From 84f106df4bd8b7d5f6c1b0003af27bc486c47661 Mon Sep 17 00:00:00 2001
From: bartpolot <bartpolot@140774ce-b5e7-0310-ab8b-a85725594a96>
Date: Tue, 17 Jul 2012 17:16:18 +0000
Subject: - fixed use after free #2499

git-svn-id: https://gnunet.org/svn/gnunet@22724 140774ce-b5e7-0310-ab8b-a85725594a96
---
 src/dht/dht_api.c                    | 4 ++--
 src/dht/gnunet-service-dht_clients.c | 1 +
 2 files changed, 3 insertions(+), 2 deletions(-)

diff --git a/src/dht/dht_api.c b/src/dht/dht_api.c
index cce9f8b8c3..46436755b4 100644
--- a/src/dht/dht_api.c
+++ b/src/dht/dht_api.c
@@ -881,8 +881,8 @@ service_message_handler (void *cls, const struct GNUNET_MessageHeader *msg)
   default:
     GNUNET_break(0);
     LOG (GNUNET_ERROR_TYPE_WARNING,
-         "Unknown DHT message type: %hu\n",
-         ntohs (msg->type));
+         "Unknown DHT message type: %hu (%hu) size: %hu\n",
+         ntohs (msg->type), msg->type, msize);
     break;
   }
   if (GNUNET_OK != ret)
diff --git a/src/dht/gnunet-service-dht_clients.c b/src/dht/gnunet-service-dht_clients.c
index 173a1c3efd..a67155b894 100644
--- a/src/dht/gnunet-service-dht_clients.c
+++ b/src/dht/gnunet-service-dht_clients.c
@@ -984,6 +984,7 @@ forward_reply (void *cls, const struct GNUNET_HashCode * key, void *value)
     memcpy (pm, frc->pm,
             sizeof (struct PendingMessage) + ntohs (frc->pm->msg->size));
     pm->next = pm->prev = NULL;
+    pm->msg = (struct GNUNET_MessageHeader *) &pm[1];
   }
   GNUNET_STATISTICS_update (GDS_stats,
                             gettext_noop ("# RESULTS queued for clients"), 1,
-- 
cgit v1.2.3-18-g5258