Fix use-after-free in revalidate_address
authorDavid Barksdale <amatus@amat.us>
Mon, 9 Oct 2017 21:11:35 +0000 (16:11 -0500)
committerDavid Barksdale <amatus@amat.us>
Mon, 9 Oct 2017 21:11:35 +0000 (16:11 -0500)
src/transport/gnunet-service-transport_validation.c

index 5a8539f72ea25c253264f84c28164ddac48f4c06..27c3c70419c0b712fd0deb09fdc2d5c1d83dbc37 100644 (file)
@@ -697,6 +697,7 @@ revalidate_address (void *cls)
   struct GNUNET_TIME_Relative canonical_delay;
   struct GNUNET_TIME_Relative delay;
   struct GNUNET_TIME_Relative blocked_for;
+  struct GST_BlacklistCheck *bc;
   uint32_t rdelay;
 
   ve->revalidation_task = NULL;
@@ -788,12 +789,19 @@ revalidate_address (void *cls)
     GST_blacklist_test_cancel (ve->bc);
     ve->bc = NULL;
   }
-  ve->bc = GST_blacklist_test_allowed (&ve->address->peer,
-                                       ve->address->transport_name,
-                                       &transmit_ping_if_allowed,
-                                       ve,
-                                       NULL,
-                                       NULL);
+  bc = GST_blacklist_test_allowed (&ve->address->peer,
+                                   ve->address->transport_name,
+                                   &transmit_ping_if_allowed,
+                                   ve,
+                                   NULL,
+                                   NULL);
+  if (NULL != bc)
+  {
+    /* If transmit_ping_if_allowed was already called it may have freed ve,
+     * so only set ve->bc if it has not been called.
+     */
+    ve->bc = bc;
+  }
 }