aboutsummaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorulfvonbelow <strilen@tilde.club>2023-01-29 06:17:52 -0600
committerMartin Schanzenbach <schanzen@gnunet.org>2023-02-06 14:05:33 +0900
commitecea740a0ca2801db85482e5f26c550fe05c9ac3 (patch)
tree8697312b458c746e4b47b08a13b8e3c29ab80d86
parentebdafecb3b388b5c629ce7855d253415be440edf (diff)
downloadgnunet-ecea740a0ca2801db85482e5f26c550fe05c9ac3.tar.gz
gnunet-ecea740a0ca2801db85482e5f26c550fe05c9ac3.zip
PEERSTORE: fix write-after-free in handle_{iterate_end,watch_record}
One of the tests - I forget which one, didn't write it down at the time - actually does cause h to be freed in its callback. If this isn't supposed to be allowed, we should find and fix that test. Signed-off-by: Martin Schanzenbach <schanzen@gnunet.org>
Diffstat
-rw-r--r--src/peerstore/peerstore_api.c5
1 files changed, 3 insertions, 2 deletions
diff --git a/src/peerstore/peerstore_api.c b/src/peerstore/peerstore_api.c
index b3e793d93..1c13369cf 100644
--- a/src/peerstore/peerstore_api.c
+++ b/src/peerstore/peerstore_api.c
@@ -608,9 +608,10 @@ handle_iterate_end (void *cls, const struct GNUNET_MessageHeader *msg)
608 callback_cls = ic->callback_cls; 608 callback_cls = ic->callback_cls;
609 ic->iterating = GNUNET_NO; 609 ic->iterating = GNUNET_NO;
610 GNUNET_PEERSTORE_iterate_cancel (ic); 610 GNUNET_PEERSTORE_iterate_cancel (ic);
611 /* NOTE: set this here and not after callback because callback may free h */
612 h->reconnect_delay = GNUNET_TIME_UNIT_ZERO;
611 if (NULL != callback) 613 if (NULL != callback)
612 callback (callback_cls, NULL, NULL); 614 callback (callback_cls, NULL, NULL);
613 h->reconnect_delay = GNUNET_TIME_UNIT_ZERO;
614} 615}
615 616
616 617
@@ -781,9 +782,9 @@ handle_watch_record (void *cls, const struct StoreRecordMessage *msg)
781 disconnect_and_schedule_reconnect (h); 782 disconnect_and_schedule_reconnect (h);
782 return; 783 return;
783 } 784 }
785 h->reconnect_delay = GNUNET_TIME_UNIT_ZERO;
784 if (NULL != wc->callback) 786 if (NULL != wc->callback)
785 wc->callback (wc->callback_cls, record, NULL); 787 wc->callback (wc->callback_cls, record, NULL);
786 h->reconnect_delay = GNUNET_TIME_UNIT_ZERO;
787 PEERSTORE_destroy_record (record); 788 PEERSTORE_destroy_record (record);
788} 789}
789 790
generated by cgit v1.2.3 (git 2.39.1) at 2024-04-26 12:09:51 +0000