From: David Barksdale Date: Mon, 9 Oct 2017 21:11:35 +0000 (-0500) Subject: Fix use-after-free in revalidate_address X-Git-Tag: gnunet-0.11.0rc0~102^2~1 X-Git-Url: https://git.librecmc.org/?a=commitdiff_plain;h=2a48c70fa17df09d1315c37426c3c48f6414f701;p=oweals%2Fgnunet.git Fix use-after-free in revalidate_address --- diff --git a/src/transport/gnunet-service-transport_validation.c b/src/transport/gnunet-service-transport_validation.c index 5a8539f72..27c3c7041 100644 --- a/src/transport/gnunet-service-transport_validation.c +++ b/src/transport/gnunet-service-transport_validation.c @@ -697,6 +697,7 @@ revalidate_address (void *cls) struct GNUNET_TIME_Relative canonical_delay; struct GNUNET_TIME_Relative delay; struct GNUNET_TIME_Relative blocked_for; + struct GST_BlacklistCheck *bc; uint32_t rdelay; ve->revalidation_task = NULL; @@ -788,12 +789,19 @@ revalidate_address (void *cls) GST_blacklist_test_cancel (ve->bc); ve->bc = NULL; } - ve->bc = GST_blacklist_test_allowed (&ve->address->peer, - ve->address->transport_name, - &transmit_ping_if_allowed, - ve, - NULL, - NULL); + bc = GST_blacklist_test_allowed (&ve->address->peer, + ve->address->transport_name, + &transmit_ping_if_allowed, + ve, + NULL, + NULL); + if (NULL != bc) + { + /* If transmit_ping_if_allowed was already called it may have freed ve, + * so only set ve->bc if it has not been called. + */ + ve->bc = bc; + } }