From 8058989645e9fdb0dd13a369c2e2899016d70533 Mon Sep 17 00:00:00 2001 From: Christian Grothoff Date: Fri, 5 Jan 2018 20:53:20 +0100 Subject: fix potential use after free in tcp --- src/transport/tcp_server_legacy.c | 24 ++++++++++++++---------- 1 file changed, 14 insertions(+), 10 deletions(-) (limited to 'src/transport/tcp_server_legacy.c') diff --git a/src/transport/tcp_server_legacy.c b/src/transport/tcp_server_legacy.c index d0ce790fc..f75b41e8c 100644 --- a/src/transport/tcp_server_legacy.c +++ b/src/transport/tcp_server_legacy.c @@ -1044,11 +1044,13 @@ process_mst (struct GNUNET_SERVER_Client *client, "Server re-enters receive loop, timeout: %s.\n", GNUNET_STRINGS_relative_time_to_string (client->idle_timeout, GNUNET_YES)); client->receive_pending = GNUNET_YES; - GNUNET_CONNECTION_receive (client->connection, - GNUNET_MAX_MESSAGE_SIZE - 1, - client->idle_timeout, - &process_incoming, - client); + if (GNUNET_OK != + GNUNET_CONNECTION_receive (client->connection, + GNUNET_MAX_MESSAGE_SIZE - 1, + client->idle_timeout, + &process_incoming, + client)) + return; break; } LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -1287,11 +1289,13 @@ GNUNET_SERVER_connect_socket (struct GNUNET_SERVER_Handle *server, for (n = server->connect_notify_list_head; NULL != n; n = n->next) n->callback (n->callback_cls, client); client->receive_pending = GNUNET_YES; - GNUNET_CONNECTION_receive (client->connection, - GNUNET_MAX_MESSAGE_SIZE - 1, - client->idle_timeout, - &process_incoming, - client); + if (GNUNET_SYSERR == + GNUNET_CONNECTION_receive (client->connection, + GNUNET_MAX_MESSAGE_SIZE - 1, + client->idle_timeout, + &process_incoming, + client)) + return NULL; return client; } -- cgit v1.2.3