diff options
author | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-10-17 17:07:17 +0000 |
---|---|---|
committer | Christian Fuchs <christian.fuchs@cfuchs.net> | 2013-10-17 17:07:17 +0000 |
commit | 7c55c3dd9fad099aa13a6c3ebfdb4b36148f29c5 (patch) | |
tree | 1544a0cc96ae5597bf09cc4d7b7b5870f25afbf7 /src | |
parent | 528688321250de69d344247396f26bd95ab33587 (diff) | |
download | gnunet-7c55c3dd9fad099aa13a6c3ebfdb4b36148f29c5.tar.gz gnunet-7c55c3dd9fad099aa13a6c3ebfdb4b36148f29c5.zip |
fixed a double-free
removed a redundant memcpy
free_session_variables always resets the freed pointers to NULL
Diffstat (limited to 'src')
-rw-r--r-- | src/scalarproduct/gnunet-service-scalarproduct.c | 64 |
1 files changed, 48 insertions, 16 deletions
diff --git a/src/scalarproduct/gnunet-service-scalarproduct.c b/src/scalarproduct/gnunet-service-scalarproduct.c index bfa6c8401..c19213aa7 100644 --- a/src/scalarproduct/gnunet-service-scalarproduct.c +++ b/src/scalarproduct/gnunet-service-scalarproduct.c | |||
@@ -707,29 +707,45 @@ free_session_variables (struct ServiceSession * session) | |||
707 | for (i = 0; i < session->used; i++) | 707 | for (i = 0; i < session->used; i++) |
708 | if (session->a[i]) gcry_mpi_release (session->a[i]); | 708 | if (session->a[i]) gcry_mpi_release (session->a[i]); |
709 | GNUNET_free (session->a); | 709 | GNUNET_free (session->a); |
710 | session->a = NULL; | ||
710 | } | 711 | } |
711 | GNUNET_free_non_null (session->mask); | 712 | GNUNET_free_non_null (session->mask); |
712 | if (session->r) { | 713 | if (session->r) { |
713 | for (i = 0; i < session->used; i++) | 714 | for (i = 0; i < session->used; i++) |
714 | if (session->r[i]) gcry_mpi_release (session->r[i]); | 715 | if (session->r[i]) gcry_mpi_release (session->r[i]); |
715 | GNUNET_free (session->r); | 716 | GNUNET_free (session->r); |
717 | session->r = NULL; | ||
716 | } | 718 | } |
717 | if (session->r_prime) { | 719 | if (session->r_prime) { |
718 | for (i = 0; i < session->used; i++) | 720 | for (i = 0; i < session->used; i++) |
719 | if (session->r_prime[i]) gcry_mpi_release (session->r_prime[i]); | 721 | if (session->r_prime[i]) gcry_mpi_release (session->r_prime[i]); |
720 | GNUNET_free (session->r_prime); | 722 | GNUNET_free (session->r_prime); |
723 | session->r_prime = NULL; | ||
721 | } | 724 | } |
722 | if (session->s) | 725 | if (session->s){ |
723 | gcry_mpi_release (session->s); | 726 | gcry_mpi_release (session->s); |
724 | if (session->s_prime) | 727 | session->s = NULL; |
728 | } | ||
729 | |||
730 | if (session->s_prime){ | ||
725 | gcry_mpi_release (session->s_prime); | 731 | gcry_mpi_release (session->s_prime); |
726 | if (session->product) | 732 | session->s_prime = NULL; |
733 | } | ||
734 | |||
735 | if (session->product){ | ||
727 | gcry_mpi_release (session->product); | 736 | gcry_mpi_release (session->product); |
737 | session->product = NULL; | ||
738 | } | ||
728 | 739 | ||
729 | if (session->remote_pubkey) | 740 | if (session->remote_pubkey){ |
730 | gcry_sexp_release (session->remote_pubkey); | 741 | gcry_sexp_release (session->remote_pubkey); |
742 | session->remote_pubkey = NULL; | ||
743 | } | ||
731 | 744 | ||
732 | GNUNET_free_non_null (session->vector); | 745 | if (session->vector) { |
746 | GNUNET_free_non_null (session->vector); | ||
747 | session->s = NULL; | ||
748 | } | ||
733 | } | 749 | } |
734 | /////////////////////////////////////////////////////////////////////////////// | 750 | /////////////////////////////////////////////////////////////////////////////// |
735 | // Event and Message Handlers | 751 | // Event and Message Handlers |
@@ -751,14 +767,16 @@ handle_client_disconnect (void *cls, | |||
751 | struct GNUNET_SERVER_Client *client) | 767 | struct GNUNET_SERVER_Client *client) |
752 | { | 768 | { |
753 | struct ServiceSession *session; | 769 | struct ServiceSession *session; |
754 | 770 | ||
755 | if (client == NULL) | 771 | if (NULL != client) |
772 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
773 | _ ("Client (%p) disconnected from us.\n"), client); | ||
774 | else | ||
756 | return; | 775 | return; |
776 | |||
757 | session = GNUNET_SERVER_client_get_user_context (client, struct ServiceSession); | 777 | session = GNUNET_SERVER_client_get_user_context (client, struct ServiceSession); |
758 | if (NULL == session) | 778 | if (NULL == session) |
759 | return; | 779 | return; |
760 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, | ||
761 | _ ("Client (%p) disconnected from us.\n"), client); | ||
762 | GNUNET_CONTAINER_DLL_remove (from_client_head, from_client_tail, session); | 780 | GNUNET_CONTAINER_DLL_remove (from_client_head, from_client_tail, session); |
763 | 781 | ||
764 | if (!(session->role == BOB && session->state == FINALIZED)) { | 782 | if (!(session->role == BOB && session->state == FINALIZED)) { |
@@ -1007,11 +1025,16 @@ prepare_service_response_multipart (void *cls) | |||
1007 | return; | 1025 | return; |
1008 | } | 1026 | } |
1009 | if (session->transferred != session->used) | 1027 | if (session->transferred != session->used) |
1010 | // multipart | 1028 | // more multiparts |
1011 | session->state = WAITING_FOR_MULTIPART_TRANSMISSION; | 1029 | session->state = WAITING_FOR_MULTIPART_TRANSMISSION; |
1012 | else | 1030 | else{ |
1013 | //singlepart | 1031 | // final part |
1014 | session->state = FINALIZED; | 1032 | session->state = FINALIZED; |
1033 | GNUNET_free(session->r); | ||
1034 | GNUNET_free(session->r_prime); | ||
1035 | session->r_prime = NULL; | ||
1036 | session->r = NULL; | ||
1037 | } | ||
1015 | } | 1038 | } |
1016 | 1039 | ||
1017 | 1040 | ||
@@ -1058,7 +1081,7 @@ prepare_service_response (gcry_mpi_t s, | |||
1058 | msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE); | 1081 | msg->header.type = htons (GNUNET_MESSAGE_TYPE_SCALARPRODUCT_BOB_TO_ALICE); |
1059 | msg->header.size = htons (msg_length); | 1082 | msg->header.size = htons (msg_length); |
1060 | msg->total_element_count = htonl (session->total); | 1083 | msg->total_element_count = htonl (session->total); |
1061 | msg->contained_element_count = htonl (session->used); | 1084 | msg->used_element_count = htonl (session->used); |
1062 | msg->contained_element_count = htonl (session->transferred); | 1085 | msg->contained_element_count = htonl (session->transferred); |
1063 | memcpy (&msg->key, &session->key, sizeof (struct GNUNET_HashCode)); | 1086 | memcpy (&msg->key, &session->key, sizeof (struct GNUNET_HashCode)); |
1064 | current = (unsigned char *) &msg[1]; | 1087 | current = (unsigned char *) &msg[1]; |
@@ -1138,9 +1161,14 @@ prepare_service_response (gcry_mpi_t s, | |||
1138 | if (session->transferred != session->used) | 1161 | if (session->transferred != session->used) |
1139 | // multipart | 1162 | // multipart |
1140 | session->state = WAITING_FOR_MULTIPART_TRANSMISSION; | 1163 | session->state = WAITING_FOR_MULTIPART_TRANSMISSION; |
1141 | else | 1164 | else{ |
1142 | //singlepart | 1165 | //singlepart |
1143 | session->state = FINALIZED; | 1166 | session->state = FINALIZED; |
1167 | GNUNET_free(session->r); | ||
1168 | GNUNET_free(session->r_prime); | ||
1169 | session->r_prime = NULL; | ||
1170 | session->r = NULL; | ||
1171 | } | ||
1144 | 1172 | ||
1145 | return GNUNET_OK; | 1173 | return GNUNET_OK; |
1146 | } | 1174 | } |
@@ -1787,6 +1815,8 @@ tunnel_incoming_handler (void *cls, | |||
1787 | { | 1815 | { |
1788 | struct ServiceSession * c = GNUNET_new (struct ServiceSession); | 1816 | struct ServiceSession * c = GNUNET_new (struct ServiceSession); |
1789 | 1817 | ||
1818 | GNUNET_log (GNUNET_ERROR_TYPE_DEBUG, _ ("New incoming tunnel from peer %s.\n"), GNUNET_i2s (initiator)); | ||
1819 | |||
1790 | c->peer = *initiator; | 1820 | c->peer = *initiator; |
1791 | c->tunnel = tunnel; | 1821 | c->tunnel = tunnel; |
1792 | c->role = BOB; | 1822 | c->role = BOB; |
@@ -2104,7 +2134,6 @@ handle_service_request (void *cls, | |||
2104 | return GNUNET_SYSERR; | 2134 | return GNUNET_SYSERR; |
2105 | } | 2135 | } |
2106 | 2136 | ||
2107 | memcpy (&session->peer, &session->peer, sizeof (struct GNUNET_PeerIdentity)); | ||
2108 | session->total = element_count; | 2137 | session->total = element_count; |
2109 | session->used = used_elements; | 2138 | session->used = used_elements; |
2110 | session->transferred = contained_elements; | 2139 | session->transferred = contained_elements; |
@@ -2297,7 +2326,10 @@ handle_service_response (void *cls, | |||
2297 | goto invalid_msg; | 2326 | goto invalid_msg; |
2298 | } | 2327 | } |
2299 | //we need at least a full message without elements attached | 2328 | //we need at least a full message without elements attached |
2300 | if (sizeof (struct GNUNET_SCALARPRODUCT_service_response) + 2 * PAILLIER_ELEMENT_LENGTH > ntohs (msg->header.size)) { | 2329 | msg_size = ntohs (msg->header.size); |
2330 | size_t expected = sizeof (struct GNUNET_SCALARPRODUCT_service_response) + 2 * PAILLIER_ELEMENT_LENGTH; | ||
2331 | |||
2332 | if (expected > msg_size) { | ||
2301 | goto invalid_msg; | 2333 | goto invalid_msg; |
2302 | } | 2334 | } |
2303 | contained = ntohl (msg->contained_element_count); | 2335 | contained = ntohl (msg->contained_element_count); |