diff options
| author | David Barksdale <amatus@amat.us> | 2017-12-23 09:57:56 -0600 |
|---|---|---|
| committer | David Barksdale <amatus@amat.us> | 2017-12-23 09:58:19 -0600 |
| commit | 24f4c0aa8302caaef32e8d70e8c54bafada848d8 (patch) | |
| tree | da6905bb1019e85aeb94531b17ee355ca3d07ce0 /src/cadet | |
| parent | 9def71212263b1fcaaa54795a07c97c5b9118a75 (diff) | |
| download | gnunet-24f4c0aa8302caaef32e8d70e8c54bafada848d8.tar.gz gnunet-24f4c0aa8302caaef32e8d70e8c54bafada848d8.zip | |
Revert "Fix use-after-free in loop over modified list"
This reverts commit 012ff13acc0cb2f5d7210aa48819395fecf12a3d.
Diffstat (limited to 'src/cadet')
| -rw-r--r-- | src/cadet/gnunet-service-cadet_peer.c | 51 |
1 files changed, 17 insertions, 34 deletions
diff --git a/src/cadet/gnunet-service-cadet_peer.c b/src/cadet/gnunet-service-cadet_peer.c index c4e2c0ccf..71c7c67d0 100644 --- a/src/cadet/gnunet-service-cadet_peer.c +++ b/src/cadet/gnunet-service-cadet_peer.c | |||
| @@ -532,49 +532,32 @@ GCP_set_mq (struct CadetPeer *cp, | |||
| 532 | GCP_2s (cp), | 532 | GCP_2s (cp), |
| 533 | mq); | 533 | mq); |
| 534 | cp->core_mq = mq; | 534 | cp->core_mq = mq; |
| 535 | /* Since these callbacks can remove any items from this list, we must take a | 535 | for (struct GCP_MessageQueueManager *mqm = cp->mqm_head, *next; |
| 536 | * snapshot and then test each one to see if it's still in the list. */ | ||
| 537 | int count = 0; | ||
| 538 | for (struct GCP_MessageQueueManager *mqm = cp->mqm_head; | ||
| 539 | NULL != mqm; | 536 | NULL != mqm; |
| 540 | mqm = mqm->next) | 537 | mqm = next) |
| 541 | ++count; | ||
| 542 | struct GCP_MessageQueueManager *mqms[count]; | ||
| 543 | int i = 0; | ||
| 544 | for (struct GCP_MessageQueueManager *mqm = cp->mqm_head; | ||
| 545 | NULL != mqm; | ||
| 546 | mqm = mqm->next) | ||
| 547 | mqms[i++] = mqm; | ||
| 548 | for (i = 0; i < count; ++i) | ||
| 549 | { | 538 | { |
| 550 | for (struct GCP_MessageQueueManager *mqm = cp->mqm_head; | 539 | /* Save next pointer in case mqm gets freed by the callback */ |
| 551 | NULL != mqm; | 540 | next = mqm->next; |
| 552 | mqm = mqm->next) | 541 | if (NULL == mq) |
| 553 | { | 542 | { |
| 554 | if (mqms[i] != mqm) | 543 | if (NULL != mqm->env) |
| 555 | continue; | ||
| 556 | if (NULL == mq) | ||
| 557 | { | 544 | { |
| 558 | if (NULL != mqm->env) | 545 | GNUNET_MQ_discard (mqm->env); |
| 559 | { | 546 | mqm->env = NULL; |
| 560 | GNUNET_MQ_discard (mqm->env); | 547 | mqm->cb (mqm->cb_cls, |
| 561 | mqm->env = NULL; | 548 | GNUNET_SYSERR); |
| 562 | mqm->cb (mqm->cb_cls, | ||
| 563 | GNUNET_SYSERR); | ||
| 564 | } | ||
| 565 | else | ||
| 566 | { | ||
| 567 | mqm->cb (mqm->cb_cls, | ||
| 568 | GNUNET_NO); | ||
| 569 | } | ||
| 570 | } | 549 | } |
| 571 | else | 550 | else |
| 572 | { | 551 | { |
| 573 | GNUNET_assert (NULL == mqm->env); | ||
| 574 | mqm->cb (mqm->cb_cls, | 552 | mqm->cb (mqm->cb_cls, |
| 575 | GNUNET_YES); | 553 | GNUNET_NO); |
| 576 | } | 554 | } |
| 577 | break; | 555 | } |
| 556 | else | ||
| 557 | { | ||
| 558 | GNUNET_assert (NULL == mqm->env); | ||
| 559 | mqm->cb (mqm->cb_cls, | ||
| 560 | GNUNET_YES); | ||
| 578 | } | 561 | } |
| 579 | } | 562 | } |
| 580 | if ( (NULL != mq) || | 563 | if ( (NULL != mq) || |