[GNUnet-SVN] r37692 - gnunet/src/cadet

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] r37692 - gnunet/src/cadet

From:	gnunet
Subject:	[GNUnet-SVN] r37692 - gnunet/src/cadet
Date:	Wed, 10 Aug 2016 20:04:51 +0200

Author: bartpolot
Date: 2016-08-10 20:04:51 +0200 (Wed, 10 Aug 2016)
New Revision: 37692

Modified:
   gnunet/src/cadet/cadet_api.c
Log:
- fix use after free (not removing single transmit handle from queue), refactor 
queue logic

Modified: gnunet/src/cadet/cadet_api.c
===================================================================
--- gnunet/src/cadet/cadet_api.c        2016-08-10 18:04:50 UTC (rev 37691)
+++ gnunet/src/cadet/cadet_api.c        2016-08-10 18:04:51 UTC (rev 37692)
@@ -485,6 +485,26 @@
 
 
 /**
+ * Remove a transmit handle from the transmission queue, if present.
+ *
+ * Safe to call even if not queued.
+ *
+ * @param th handle to the packet to be unqueued.
+ */
+static void
+remove_from_queue (struct GNUNET_CADET_TransmitHandle *th)
+{
+  struct GNUNET_CADET_Handle *h = th->channel->cadet;
+
+  /* It might or might not have been queued (rarely not), but check anyway. */
+  if (NULL != th->next || h->th_tail == th)
+  {
+    GNUNET_CONTAINER_DLL_remove (h->th_head, h->th_tail, th);
+  }
+}
+
+
+/**
  * Send an ack on the channel to confirm the processing of a message.
  *
  * @param ch Channel on which to send the ACK.
@@ -527,16 +547,21 @@
   size_t osize;
 
   LOG (GNUNET_ERROR_TYPE_DEBUG, "Requesting Data: %u bytes\n", th->size);
+
+  GNUNET_assert (GNUNET_YES == th->channel->allow_send);
+  th->channel->allow_send = GNUNET_NO;
   th->request_data_task = NULL;
   th->channel->packet_size = 0;
+  remove_from_queue (th);
+
   env = GNUNET_MQ_msg_extra (msg, th->size,
                              GNUNET_MESSAGE_TYPE_CADET_LOCAL_DATA);
   msg->id = htonl (th->channel->chid);
   osize = th->notify (th->notify_cls, th->size, &msg[1]);
   GNUNET_assert (osize == th->size);
-  th->channel->allow_send = GNUNET_NO;
   GNUNET_MQ_send (th->channel->cadet->mq, env);
-  GNUNET_CADET_notify_transmit_ready_cancel (th);
+
+  GNUNET_free (th);
 }
 
 
@@ -1665,13 +1690,7 @@
   }
   th->request_data_task = NULL;
 
-  /* It might or might not have been queued (rarely not), but check anyway. */
-  if (NULL != th->next)
-  {
-    struct GNUNET_CADET_Handle *h;
-    h = th->channel->cadet;
-    GNUNET_CONTAINER_DLL_remove (h->th_head, h->th_tail, th);
-  }
+  remove_from_queue (th);
   GNUNET_free (th);
 }
 
@@ -1689,12 +1708,12 @@
   struct GNUNET_MessageHeader *msg;
   struct GNUNET_MQ_Envelope *env;
 
+  LOG (GNUNET_ERROR_TYPE_DEBUG,
+       " Sending %s monitor message to service\n",
+       GC_m2s(type));
+
   env = GNUNET_MQ_msg (msg, type);
   GNUNET_MQ_send (h->mq, env);
-
-  LOG (GNUNET_ERROR_TYPE_DEBUG,
-       " Sending %s message to service\n",
-       GC_m2s(type));
 }

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] r37692 - gnunet/src/cadet, gnunet <=

Prev by Date: [GNUnet-SVN] r37693 - gnunet/src/cadet
Next by Date: [GNUnet-SVN] r37691 - gnunet/src/cadet
Previous by thread: [GNUnet-SVN] r37693 - gnunet/src/cadet
Next by thread: [GNUnet-SVN] r37691 - gnunet/src/cadet
Index(es):
- Date
- Thread