Fix memory leak and use-after-free

author David Barksdale <amatus@amat.us>

Mon, 13 Nov 2017 03:46:16 +0000 (21:46 -0600)

committer David Barksdale <amatus@amat.us>

Mon, 13 Nov 2017 04:02:18 +0000 (22:02 -0600)
author David Barksdale <amatus@amat.us>
Mon, 13 Nov 2017 03:46:16 +0000 (21:46 -0600)
committer David Barksdale <amatus@amat.us>
Mon, 13 Nov 2017 04:02:18 +0000 (22:02 -0600)
diff --git a/src/transport/gnunet-service-transport.c b/src/transport/gnunet-service-transport.c

index ec4d821649f777065b6fddfdffd94e0271a9c6d3..6b354df986371fa5e902fcf60c9d8ac22fe3daca 100644 (file)
--- a/src/transport/gnunet-service-transport.c
+++ b/src/transport/gnunet-service-transport.c
@@ -541,6 +541,13 @@ client_disconnect_cb (void *cls,
    GNUNET_CONTAINER_multipeermap_iterate (active_stccs,
                                          &mark_match_down,
                                          tc);
+  for (struct AddressToStringContext *cur = a2s_head;
+       NULL != cur;
+       cur = cur->next)
+  {
+    if (cur->tc == tc)
+      cur->tc = NULL;
+  }
    GNUNET_CONTAINER_DLL_remove (clients_head,
                                 clients_tail,
                                 tc);
@@ -864,6 +871,8 @@ transmit_address_to_client (void *cls,
  
    GNUNET_assert ( (GNUNET_OK == res) ||
                    (GNUNET_SYSERR == res) );
+  if (NULL == actx->tc)
+    return;
    if (NULL == buf)
    {
      env = GNUNET_MQ_msg (atsm,
@@ -878,6 +887,7 @@ transmit_address_to_client (void *cls,
        GNUNET_CONTAINER_DLL_remove (a2s_head,
                                     a2s_tail,
                                     actx);
+      GNUNET_free (actx);
        return;
      }
      if (GNUNET_SYSERR == res)
author	David Barksdale <amatus@amat.us>
	Mon, 13 Nov 2017 03:46:16 +0000 (21:46 -0600)
committer	David Barksdale <amatus@amat.us>
	Mon, 13 Nov 2017 04:02:18 +0000 (22:02 -0600)