aboutsummaryrefslogtreecommitdiff
path: root/src/transport
diff options
context:
space:
mode:
authorChristian Grothoff <christian@grothoff.org>2018-01-05 20:53:20 +0100
committerChristian Grothoff <christian@grothoff.org>2018-01-05 20:53:45 +0100
commit8058989645e9fdb0dd13a369c2e2899016d70533 (patch)
tree51c4d4d7efbcf2221dcbcabef812a2bcb55e639f /src/transport
parente2343119b99559b78a2ba727b2c07240c18476ac (diff)
downloadgnunet-8058989645e9fdb0dd13a369c2e2899016d70533.tar.gz
gnunet-8058989645e9fdb0dd13a369c2e2899016d70533.zip
fix potential use after free in tcp
Diffstat (limited to 'src/transport')
-rw-r--r--src/transport/tcp_connection_legacy.c9
-rw-r--r--src/transport/tcp_server_legacy.c24
2 files changed, 20 insertions, 13 deletions
diff --git a/src/transport/tcp_connection_legacy.c b/src/transport/tcp_connection_legacy.c
index 5b219a467..17157436d 100644
--- a/src/transport/tcp_connection_legacy.c
+++ b/src/transport/tcp_connection_legacy.c
@@ -1218,8 +1218,10 @@ RETRY:
1218 * @param timeout maximum amount of time to wait 1218 * @param timeout maximum amount of time to wait
1219 * @param receiver function to call with received data 1219 * @param receiver function to call with received data
1220 * @param receiver_cls closure for @a receiver 1220 * @param receiver_cls closure for @a receiver
1221 * @return #GNUNET_SYSERR if @a connection died (receiver was
1222 * called with error)
1221 */ 1223 */
1222void 1224int
1223GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection, 1225GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection,
1224 size_t max, 1226 size_t max,
1225 struct GNUNET_TIME_Relative timeout, 1227 struct GNUNET_TIME_Relative timeout,
@@ -1241,7 +1243,7 @@ GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection,
1241 connection->sock, 1243 connection->sock,
1242 &receive_ready, 1244 &receive_ready,
1243 connection); 1245 connection);
1244 return; 1246 return GNUNET_OK;
1245 } 1247 }
1246 if ((NULL == connection->dns_active) && 1248 if ((NULL == connection->dns_active) &&
1247 (NULL == connection->ap_head) && 1249 (NULL == connection->ap_head) &&
@@ -1252,8 +1254,9 @@ GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection,
1252 NULL, 0, 1254 NULL, 0,
1253 NULL, 0, 1255 NULL, 0,
1254 ETIMEDOUT); 1256 ETIMEDOUT);
1255 return; 1257 return GNUNET_SYSERR;
1256 } 1258 }
1259 return GNUNET_OK;
1257} 1260}
1258 1261
1259 1262
diff --git a/src/transport/tcp_server_legacy.c b/src/transport/tcp_server_legacy.c
index d0ce790fc..f75b41e8c 100644
--- a/src/transport/tcp_server_legacy.c
+++ b/src/transport/tcp_server_legacy.c
@@ -1044,11 +1044,13 @@ process_mst (struct GNUNET_SERVER_Client *client,
1044 "Server re-enters receive loop, timeout: %s.\n", 1044 "Server re-enters receive loop, timeout: %s.\n",
1045 GNUNET_STRINGS_relative_time_to_string (client->idle_timeout, GNUNET_YES)); 1045 GNUNET_STRINGS_relative_time_to_string (client->idle_timeout, GNUNET_YES));
1046 client->receive_pending = GNUNET_YES; 1046 client->receive_pending = GNUNET_YES;
1047 GNUNET_CONNECTION_receive (client->connection, 1047 if (GNUNET_OK !=
1048 GNUNET_MAX_MESSAGE_SIZE - 1, 1048 GNUNET_CONNECTION_receive (client->connection,
1049 client->idle_timeout, 1049 GNUNET_MAX_MESSAGE_SIZE - 1,
1050 &process_incoming, 1050 client->idle_timeout,
1051 client); 1051 &process_incoming,
1052 client))
1053 return;
1052 break; 1054 break;
1053 } 1055 }
1054 LOG (GNUNET_ERROR_TYPE_DEBUG, 1056 LOG (GNUNET_ERROR_TYPE_DEBUG,
@@ -1287,11 +1289,13 @@ GNUNET_SERVER_connect_socket (struct GNUNET_SERVER_Handle *server,
1287 for (n = server->connect_notify_list_head; NULL != n; n = n->next) 1289 for (n = server->connect_notify_list_head; NULL != n; n = n->next)
1288 n->callback (n->callback_cls, client); 1290 n->callback (n->callback_cls, client);
1289 client->receive_pending = GNUNET_YES; 1291 client->receive_pending = GNUNET_YES;
1290 GNUNET_CONNECTION_receive (client->connection, 1292 if (GNUNET_SYSERR ==
1291 GNUNET_MAX_MESSAGE_SIZE - 1, 1293 GNUNET_CONNECTION_receive (client->connection,
1292 client->idle_timeout, 1294 GNUNET_MAX_MESSAGE_SIZE - 1,
1293 &process_incoming, 1295 client->idle_timeout,
1294 client); 1296 &process_incoming,
1297 client))
1298 return NULL;
1295 return client; 1299 return client;
1296} 1300}
1297 1301