gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r35306 - gnunet/src/util

From: gnunet
Subject: [GNUnet-SVN] r35306 - gnunet/src/util
Date: Sat, 28 Feb 2015 15:05:47 +0100 
Author: grothoff
Date: 2015-02-28 15:05:47 +0100 (Sat, 28 Feb 2015)
New Revision: 35306

Modified:
   gnunet/src/util/client.c
Log:
Fix use after free:

==14602== Invalid write of size 4
==14602==    at 0x5A82CA7: receive_helper (client.c:542)
==14602==    by 0x5A8E146: signal_receive_timeout (connection.c:508)
==14602==    by 0x5A91236: receive_ready (connection.c:1091)
==14602==    by 0x5AC1091: run_ready (scheduler.c:587)
==14602==    by 0x5AC1915: GNUNET_SCHEDULER_run (scheduler.c:816)
==14602==    by 0x5AD00F5: GNUNET_SERVICE_run (service.c:1503)
==14602==    by 0x406218: main (gnunet-service-transport.c:925)
==14602==  Address 0xa4d42f8 is 104 bytes inside a block of size 120 free'd
==14602==    at 0x4C29E90: free (vg_replace_malloc.c:473)
==14602==    by 0x5A872C3: GNUNET_xfree_ (common_allocation.c:239)
==14602==    by 0x5A829C5: GNUNET_CLIENT_disconnect (client.c:475)
==14602==    by 0x5ABD9E5: handle_response (resolver_api.c:388)
==14602==    by 0x5A82CA2: receive_helper (client.c:538)
==14602==    by 0x5A8E146: signal_receive_timeout (connection.c:508)
==14602==    by 0x5A91236: receive_ready (connection.c:1091)
==14602==    by 0x5AC1091: run_ready (scheduler.c:587)
==14602==    by 0x5AC1915: GNUNET_SCHEDULER_run (scheduler.c:816)
==14602==    by 0x5AD00F5: GNUNET_SERVICE_run (service.c:1503)
==14602==    by 0x406218: main (gnunet-service-transport.c:925)



Modified: gnunet/src/util/client.c
===================================================================
--- gnunet/src/util/client.c    2015-02-28 13:52:37 UTC (rev 35305)
+++ gnunet/src/util/client.c    2015-02-28 14:05:47 UTC (rev 35306)
@@ -531,6 +531,8 @@
          (unsigned int) available,
          NULL == client->connection ? "NULL" : "non-NULL",
          STRERROR (errCode));
+    /* remember failure */
+    client->in_receive = GNUNET_SYSERR;
     if (NULL != (receive_handler = client->receiver_handler))
     {
       receive_handler_cls = client->receiver_handler_cls;
@@ -538,8 +540,6 @@
       receive_handler (receive_handler_cls,
                        NULL);
     }
-    /* remember failure */
-    client->in_receive = GNUNET_SYSERR;
     return;
   }
   /* FIXME: optimize for common fast case where buf contains the
reply via email to
[Prev in Thread] Current Thread [Next in Thread]