diff options
| author | Christian Grothoff <christian@grothoff.org> | 2018-01-05 20:53:20 +0100 |
|---|---|---|
| committer | Christian Grothoff <christian@grothoff.org> | 2018-01-05 20:53:45 +0100 |
| commit | 8058989645e9fdb0dd13a369c2e2899016d70533 (patch) | |
| tree | 51c4d4d7efbcf2221dcbcabef812a2bcb55e639f | |
| parent | e2343119b99559b78a2ba727b2c07240c18476ac (diff) | |
fix potential use after free in tcp
| -rw-r--r-- | src/transport/tcp_connection_legacy.c | 9 | ||||
| -rw-r--r-- | src/transport/tcp_server_legacy.c | 24 |
2 files changed, 20 insertions, 13 deletions
diff --git a/src/transport/tcp_connection_legacy.c b/src/transport/tcp_connection_legacy.c index 5b219a467c..17157436dc 100644 --- a/src/transport/tcp_connection_legacy.c +++ b/src/transport/tcp_connection_legacy.c @@ -1218,8 +1218,10 @@ RETRY: * @param timeout maximum amount of time to wait * @param receiver function to call with received data * @param receiver_cls closure for @a receiver + * @return #GNUNET_SYSERR if @a connection died (receiver was + * called with error) */ -void +int GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection, size_t max, struct GNUNET_TIME_Relative timeout, @@ -1241,7 +1243,7 @@ GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection, connection->sock, &receive_ready, connection); - return; + return GNUNET_OK; } if ((NULL == connection->dns_active) && (NULL == connection->ap_head) && @@ -1252,8 +1254,9 @@ GNUNET_CONNECTION_receive (struct GNUNET_CONNECTION_Handle *connection, NULL, 0, NULL, 0, ETIMEDOUT); - return; + return GNUNET_SYSERR; } + return GNUNET_OK; } diff --git a/src/transport/tcp_server_legacy.c b/src/transport/tcp_server_legacy.c index d0ce790fcc..f75b41e8ca 100644 --- a/src/transport/tcp_server_legacy.c +++ b/src/transport/tcp_server_legacy.c @@ -1044,11 +1044,13 @@ process_mst (struct GNUNET_SERVER_Client *client, "Server re-enters receive loop, timeout: %s.\n", GNUNET_STRINGS_relative_time_to_string (client->idle_timeout, GNUNET_YES)); client->receive_pending = GNUNET_YES; - GNUNET_CONNECTION_receive (client->connection, - GNUNET_MAX_MESSAGE_SIZE - 1, - client->idle_timeout, - &process_incoming, - client); + if (GNUNET_OK != + GNUNET_CONNECTION_receive (client->connection, + GNUNET_MAX_MESSAGE_SIZE - 1, + client->idle_timeout, + &process_incoming, + client)) + return; break; } LOG (GNUNET_ERROR_TYPE_DEBUG, @@ -1287,11 +1289,13 @@ GNUNET_SERVER_connect_socket (struct GNUNET_SERVER_Handle *server, for (n = server->connect_notify_list_head; NULL != n; n = n->next) n->callback (n->callback_cls, client); client->receive_pending = GNUNET_YES; - GNUNET_CONNECTION_receive (client->connection, - GNUNET_MAX_MESSAGE_SIZE - 1, - client->idle_timeout, - &process_incoming, - client); + if (GNUNET_SYSERR == + GNUNET_CONNECTION_receive (client->connection, + GNUNET_MAX_MESSAGE_SIZE - 1, + client->idle_timeout, + &process_incoming, + client)) + return NULL; return client; } |