gnunet-developers
[Top][All Lists]
Advanced

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

Re: [GNUnet-developers] [PATCH] namecache: fix NULL-pointer dereference


From: Martin Schanzenbach
Subject: Re: [GNUnet-developers] [PATCH] namecache: fix NULL-pointer dereference in namecache-flat
Date: Fri, 04 Dec 2015 22:42:04 +0100

Hi,

This is strange since the test should cover this and does not fail (or
crash) for me (TM).
I don't think we need a parsergenerator to parse csv files, though. As
long as it works, of course.
Can you please file a bug instead of posting it here? Thanks!

- Martin

On Fri, 2015-12-04 at 22:11 +0100, Daniel Golle wrote:
> namecache-flat crashes if started on an empty or non-existent file.
> gnunet-service-[2568]: segfault at 0 ip 00007fe32dc8bb3c sp
> 00007ffde11826f0 error 4 in
> libgnunet_plugin_namecache_flat.so[7fe32dc8a000+202000]
> gnunet-service-[2576]: segfault at 0 ip 00007f2a6be75b3c sp
> 00007ffdf9b6d880 error 4 in
> libgnunet_plugin_namecache_flat.so[7f2a6be74000+202000]
> gnunet-service-[2581]: segfault at 0 ip 00007ff1dcfb1b3c sp
> 00007fff834070f0 error 4 in
> libgnunet_plugin_namecache_flat.so[7ff1dcfb0000+202000]
> 
> This fix at least prevents parsing a 0-byte file, however, looking at
> the code it is clear that more needs to be done to prevent crashes in
> case of corrupted or incompletely written cache data.
> Are you sure it's at all a good idea to implement parsers using
> standard C string functions...? (what about bison and flex?)
> 
> Signed-off-by: Daniel Golle <address@hidden>
> ---
>  src/namecache/plugin_namecache_flat.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/src/namecache/plugin_namecache_flat.c
> b/src/namecache/plugin_namecache_flat.c
> index 409b058..85bb692 100644
> --- a/src/namecache/plugin_namecache_flat.c
> +++ b/src/namecache/plugin_namecache_flat.c
> @@ -132,6 +132,9 @@ database_setup (struct Plugin *plugin)
>      return GNUNET_SYSERR;
>    }
>  
> +  if (0 == size)
> +    return GNUNET_OK;
> +
>    buffer = GNUNET_malloc (size);
>  
>    if (GNUNET_SYSERR == GNUNET_DISK_file_read (fh,



reply via email to

[Prev in Thread] Current Thread [Next in Thread]