[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[GNUnet-SVN] r37692 - gnunet/src/cadet
From: |
gnunet |
Subject: |
[GNUnet-SVN] r37692 - gnunet/src/cadet |
Date: |
Wed, 10 Aug 2016 20:04:51 +0200 |
Author: bartpolot
Date: 2016-08-10 20:04:51 +0200 (Wed, 10 Aug 2016)
New Revision: 37692
Modified:
gnunet/src/cadet/cadet_api.c
Log:
- fix use after free (not removing single transmit handle from queue), refactor
queue logic
Modified: gnunet/src/cadet/cadet_api.c
===================================================================
--- gnunet/src/cadet/cadet_api.c 2016-08-10 18:04:50 UTC (rev 37691)
+++ gnunet/src/cadet/cadet_api.c 2016-08-10 18:04:51 UTC (rev 37692)
@@ -485,6 +485,26 @@
/**
+ * Remove a transmit handle from the transmission queue, if present.
+ *
+ * Safe to call even if not queued.
+ *
+ * @param th handle to the packet to be unqueued.
+ */
+static void
+remove_from_queue (struct GNUNET_CADET_TransmitHandle *th)
+{
+ struct GNUNET_CADET_Handle *h = th->channel->cadet;
+
+ /* It might or might not have been queued (rarely not), but check anyway. */
+ if (NULL != th->next || h->th_tail == th)
+ {
+ GNUNET_CONTAINER_DLL_remove (h->th_head, h->th_tail, th);
+ }
+}
+
+
+/**
* Send an ack on the channel to confirm the processing of a message.
*
* @param ch Channel on which to send the ACK.
@@ -527,16 +547,21 @@
size_t osize;
LOG (GNUNET_ERROR_TYPE_DEBUG, "Requesting Data: %u bytes\n", th->size);
+
+ GNUNET_assert (GNUNET_YES == th->channel->allow_send);
+ th->channel->allow_send = GNUNET_NO;
th->request_data_task = NULL;
th->channel->packet_size = 0;
+ remove_from_queue (th);
+
env = GNUNET_MQ_msg_extra (msg, th->size,
GNUNET_MESSAGE_TYPE_CADET_LOCAL_DATA);
msg->id = htonl (th->channel->chid);
osize = th->notify (th->notify_cls, th->size, &msg[1]);
GNUNET_assert (osize == th->size);
- th->channel->allow_send = GNUNET_NO;
GNUNET_MQ_send (th->channel->cadet->mq, env);
- GNUNET_CADET_notify_transmit_ready_cancel (th);
+
+ GNUNET_free (th);
}
@@ -1665,13 +1690,7 @@
}
th->request_data_task = NULL;
- /* It might or might not have been queued (rarely not), but check anyway. */
- if (NULL != th->next)
- {
- struct GNUNET_CADET_Handle *h;
- h = th->channel->cadet;
- GNUNET_CONTAINER_DLL_remove (h->th_head, h->th_tail, th);
- }
+ remove_from_queue (th);
GNUNET_free (th);
}
@@ -1689,12 +1708,12 @@
struct GNUNET_MessageHeader *msg;
struct GNUNET_MQ_Envelope *env;
+ LOG (GNUNET_ERROR_TYPE_DEBUG,
+ " Sending %s monitor message to service\n",
+ GC_m2s(type));
+
env = GNUNET_MQ_msg (msg, type);
GNUNET_MQ_send (h->mq, env);
-
- LOG (GNUNET_ERROR_TYPE_DEBUG,
- " Sending %s message to service\n",
- GC_m2s(type));
}
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [GNUnet-SVN] r37692 - gnunet/src/cadet,
gnunet <=