diff options
| author | Christian Grothoff <christian@grothoff.org> | 2015-02-28 14:05:47 +0000 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2015-02-28 14:05:47 +0000 |
| commit | bb6cb0741b947c83113b8d89797e6718dcf5391a (patch) | |
| tree | 5e31684efcf98fb127a964812da271746028ebd2 /src/util/client.c | |
| parent | 9e1a2064325b026198005dc050923f939d510d41 (diff) | |
| download | gnunet-bb6cb0741b947c83113b8d89797e6718dcf5391a.tar.gz gnunet-bb6cb0741b947c83113b8d89797e6718dcf5391a.zip | |
Fix use after free:
==14602== Invalid write of size 4
==14602== at 0x5A82CA7: receive_helper (client.c:542)
==14602== by 0x5A8E146: signal_receive_timeout (connection.c:508)
==14602== by 0x5A91236: receive_ready (connection.c:1091)
==14602== by 0x5AC1091: run_ready (scheduler.c:587)
==14602== by 0x5AC1915: GNUNET_SCHEDULER_run (scheduler.c:816)
==14602== by 0x5AD00F5: GNUNET_SERVICE_run (service.c:1503)
==14602== by 0x406218: main (gnunet-service-transport.c:925)
==14602== Address 0xa4d42f8 is 104 bytes inside a block of size 120 free'd
==14602== at 0x4C29E90: free (vg_replace_malloc.c:473)
==14602== by 0x5A872C3: GNUNET_xfree_ (common_allocation.c:239)
==14602== by 0x5A829C5: GNUNET_CLIENT_disconnect (client.c:475)
==14602== by 0x5ABD9E5: handle_response (resolver_api.c:388)
==14602== by 0x5A82CA2: receive_helper (client.c:538)
==14602== by 0x5A8E146: signal_receive_timeout (connection.c:508)
==14602== by 0x5A91236: receive_ready (connection.c:1091)
==14602== by 0x5AC1091: run_ready (scheduler.c:587)
==14602== by 0x5AC1915: GNUNET_SCHEDULER_run (scheduler.c:816)
==14602== by 0x5AD00F5: GNUNET_SERVICE_run (service.c:1503)
==14602== by 0x406218: main (gnunet-service-transport.c:925)
Diffstat (limited to 'src/util/client.c')
| -rw-r--r-- | src/util/client.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/src/util/client.c b/src/util/client.c index 11abecfcf..46bb6a86b 100644 --- a/src/util/client.c +++ b/src/util/client.c | |||
| @@ -531,6 +531,8 @@ receive_helper (void *cls, | |||
| 531 | (unsigned int) available, | 531 | (unsigned int) available, |
| 532 | NULL == client->connection ? "NULL" : "non-NULL", | 532 | NULL == client->connection ? "NULL" : "non-NULL", |
| 533 | STRERROR (errCode)); | 533 | STRERROR (errCode)); |
| 534 | /* remember failure */ | ||
| 535 | client->in_receive = GNUNET_SYSERR; | ||
| 534 | if (NULL != (receive_handler = client->receiver_handler)) | 536 | if (NULL != (receive_handler = client->receiver_handler)) |
| 535 | { | 537 | { |
| 536 | receive_handler_cls = client->receiver_handler_cls; | 538 | receive_handler_cls = client->receiver_handler_cls; |
| @@ -538,8 +540,6 @@ receive_helper (void *cls, | |||
| 538 | receive_handler (receive_handler_cls, | 540 | receive_handler (receive_handler_cls, |
| 539 | NULL); | 541 | NULL); |
| 540 | } | 542 | } |
| 541 | /* remember failure */ | ||
| 542 | client->in_receive = GNUNET_SYSERR; | ||
| 543 | return; | 543 | return; |
| 544 | } | 544 | } |
| 545 | /* FIXME: optimize for common fast case where buf contains the | 545 | /* FIXME: optimize for common fast case where buf contains the |