diff options
| author | David Barksdale <amatus.amongus@gmail.com> | 2015-11-28 22:45:54 +0000 |
|---|---|---|
| committer | David Barksdale <amatus.amongus@gmail.com> | 2015-11-28 22:45:54 +0000 |
| commit | a0e27c0bd09fc4b0d70295baa5d7e052c46fe4ff (patch) | |
| tree | f1114a4343ad707580be0916a1ec41fdc89ec512 /src/datastore/gnunet-service-datastore.c | |
| parent | fb2767e4f680c795352b269d0853df6a8e06300e (diff) | |
| download | gnunet-a0e27c0bd09fc4b0d70295baa5d7e052c46fe4ff.tar.gz gnunet-a0e27c0bd09fc4b0d70295baa5d7e052c46fe4ff.zip | |
Fix UAF in asynchronous datastore plugins
Diffstat (limited to 'src/datastore/gnunet-service-datastore.c')
| -rw-r--r-- | src/datastore/gnunet-service-datastore.c | 39 |
1 files changed, 18 insertions, 21 deletions
diff --git a/src/datastore/gnunet-service-datastore.c b/src/datastore/gnunet-service-datastore.c index 3561fb406..44b86cd28 100644 --- a/src/datastore/gnunet-service-datastore.c +++ b/src/datastore/gnunet-service-datastore.c | |||
| @@ -858,7 +858,7 @@ put_continuation (void *cls, | |||
| 858 | int status, | 858 | int status, |
| 859 | const char *msg) | 859 | const char *msg) |
| 860 | { | 860 | { |
| 861 | struct GNUNET_SERVER_Client *client = cls; | 861 | struct PutContext *pc = cls; |
| 862 | 862 | ||
| 863 | if (GNUNET_OK == status) | 863 | if (GNUNET_OK == status) |
| 864 | { | 864 | { |
| @@ -871,8 +871,9 @@ put_continuation (void *cls, | |||
| 871 | "Successfully stored %u bytes under key `%s'\n", | 871 | "Successfully stored %u bytes under key `%s'\n", |
| 872 | size, GNUNET_h2s (key)); | 872 | size, GNUNET_h2s (key)); |
| 873 | } | 873 | } |
| 874 | transmit_status (client, status, msg); | 874 | transmit_status (pc->client, status, msg); |
| 875 | GNUNET_SERVER_client_drop (client); | 875 | GNUNET_SERVER_client_drop (pc->client); |
| 876 | GNUNET_free (pc); | ||
| 876 | if (quota - reserved - cache_size < payload) | 877 | if (quota - reserved - cache_size < payload) |
| 877 | { | 878 | { |
| 878 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, | 879 | GNUNET_log (GNUNET_ERROR_TYPE_INFO, |
| @@ -888,19 +889,19 @@ put_continuation (void *cls, | |||
| 888 | /** | 889 | /** |
| 889 | * Actually put the data message. | 890 | * Actually put the data message. |
| 890 | * | 891 | * |
| 891 | * @param client sender of the message | 892 | * @param pc put context |
| 892 | * @param dm message with the data to store | ||
| 893 | */ | 893 | */ |
| 894 | static void | 894 | static void |
| 895 | execute_put (struct GNUNET_SERVER_Client *client, | 895 | execute_put (struct PutContext *pc) |
| 896 | const struct DataMessage *dm) | ||
| 897 | { | 896 | { |
| 898 | GNUNET_SERVER_client_keep (client); | 897 | const struct DataMessage *dm; |
| 898 | |||
| 899 | dm = (const struct DataMessage *) &pc[1]; | ||
| 899 | plugin->api->put (plugin->api->cls, &dm->key, ntohl (dm->size), &dm[1], | 900 | plugin->api->put (plugin->api->cls, &dm->key, ntohl (dm->size), &dm[1], |
| 900 | ntohl (dm->type), ntohl (dm->priority), | 901 | ntohl (dm->type), ntohl (dm->priority), |
| 901 | ntohl (dm->anonymity), ntohl (dm->replication), | 902 | ntohl (dm->anonymity), ntohl (dm->replication), |
| 902 | GNUNET_TIME_absolute_ntoh (dm->expiration), | 903 | GNUNET_TIME_absolute_ntoh (dm->expiration), |
| 903 | &put_continuation, client); | 904 | &put_continuation, pc); |
| 904 | } | 905 | } |
| 905 | 906 | ||
| 906 | 907 | ||
| @@ -950,9 +951,7 @@ check_present (void *cls, | |||
| 950 | dm = (const struct DataMessage *) &pc[1]; | 951 | dm = (const struct DataMessage *) &pc[1]; |
| 951 | if (key == NULL) | 952 | if (key == NULL) |
| 952 | { | 953 | { |
| 953 | execute_put (pc->client, dm); | 954 | execute_put (pc); |
| 954 | GNUNET_SERVER_client_drop (pc->client); | ||
| 955 | GNUNET_free (pc); | ||
| 956 | return GNUNET_OK; | 955 | return GNUNET_OK; |
| 957 | } | 956 | } |
| 958 | if ((GNUNET_BLOCK_TYPE_FS_DBLOCK == type) || | 957 | if ((GNUNET_BLOCK_TYPE_FS_DBLOCK == type) || |
| @@ -981,9 +980,7 @@ check_present (void *cls, | |||
| 981 | } | 980 | } |
| 982 | else | 981 | else |
| 983 | { | 982 | { |
| 984 | execute_put (pc->client, dm); | 983 | execute_put (pc); |
| 985 | GNUNET_SERVER_client_drop (pc->client); | ||
| 986 | GNUNET_free (pc); | ||
| 987 | } | 984 | } |
| 988 | return GNUNET_OK; | 985 | return GNUNET_OK; |
| 989 | } | 986 | } |
| @@ -1037,14 +1034,14 @@ handle_put (void *cls, struct GNUNET_SERVER_Client *client, | |||
| 1037 | GNUNET_NO); | 1034 | GNUNET_NO); |
| 1038 | } | 1035 | } |
| 1039 | } | 1036 | } |
| 1037 | pc = GNUNET_malloc (sizeof (struct PutContext) + size + | ||
| 1038 | sizeof (struct DataMessage)); | ||
| 1039 | pc->client = client; | ||
| 1040 | GNUNET_SERVER_client_keep (client); | ||
| 1041 | memcpy (&pc[1], dm, size + sizeof (struct DataMessage)); | ||
| 1040 | if (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (filter, &dm->key)) | 1042 | if (GNUNET_YES == GNUNET_CONTAINER_bloomfilter_test (filter, &dm->key)) |
| 1041 | { | 1043 | { |
| 1042 | GNUNET_CRYPTO_hash (&dm[1], size, &vhash); | 1044 | GNUNET_CRYPTO_hash (&dm[1], size, &vhash); |
| 1043 | pc = GNUNET_malloc (sizeof (struct PutContext) + size + | ||
| 1044 | sizeof (struct DataMessage)); | ||
| 1045 | pc->client = client; | ||
| 1046 | GNUNET_SERVER_client_keep (client); | ||
| 1047 | memcpy (&pc[1], dm, size + sizeof (struct DataMessage)); | ||
| 1048 | plugin->api->get_key (plugin->api->cls, | 1045 | plugin->api->get_key (plugin->api->cls, |
| 1049 | 0, | 1046 | 0, |
| 1050 | &dm->key, | 1047 | &dm->key, |
| @@ -1054,7 +1051,7 @@ handle_put (void *cls, struct GNUNET_SERVER_Client *client, | |||
| 1054 | pc); | 1051 | pc); |
| 1055 | return; | 1052 | return; |
| 1056 | } | 1053 | } |
| 1057 | execute_put (client, dm); | 1054 | execute_put (pc); |
| 1058 | } | 1055 | } |
| 1059 | 1056 | ||
| 1060 | 1057 | ||