From 261df49654bbd239d9d164177e1d362ed09f8411 Mon Sep 17 00:00:00 2001
From: Bart Polot <bart@net.in.tum.de>
Date: Fri, 16 Sep 2011 19:29:35 +0000
Subject: [PATCH] Fixed a use after free that occured when doing DHT_Disconnect
 while the client was trying to reconnect to the service.

==12088== Invalid read of size 8
==12088==    at 0x5245EB4: GNUNET_CLIENT_notify_transmit_ready_cancel (client.c:1118)
==12088==    by 0x5033F10: GNUNET_DHT_disconnect (dht_api.c:571)
==12088==    by 0x403211: shutdown_task (gnunet-service-mesh.c:3366)
==12088==    by 0x5260292: GNUNET_SCHEDULER_run (scheduler.c:682)
==12088==    by 0x526634B: GNUNET_SERVICE_run (service.c:1590)
==12088==    by 0x401885: main (gnunet-service-mesh.c:3460)
==12088==  Address 0x651fb90 is 32 bytes inside a block of size 64 free'd
==12088==    at 0x4C2556E: free (in /usr/lib/valgrind/vgpreload_memcheck-amd64-linux.so)
==12088==    by 0x5245F85: GNUNET_CLIENT_disconnect (client.c:422)
==12088==    by 0x503360A: do_disconnect (dht_api.c:323)
==12088==    by 0x5260292: GNUNET_SCHEDULER_run (scheduler.c:682)
==12088==    by 0x526634B: GNUNET_SERVICE_run (service.c:1590)
==12088==    by 0x401885: main (gnunet-service-mesh.c:3460)
---
 src/dht/dht_api.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/src/dht/dht_api.c b/src/dht/dht_api.c
index 9c378dca1..1b0840110 100644
--- a/src/dht/dht_api.c
+++ b/src/dht/dht_api.c
@@ -320,6 +320,9 @@ do_disconnect (struct GNUNET_DHT_Handle *handle)
   if (handle->client == NULL)
     return;
   GNUNET_assert (handle->reconnect_task == GNUNET_SCHEDULER_NO_TASK);
+  if (NULL != handle->th)
+      GNUNET_CLIENT_notify_transmit_ready_cancel(handle->th);
+  handle->th = NULL;
   GNUNET_CLIENT_disconnect (handle->client, GNUNET_NO);
   handle->client = NULL;
   handle->reconnect_task =
-- 
2.25.1