diff options
author | David Barksdale <amatus.amongus@gmail.com> | 2015-11-28 22:45:54 +0000 |
---|---|---|
committer | David Barksdale <amatus.amongus@gmail.com> | 2015-11-28 22:45:54 +0000 |
commit | a0e27c0bd09fc4b0d70295baa5d7e052c46fe4ff (patch) | |
tree | f1114a4343ad707580be0916a1ec41fdc89ec512 /src/datastore/gnunet-service-datastore.c | |
parent | fb2767e4f680c795352b269d0853df6a8e06300e (diff) | |
download | gnunet-a0e27c0bd09fc4b0d70295baa5d7e052c46fe4ff.tar.gz gnunet-a0e27c0bd09fc4b0d70295baa5d7e052c46fe4ff.zip |
Fix UAF in asynchronous datastore plugins
Diffstat (limited to 'src/datastore/gnunet-service-datastore.c')
-rw-r--r-- | src/datastore/gnunet-service-datastore.c | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/src/datastore/gnunet-service-datastore.c b/src/datastore/gnunet-service-datastore.c index 3561fb406..44b86cd28 100644 --- a/src/datastore/gnunet-service-datastore.c +++ b/src/datastore/gnunet-service-datastore.c | |||
@@ -858,7 +858,7 @@ put_continuation (void *cls, | |||
858 | int status, | 858 | int status, |
859 | const char *msg) | 859 | const char *msg) |
860 | { | 860 | { |
861 | struct GNUNET_SERVER_Client *client = cls; | 861 | struct PutContext *pc = cls; |
862 | 862 | ||
863 | if (GNUNET_OK == status) | 863 | if (GNUNET_OK == status) |
864 | { | 864 | { |
@@ -871,8 +871,9 @@ put_continuation (void *cls, | |||
871 | "Successfully stored %u bytes under key `%s'\n", | 871 | "Successfully stored %u bytes under key `%s'\n", |
872 | size, GNUNET_h2s (key)); | 872 | size, GNUNET_h2s (key)); |
873 | } | 873 | } |
874 | transmit_status (client, status, msg); | 874 | transmit_status (pc->client, status, msg); |
875 | GNUNET_SERVER_client_drop (client); | 875 | GNUNET_SERVER_client_drop (pc->client); |
876 | GNUNET_free (pc); | ||
876 | if (quota - reserved - cache_size < payload) | 877 | if (quota - reserved - cache_size < payload) |
877 | { | 878 | { |
878 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 879 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
@@ -888,19 +889,19 @@ put_continuation (void *cls, | |||
888 | /** | 889 | /** |
889 | * Actually put the data message. | 890 | * Actually put the data message. |
890 | * | 891 | * |
891 | * @param client sender of the message | 892 | * @param pc put context |
892 | * @param dm message with the data to store | ||
893 | */ | 893 | */ |
894 | static void | 894 | static void |
895 | execute_put (struct GNUNET_SERVER_Client *client, | 895 | execute_put (struct PutContext *pc) |
896 | const struct DataMessage *dm) | ||
897 | { | 896 | { |
898 | GNUNET_SERVER_client_keep (client); | 897 | const struct DataMessage *dm; |
898 | |||
899 | dm = (const struct DataMessage *) &pc[1]; | ||
899 | plugin->api->put (plugin->api->cls, &dm->key, ntohl (dm->size), &dm[1], | 900 | plugin->api->put (plugin->api->cls, &dm->key, ntohl (dm->size), &dm[1], |
900 | ntohl (dm->type), ntohl (dm->priority), | 901 | ntohl (dm->type), ntohl (dm->priority), |
901 | ntohl (dm->anonymity), ntohl (dm->replication), | 902 | ntohl (dm->anonymity), ntohl (dm->replication), |
902 | GNUNET_TIME_absolute_ntoh (dm->expiration), | 903 | GNUNET_TIME_absolute_ntoh (dm->expiration), |
903 | &put_continuation, client); | 904 | &put_continuation, pc); |
904 | } | 905 | } |
905 | 906 | ||
906 | 907 | ||
@@ -950,9 +951,7 @@ check_present (void *cls, | |||
950 | dm = (const struct DataMessage *) &pc[1]; | 951 | dm = (const struct DataMessage *) &pc[1]; |
951 | if (key == NULL) | 952 | if (key == NULL) |
952 | { | 953 | { |
953 | execute_put (pc->client, dm); | 954 | execute_put (pc); |
954 | GNUNET_SERVER_client_drop (pc->client); | ||
955 | GNUNET_free (pc); | ||
956 | return GNUNET_OK; | 955 | return GNUNET_OK; |
957 | } | 956 | } |
958 | if ((GNUNET_BLOCK_TYPE_FS_DBLOCK == type) || | 957 | if ((GNUNET_BLOCK_TYPE_FS_DBLOCK == type) || |
@@ -981,9 +980,7 @@ check_present (void *cls, | |||
981 | } | 980 | } |
982 | else | 981 | else |
983 | { | 982 | { |
984 | execute_put (pc->client, dm); | 983 | execute_put (pc); |
985 | GNUNET_SERVER_client_drop (pc->client); | ||
986 | GNUNET_free (pc); | ||
987 | } | 984 | } |
988 | return GNUNET_OK; | 985 | return GNUNET_OK; |
989 | } | 986 | } |
@@ -1037,14 +1034,14 @@ handle_put (void *cls, struct GNUNET_SERVER_Client *client, | |||
1037 | GNUNET_NO); | 1034 | GNUNET_NO); |
1038 | } | 1035 | } |
1039 | } | 1036 | } |
1037 | pc = GNUNET_malloc (sizeof (struct PutContext) + size + | ||
1038 | sizeof (struct DataMessage)); | ||
1039 | pc->client = client; | ||
1040 | GNUNET_SERVER_client_keep (client); | ||
1041 | memcpy (&pc[1], dm, size + sizeof (struct DataMessage)); | ||
1040 | if (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (filter, &dm->key)) | 1042 | if (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (filter, &dm->key)) |
1041 | { | 1043 | { |
1042 | GNUNET_CRYPTO_hash (&dm[1], size, &vhash); | 1044 | GNUNET_CRYPTO_hash (&dm[1], size, &vhash); |
1043 | pc = GNUNET_malloc (sizeof (struct PutContext) + size + | ||
1044 | sizeof (struct DataMessage)); | ||
1045 | pc->client = client; | ||
1046 | GNUNET_SERVER_client_keep (client); | ||
1047 | memcpy (&pc[1], dm, size + sizeof (struct DataMessage)); | ||
1048 | plugin->api->get_key (plugin->api->cls, | 1045 | plugin->api->get_key (plugin->api->cls, |
1049 | 0, | 1046 | 0, |
1050 | &dm->key, | 1047 | &dm->key, |
@@ -1054,7 +1051,7 @@ handle_put (void *cls, struct GNUNET_SERVER_Client *client, | |||
1054 | pc); | 1051 | pc); |
1055 | return; | 1052 | return; |
1056 | } | 1053 | } |
1057 | execute_put (client, dm); | 1054 | execute_put (pc); |
1058 | } | 1055 | } |
1059 | 1056 | ||
1060 | 1057 | ||