stop/finish scan", __func__);
         }