diff options
| author | Christian Grothoff <christian@grothoff.org> | 2014-11-30 00:44:56 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2014-11-30 00:44:56 +0000 |
| commit | 991f51dc78d1690bdf169bca8028a3d0c5fbb177 (patch) | |
| tree | d598342dc1458e3a6cbe1eb99dd07745689c16c8 /src/set | |
| parent | 7dc458f1c96853831b607c61572270d62efd86d2 (diff) | |
| download | gnunet-991f51dc78d1690bdf169bca8028a3d0c5fbb177.tar.gz gnunet-991f51dc78d1690bdf169bca8028a3d0c5fbb177.zip | |
-avoid use after free during set intersection completion
Diffstat (limited to 'src/set')
| -rw-r--r-- | src/set/gnunet-service-set.c | 3 | ||||
| -rw-r--r-- | src/set/gnunet-service-set_intersection.c | 11 | ||||
| -rw-r--r-- | src/set/set_api.c | 23 | ||||
| -rw-r--r-- | src/set/test_set_intersection_result_full.c | 1 |
4 files changed, 32 insertions, 6 deletions
diff --git a/src/set/gnunet-service-set.c b/src/set/gnunet-service-set.c index 44f34a492..c40ac9c53 100644 --- a/src/set/gnunet-service-set.c +++ b/src/set/gnunet-service-set.c | |||
| @@ -1458,7 +1458,8 @@ dispatch_p2p_message (void *cls, | |||
| 1458 | * @param cfg configuration to use | 1458 | * @param cfg configuration to use |
| 1459 | */ | 1459 | */ |
| 1460 | static void | 1460 | static void |
| 1461 | run (void *cls, struct GNUNET_SERVER_Handle *server, | 1461 | run (void *cls, |
| 1462 | struct GNUNET_SERVER_Handle *server, | ||
| 1462 | const struct GNUNET_CONFIGURATION_Handle *cfg) | 1463 | const struct GNUNET_CONFIGURATION_Handle *cfg) |
| 1463 | { | 1464 | { |
| 1464 | static const struct GNUNET_SERVER_MessageHandler server_handlers[] = { | 1465 | static const struct GNUNET_SERVER_MessageHandler server_handlers[] = { |
diff --git a/src/set/gnunet-service-set_intersection.c b/src/set/gnunet-service-set_intersection.c index ed29033b4..ceb6a3ccb 100644 --- a/src/set/gnunet-service-set_intersection.c +++ b/src/set/gnunet-service-set_intersection.c | |||
| @@ -549,13 +549,15 @@ send_remaining_elements (void *cls) | |||
| 549 | { | 549 | { |
| 550 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 550 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 551 | "Sending done and destroy because iterator ran out\n"); | 551 | "Sending done and destroy because iterator ran out\n"); |
| 552 | op->keep = GNUNET_NO; | ||
| 552 | send_client_done_and_destroy (op); | 553 | send_client_done_and_destroy (op); |
| 553 | return; | 554 | return; |
| 554 | } | 555 | } |
| 555 | ee = nxt; | 556 | ee = nxt; |
| 556 | element = &ee->element; | 557 | element = &ee->element; |
| 557 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 558 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 558 | "Sending element (size %u) to client (full set)\n", | 559 | "Sending element %s:%u to client (full set)\n", |
| 560 | GNUNET_h2s (&ee->element_hash), | ||
| 559 | element->size); | 561 | element->size); |
| 560 | GNUNET_assert (0 != op->spec->client_request_id); | 562 | GNUNET_assert (0 != op->spec->client_request_id); |
| 561 | ev = GNUNET_MQ_msg_extra (rm, | 563 | ev = GNUNET_MQ_msg_extra (rm, |
| @@ -901,9 +903,11 @@ finish_and_destroy (struct Operation *op) | |||
| 901 | if (GNUNET_SET_RESULT_FULL == op->spec->result_mode) | 903 | if (GNUNET_SET_RESULT_FULL == op->spec->result_mode) |
| 902 | { | 904 | { |
| 903 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 905 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 904 | "Sending full result set\n"); | 906 | "Sending full result set (%u elements)\n", |
| 907 | GNUNET_CONTAINER_multihashmap_size (op->state->my_elements)); | ||
| 905 | op->state->full_result_iter | 908 | op->state->full_result_iter |
| 906 | = GNUNET_CONTAINER_multihashmap_iterator_create (op->state->my_elements); | 909 | = GNUNET_CONTAINER_multihashmap_iterator_create (op->state->my_elements); |
| 910 | op->keep = GNUNET_YES; | ||
| 907 | send_remaining_elements (op); | 911 | send_remaining_elements (op); |
| 908 | return; | 912 | return; |
| 909 | } | 913 | } |
| @@ -993,7 +997,8 @@ handle_p2p_done (void *cls, | |||
| 993 | return; | 997 | return; |
| 994 | } | 998 | } |
| 995 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | 999 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, |
| 996 | "Got final DONE\n"); | 1000 | "Got IntersectionDoneMessage, have %u elements in intersection\n", |
| 1001 | op->state->my_element_count); | ||
| 997 | op->state->phase = PHASE_FINISHED; | 1002 | op->state->phase = PHASE_FINISHED; |
| 998 | finish_and_destroy (op); | 1003 | finish_and_destroy (op); |
| 999 | } | 1004 | } |
diff --git a/src/set/set_api.c b/src/set/set_api.c index 20a9d149a..453a235b2 100644 --- a/src/set/set_api.c +++ b/src/set/set_api.c | |||
| @@ -306,6 +306,10 @@ handle_result (void *cls, | |||
| 306 | msg = (const struct GNUNET_SET_ResultMessage *) mh; | 306 | msg = (const struct GNUNET_SET_ResultMessage *) mh; |
| 307 | GNUNET_assert (NULL != set->mq); | 307 | GNUNET_assert (NULL != set->mq); |
| 308 | result_status = ntohs (msg->result_status); | 308 | result_status = ntohs (msg->result_status); |
| 309 | LOG (GNUNET_ERROR_TYPE_DEBUG, | ||
| 310 | "Got result message with status %d\n", | ||
| 311 | result_status); | ||
| 312 | |||
| 309 | oh = GNUNET_MQ_assoc_get (set->mq, | 313 | oh = GNUNET_MQ_assoc_get (set->mq, |
| 310 | ntohl (msg->request_id)); | 314 | ntohl (msg->request_id)); |
| 311 | if (NULL == oh) | 315 | if (NULL == oh) |
| @@ -331,6 +335,19 @@ handle_result (void *cls, | |||
| 331 | oh->result_cb (oh->result_cls, | 335 | oh->result_cb (oh->result_cls, |
| 332 | NULL, | 336 | NULL, |
| 333 | result_status); | 337 | result_status); |
| 338 | switch (result_status) | ||
| 339 | { | ||
| 340 | case GNUNET_SET_STATUS_OK: | ||
| 341 | break; | ||
| 342 | case GNUNET_SET_STATUS_FAILURE: | ||
| 343 | oh->result_cb = NULL; | ||
| 344 | break; | ||
| 345 | case GNUNET_SET_STATUS_HALF_DONE: | ||
| 346 | break; | ||
| 347 | case GNUNET_SET_STATUS_DONE: | ||
| 348 | oh->result_cb = NULL; | ||
| 349 | break; | ||
| 350 | } | ||
| 334 | GNUNET_free (oh); | 351 | GNUNET_free (oh); |
| 335 | return; | 352 | return; |
| 336 | } | 353 | } |
| @@ -417,7 +434,8 @@ handle_client_set_error (void *cls, | |||
| 417 | struct GNUNET_SET_Handle *set = cls; | 434 | struct GNUNET_SET_Handle *set = cls; |
| 418 | 435 | ||
| 419 | LOG (GNUNET_ERROR_TYPE_DEBUG, | 436 | LOG (GNUNET_ERROR_TYPE_DEBUG, |
| 420 | "Handling client set error\n"); | 437 | "Handling client set error %d\n", |
| 438 | error); | ||
| 421 | while (NULL != set->ops_head) | 439 | while (NULL != set->ops_head) |
| 422 | { | 440 | { |
| 423 | if (NULL != set->ops_head->result_cb) | 441 | if (NULL != set->ops_head->result_cb) |
| @@ -479,7 +497,8 @@ GNUNET_SET_create (const struct GNUNET_CONFIGURATION_Handle *cfg, | |||
| 479 | } | 497 | } |
| 480 | set->mq = GNUNET_MQ_queue_for_connection_client (set->client, | 498 | set->mq = GNUNET_MQ_queue_for_connection_client (set->client, |
| 481 | mq_handlers, | 499 | mq_handlers, |
| 482 | &handle_client_set_error, set); | 500 | &handle_client_set_error, |
| 501 | set); | ||
| 483 | GNUNET_assert (NULL != set->mq); | 502 | GNUNET_assert (NULL != set->mq); |
| 484 | mqm = GNUNET_MQ_msg (msg, | 503 | mqm = GNUNET_MQ_msg (msg, |
| 485 | GNUNET_MESSAGE_TYPE_SET_CREATE); | 504 | GNUNET_MESSAGE_TYPE_SET_CREATE); |
diff --git a/src/set/test_set_intersection_result_full.c b/src/set/test_set_intersection_result_full.c index 1baf667dd..d1eb18a26 100644 --- a/src/set/test_set_intersection_result_full.c +++ b/src/set/test_set_intersection_result_full.c | |||
| @@ -53,6 +53,7 @@ result_cb_set1 (void *cls, | |||
| 53 | enum GNUNET_SET_Status status) | 53 | enum GNUNET_SET_Status status) |
| 54 | { | 54 | { |
| 55 | static int count; | 55 | static int count; |
| 56 | |||
| 56 | switch (status) | 57 | switch (status) |
| 57 | { | 58 | { |
| 58 | case GNUNET_SET_STATUS_OK: | 59 | case GNUNET_SET_STATUS_OK: |