[GNUnet-SVN] [gnunet] branch master updated (517cf93fb -> 24f4c0aa8)

gnunet-svn

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnunet] branch master updated (517cf93fb -> 24f4c0aa8)

From:	gnunet
Subject:	[GNUnet-SVN] [gnunet] branch master updated (517cf93fb -> 24f4c0aa8)
Date:	Sat, 23 Dec 2017 16:58:28 +0100

This is an automated email from the git hooks/post-receive script.

david-barksdale pushed a change to branch master
in repository gnunet.

    from 517cf93fb Check for invalid path_length
     new 9def71212 Check for cycles in cadet paths
     new 24f4c0aa8 Revert "Fix use-after-free in loop over modified list"

The 2 revisions listed above as "new" are entirely new to this
repository and will be described in separate emails.  The revisions
listed as "add" were already present in the repository and have only
been added to this reference.


Summary of changes:
 src/cadet/gnunet-service-cadet_core.c | 29 +++++++++++++++++---
 src/cadet/gnunet-service-cadet_peer.c | 51 ++++++++++++-----------------------
 2 files changed, 43 insertions(+), 37 deletions(-)

diff --git a/src/cadet/gnunet-service-cadet_core.c 
b/src/cadet/gnunet-service-cadet_core.c
index a67bbf445..cb213fc54 100644
--- a/src/cadet/gnunet-service-cadet_core.c
+++ b/src/cadet/gnunet-service-cadet_core.c
@@ -773,10 +773,31 @@ handle_connection_create (void *cls,
   path_length = size / sizeof (struct GNUNET_PeerIdentity);
   if (0 == path_length)
   {
-    /* bogus request */
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "Dropping CADET_CONNECTION_CREATE with empty path\n");
     GNUNET_break_op (0);
     return;
   }
+  /* Check for loops */
+  struct GNUNET_CONTAINER_MultiPeerMap *map;
+  map = GNUNET_CONTAINER_multipeermap_create (path_length,
+                                              GNUNET_YES);
+  GNUNET_assert (NULL != map);
+  for (off = 0; off < path_length; off++) {
+    if (GNUNET_SYSERR ==
+        GNUNET_CONTAINER_multipeermap_put (map,
+                                           &pids[off],
+                                           NULL,
+                                           
GNUNET_CONTAINER_MULTIHASHMAPOPTION_UNIQUE_ONLY)) {
+      /* bogus request */
+      GNUNET_CONTAINER_multipeermap_destroy (map);
+      LOG (GNUNET_ERROR_TYPE_DEBUG,
+        "Dropping CADET_CONNECTION_CREATE with cyclic path\n");
+      GNUNET_break_op (0);
+      return;
+    }
+  }
+  GNUNET_CONTAINER_multipeermap_destroy (map);
   /* Initiator is at offset 0. */
   for (off=1;off<path_length;off++)
     if (0 == memcmp (&my_full_id,
@@ -785,7 +806,8 @@ handle_connection_create (void *cls,
       break;
   if (off == path_length)
   {
-    /* We are not on the path, bogus request */
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "Dropping CADET_CONNECTION_CREATE without us in the path\n");
     GNUNET_break_op (0);
     return;
   }
@@ -793,7 +815,8 @@ handle_connection_create (void *cls,
   if (sender != GCP_get (&pids[off - 1],
                          GNUNET_NO))
   {
-    /* sender is not on the path, not allowed */
+    LOG (GNUNET_ERROR_TYPE_DEBUG,
+      "Dropping CADET_CONNECTION_CREATE without sender in the path\n");
     GNUNET_break_op (0);
     return;
   }
diff --git a/src/cadet/gnunet-service-cadet_peer.c 
b/src/cadet/gnunet-service-cadet_peer.c
index c4e2c0ccf..71c7c67d0 100644
--- a/src/cadet/gnunet-service-cadet_peer.c
+++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -532,49 +532,32 @@ GCP_set_mq (struct CadetPeer *cp,
        GCP_2s (cp),
        mq);
   cp->core_mq = mq;
-  /* Since these callbacks can remove any items from this list, we must take a
-   * snapshot and then test each one to see if it's still in the list. */
-  int count = 0;
-  for (struct GCP_MessageQueueManager *mqm = cp->mqm_head;
+  for (struct GCP_MessageQueueManager *mqm = cp->mqm_head, *next;
        NULL != mqm;
-       mqm = mqm->next)
-    ++count;
-  struct GCP_MessageQueueManager *mqms[count];
-  int i = 0;
-  for (struct GCP_MessageQueueManager *mqm = cp->mqm_head;
-       NULL != mqm;
-       mqm = mqm->next)
-    mqms[i++] = mqm;
-  for (i = 0; i < count; ++i)
+       mqm = next)
   {
-    for (struct GCP_MessageQueueManager *mqm = cp->mqm_head;
-         NULL != mqm;
-         mqm = mqm->next)
+    /* Save next pointer in case mqm gets freed by the callback */
+    next = mqm->next;
+    if (NULL == mq)
     {
-      if (mqms[i] != mqm)
-        continue;
-      if (NULL == mq)
+      if (NULL != mqm->env)
       {
-        if (NULL != mqm->env)
-        {
-          GNUNET_MQ_discard (mqm->env);
-          mqm->env = NULL;
-          mqm->cb (mqm->cb_cls,
-                   GNUNET_SYSERR);
-        }
-        else
-        {
-          mqm->cb (mqm->cb_cls,
-                   GNUNET_NO);
-        }
+        GNUNET_MQ_discard (mqm->env);
+        mqm->env = NULL;
+        mqm->cb (mqm->cb_cls,
+                 GNUNET_SYSERR);
       }
       else
       {
-        GNUNET_assert (NULL == mqm->env);
         mqm->cb (mqm->cb_cls,
-                 GNUNET_YES);
+                 GNUNET_NO);
       }
-      break;
+    }
+    else
+    {
+      GNUNET_assert (NULL == mqm->env);
+      mqm->cb (mqm->cb_cls,
+               GNUNET_YES);
     }
   }
   if ( (NULL != mq) ||

-- 
To stop receiving notification emails like this one, please contact
address@hidden

[Prev in Thread]

Current Thread

[Next in Thread]

[GNUnet-SVN] [gnunet] branch master updated (517cf93fb -> 24f4c0aa8), gnunet <=
- [GNUnet-SVN] [gnunet] 01/02: Check for cycles in cadet paths, gnunet, 2017/12/23
- [GNUnet-SVN] [gnunet] 02/02: Revert "Fix use-after-free in loop over modified list", gnunet, 2017/12/23

Prev by Date: [GNUnet-SVN] [gnunet] 02/02: Revert "Fix use-after-free in loop over modified list"
Next by Date: [GNUnet-SVN] [bibliography] branch master updated: Add Habil on GNUnet
Previous by thread: [GNUnet-SVN] [taler-bank] branch master updated: test launcher against db not found, plus being nice with small screens.
Next by thread: [GNUnet-SVN] [gnunet] 01/02: Check for cycles in cadet paths
Index(es):
- Date
- Thread