From 0f1d24486a4c4284e1362ff94c647a1127657084 Mon Sep 17 00:00:00 2001
From: Matthias Wachs <wachs@net.in.tum.de>
Date: Fri, 14 Oct 2011 15:33:58 +0000
Subject: issue: zero-length plugin and addr fixing: message size parsing
 address comparison

---
 src/ats/gnunet-service-ats_addresses.c  | 43 ++++++++++++++++++++++-----------
 src/ats/gnunet-service-ats_scheduling.c | 29 ++++++++++++++++------
 2 files changed, 51 insertions(+), 21 deletions(-)

(limited to 'src')

diff --git a/src/ats/gnunet-service-ats_addresses.c b/src/ats/gnunet-service-ats_addresses.c
index 5ed3c471b..70bb8517f 100644
--- a/src/ats/gnunet-service-ats_addresses.c
+++ b/src/ats/gnunet-service-ats_addresses.c
@@ -82,16 +82,22 @@ compare_address_it (void *cls,
       (aa->session_id != cac->search->session_id))
     return GNUNET_YES;
 
+  if (aa->addr_len != cac->search->addr_len)
+  {
+    return GNUNET_YES;
+  }
+
   if (0 == strcmp(aa->plugin, cac->search->plugin))
   {
-    if (aa->addr_len != cac->search->addr_len)
-      return GNUNET_YES;
-    if (aa->addr_len == 0)
-      return GNUNET_YES;
-    if (0 == memcmp (aa->addr, cac->search->addr, aa->addr_len))
-      cac->result = aa;
+    return GNUNET_YES;
+  }
+
+  if (0 == memcmp (aa->addr, cac->search->addr, aa->addr_len))
+  {
+    cac->result = aa;
     return GNUNET_NO;
   }
+
   return GNUNET_YES;
 }
 
@@ -212,16 +218,17 @@ GAS_address_destroyed (const struct GNUNET_PeerIdentity *peer,
   aa->session_client = session_client;
   aa->session_id = session_id;
 
-  res = find_address (peer, aa);
-  GNUNET_assert (res != 0);
-
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-    "Deleting address for peer `%s'\n",
-    GNUNET_i2s (peer));
+    "Deleting address for peer `%s': `%s'\n",
+    GNUNET_i2s (peer), plugin_name);
 
-  GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multihashmap_remove(addresses, &peer->hashPubKey, res));
-  destroy_address (aa);
-  destroy_address (res);
+  res = find_address (peer, aa);
+  if (res != NULL)
+  {
+    GNUNET_assert (GNUNET_YES == GNUNET_CONTAINER_multihashmap_remove(addresses, &peer->hashPubKey, res));
+    destroy_address (aa);
+    destroy_address (res);
+  }
 }
 
 
@@ -231,7 +238,15 @@ GAS_addresses_request_address (const struct GNUNET_PeerIdentity *peer)
   struct ATS_Address * aa = NULL;
   aa = GNUNET_CONTAINER_multihashmap_get (addresses, &peer->hashPubKey);
   if (aa != NULL)
+  {
+    aa->bw_in.value__ = htonl (100000);
+    aa->bw_out.value__ = htonl (100000);
     GAS_scheduling_transmit_address_suggestion (peer, aa->plugin, aa->addr, aa->addr_len, aa->session_client, aa->session_id, aa->ats, aa->ats_count, aa->bw_out, aa->bw_in);
+  }
+  else
+    GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
+      "Cannot provide address for peer `%s'\n",
+      GNUNET_i2s (peer));
 }
 
 
diff --git a/src/ats/gnunet-service-ats_scheduling.c b/src/ats/gnunet-service-ats_scheduling.c
index 2491529db..9eebe2c3e 100644
--- a/src/ats/gnunet-service-ats_scheduling.c
+++ b/src/ats/gnunet-service-ats_scheduling.c
@@ -258,7 +258,10 @@ GAS_handle_address_update (void *cls, struct GNUNET_SERVER_Client *client,
   plugin_name_length = ntohs (m->plugin_name_length);  
   atsi = (const struct GNUNET_TRANSPORT_ATS_Information*) &m[1];
   address = (const char*) &atsi[ats_count];
-  plugin_name = &address[address_length];
+  if (plugin_name_length != 0)
+    plugin_name = &address[address_length];
+  else
+    plugin_name = "";
   if ( (address_length +
 	plugin_name_length +
 	ats_count * sizeof (struct GNUNET_TRANSPORT_ATS_Information) +
@@ -302,10 +305,10 @@ GAS_handle_address_destroyed (void *cls, struct GNUNET_SERVER_Client *client,
   uint16_t size;
 
   GNUNET_log (GNUNET_ERROR_TYPE_DEBUG,
-	      "Received `%s' message\n", 
-	      "ADDRESS_DESTROYED");
+	      "Received `%s' message of size %u %u\n",
+	      "ADDRESS_DESTROYED", ntohs (message->size), sizeof (struct AddressDestroyedMessage));
   size = ntohs (message->size);
-  if (size <= sizeof (struct AddressDestroyedMessage))
+  if (size < sizeof (struct AddressDestroyedMessage))
   {
     GNUNET_break (0);
     GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
@@ -316,16 +319,28 @@ GAS_handle_address_destroyed (void *cls, struct GNUNET_SERVER_Client *client,
   address_length = ntohs (m->address_length);
   plugin_name_length = ntohs (m->plugin_name_length);  
   address = (const char*) &m[1];
-  plugin_name = &address[address_length];
+  if (plugin_name_length != 0)
+    plugin_name = &address[address_length];
+  else
+    plugin_name = "";
+
   if ( (address_length +
 	plugin_name_length +
-	sizeof (struct AddressDestroyedMessage) != ntohs (message->size))  ||
-       (plugin_name[plugin_name_length - 1] != '\0') )
+	sizeof (struct AddressDestroyedMessage) != ntohs (message->size)))
   {
     GNUNET_break (0);
     GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
     return;
   }
+
+  if (plugin_name_length != 0)
+    if (plugin_name[plugin_name_length - 1] != '\0')
+    {
+      GNUNET_break (0);
+      GNUNET_SERVER_receive_done (client, GNUNET_SYSERR);
+      return;
+    }
+
   GAS_address_destroyed (&m->peer,
 			 plugin_name,
 			 address,
-- 
cgit v1.2.3