- fixed use after free #2499

author Bart Polot <bart@net.in.tum.de>

Tue, 17 Jul 2012 17:16:18 +0000 (17:16 +0000)

committer Bart Polot <bart@net.in.tum.de>

Tue, 17 Jul 2012 17:16:18 +0000 (17:16 +0000)
author Bart Polot <bart@net.in.tum.de>
Tue, 17 Jul 2012 17:16:18 +0000 (17:16 +0000)
committer Bart Polot <bart@net.in.tum.de>
Tue, 17 Jul 2012 17:16:18 +0000 (17:16 +0000)
diff --git a/src/dht/dht_api.c b/src/dht/dht_api.c

index cce9f8b8c3ef3b14b0fac846aeb632cc435da1e3..46436755b4f54c5fee0889fa9584c9dc8bfad654 100644 (file)
--- a/src/dht/dht_api.c
+++ b/src/dht/dht_api.c
@@ -881,8 +881,8 @@ service_message_handler (void *cls, const struct GNUNET_MessageHeader *msg)
    default:
      GNUNET_break(0);
      LOG (GNUNET_ERROR_TYPE_WARNING,
-         "Unknown DHT message type: %hu\n",
-         ntohs (msg->type));
+         "Unknown DHT message type: %hu (%hu) size: %hu\n",
+         ntohs (msg->type), msg->type, msize);
      break;
    }
    if (GNUNET_OK != ret)
diff --git a/src/dht/gnunet-service-dht_clients.c b/src/dht/gnunet-service-dht_clients.c

index 173a1c3efdefd2ac79cd06b35fd6d40e9bff1d03..a67155b894595730f3b1a7aa59066afcaeca7bf4 100644 (file)
--- a/src/dht/gnunet-service-dht_clients.c
+++ b/src/dht/gnunet-service-dht_clients.c
@@ -984,6 +984,7 @@ forward_reply (void *cls, const struct GNUNET_HashCode * key, void *value)
      memcpy (pm, frc->pm,
              sizeof (struct PendingMessage) + ntohs (frc->pm->msg->size));
      pm->next = pm->prev = NULL;
+    pm->msg = (struct GNUNET_MessageHeader *) &pm[1];
    }
    GNUNET_STATISTICS_update (GDS_stats,
                              gettext_noop ("# RESULTS queued for clients"), 1,
author	Bart Polot <bart@net.in.tum.de>
	Tue, 17 Jul 2012 17:16:18 +0000 (17:16 +0000)
committer	Bart Polot <bart@net.in.tum.de>
	Tue, 17 Jul 2012 17:16:18 +0000 (17:16 +0000)
src/dht/dht_api.c		patch \| blob \| history
src/dht/gnunet-service-dht_clients.c		patch \| blob \| history