Fixed a use after free that occured when doing DHT_Disconnect while the client was...
authorBart Polot <bart@net.in.tum.de>
Fri, 16 Sep 2011 19:29:35 +0000 (19:29 +0000)
committerBart Polot <bart@net.in.tum.de>
Fri, 16 Sep 2011 19:29:35 +0000 (19:29 +0000)
==12088== Invalid read of size 8
==12088==    at 0x5245EB4: GNUNET_CLIENT_notify_transmit_ready_cancel (client.c:1118)
==12088==    by 0x5033F10: GNUNET_DHT_disconnect (dht_api.c:571)
==12088==    by 0x403211: shutdown_task (gnunet-service-mesh.c:3366)
==12088==    by 0x5260292: GNUNET_SCHEDULER_run (scheduler.c:682)
==12088==    by 0x526634B: GNUNET_SERVICE_run (service.c:1590)
==12088==    by 0x401885: main (gnunet-service-mesh.c:3460)
==12088==  Address 0x651fb90 is 32 bytes inside a block of size 64 free'd
==12088==    at 0x4C2556E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12088==    by 0x5245F85: GNUNET_CLIENT_disconnect (client.c:422)
==12088==    by 0x503360A: do_disconnect (dht_api.c:323)
==12088==    by 0x5260292: GNUNET_SCHEDULER_run (scheduler.c:682)
==12088==    by 0x526634B: GNUNET_SERVICE_run (service.c:1590)
==12088==    by 0x401885: main (gnunet-service-mesh.c:3460)

src/dht/dht_api.c

index 9c378dca135a89eafe204f776aeb3cdefadb930e..1b0840110971abca3cee65f5e6c8ade149cd8b55 100644 (file)
@@ -320,6 +320,9 @@ do_disconnect (struct GNUNET_DHT_Handle *handle)
   if (handle->client == NULL)
     return;
   GNUNET_assert (handle->reconnect_task == GNUNET_SCHEDULER_NO_TASK);
+  if (NULL != handle->th)
+      GNUNET_CLIENT_notify_transmit_ready_cancel(handle->th);
+  handle->th = NULL;
   GNUNET_CLIENT_disconnect (handle->client, GNUNET_NO);
   handle->client = NULL;
   handle->reconnect_task =