iscsid: Always free the duplicated address in resolve_addr().

If a "raw" IPv6 address (denoted by a leading '[') is used as a target
address, then 'arg' is incremented by one to skip over the '['.
However, this meant that at the end of the function the wrong address
was passed to free().  With malloc junking enabled and given suitably
small strings, malloc() would happily overwrite the correct number of
bytes with junk, but off by one byte overwriting the byte after the
allocation.

This manifested as the first byte of the 'HeaderDigest' key being
overwritten causing the key name on the wire to be sent as
'\x5eaderDigest' which the target rejected.

Reported by:	Jithesh Arakkan @ Chelsio
Found with:	ASAN (via WITH_ASAN=yes)
Sponsored by:	Chelsio Communications

usr.sbin/iscsid/iscsid.c

@@ -150,11 +150,11 @@ resolve_addr(const struct connection *conn, const char *address,
     struct addrinfo **ai, bool initiator_side)
 {
 	struct addrinfo hints;
-	char *arg, *addr, *ch;
+	char *arg, *addr, *ch, *tofree;
 	const char *port;
 	int error, colons = 0;
 
-	arg = checked_strdup(address);
+	tofree = arg = checked_strdup(address);
 
 	if (arg[0] == '\0') {
 		fail(conn, "empty address");
@@ -216,7 +216,7 @@ resolve_addr(const struct connection *conn, const char *address,
 		    address, gai_strerror(error));
 	}
 
-	free(addr);
+	free(tofree);
 }
 
 static struct iscsid_connection *