diff options
author | David Barksdale <amatus@amat.us> | 2017-10-09 16:11:35 -0500 |
---|---|---|
committer | David Barksdale <amatus@amat.us> | 2017-10-09 16:11:35 -0500 |
commit | 2a48c70fa17df09d1315c37426c3c48f6414f701 (patch) | |
tree | 4ccd100cdb459ece50fb92c5826a6322e6f78b1d /src/transport | |
parent | ecfb2e56fb5e625d4129ee8a7a432afab35e4dec (diff) | |
download | gnunet-2a48c70fa17df09d1315c37426c3c48f6414f701.tar.gz gnunet-2a48c70fa17df09d1315c37426c3c48f6414f701.zip |
Fix use-after-free in revalidate_address
Diffstat (limited to 'src/transport')
-rw-r--r-- | src/transport/gnunet-service-transport_validation.c | 20 |
1 files changed, 14 insertions, 6 deletions
diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 5a8539f72..27c3c7041 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c | |||
@@ -697,6 +697,7 @@ revalidate_address (void *cls) | |||
697 | struct GNUNET_TIME_Relative canonical_delay; | 697 | struct GNUNET_TIME_Relative canonical_delay; |
698 | struct GNUNET_TIME_Relative delay; | 698 | struct GNUNET_TIME_Relative delay; |
699 | struct GNUNET_TIME_Relative blocked_for; | 699 | struct GNUNET_TIME_Relative blocked_for; |
700 | struct GST_BlacklistCheck *bc; | ||
700 | uint32_t rdelay; | 701 | uint32_t rdelay; |
701 | 702 | ||
702 | ve->revalidation_task = NULL; | 703 | ve->revalidation_task = NULL; |
@@ -788,12 +789,19 @@ revalidate_address (void *cls) | |||
788 | GST_blacklist_test_cancel (ve->bc); | 789 | GST_blacklist_test_cancel (ve->bc); |
789 | ve->bc = NULL; | 790 | ve->bc = NULL; |
790 | } | 791 | } |
791 | ve->bc = GST_blacklist_test_allowed (&ve->address->peer, | 792 | bc = GST_blacklist_test_allowed (&ve->address->peer, |
792 | ve->address->transport_name, | 793 | ve->address->transport_name, |
793 | &transmit_ping_if_allowed, | 794 | &transmit_ping_if_allowed, |
794 | ve, | 795 | ve, |
795 | NULL, | 796 | NULL, |
796 | NULL); | 797 | NULL); |
798 | if (NULL != bc) | ||
799 | { | ||
800 | /* If transmit_ping_if_allowed was already called it may have freed ve, | ||
801 | * so only set ve->bc if it has not been called. | ||
802 | */ | ||
803 | ve->bc = bc; | ||
804 | } | ||
797 | } | 805 | } |
798 | 806 | ||
799 | 807 | ||