gnunet-svn
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[GNUnet-SVN] [gnunet] 02/02: Revert "Fix use-after-free in loop over mod

From: gnunet
Subject: [GNUnet-SVN] [gnunet] 02/02: Revert "Fix use-after-free in loop over modified list"
Date: Sat, 23 Dec 2017 16:58:30 +0100 
This is an automated email from the git hooks/post-receive script.

david-barksdale pushed a commit to branch master
in repository gnunet.

commit 24f4c0aa8302caaef32e8d70e8c54bafada848d8
Author: David Barksdale <address@hidden>
AuthorDate: Sat Dec 23 09:57:56 2017 -0600

    Revert "Fix use-after-free in loop over modified list"
    
    This reverts commit 012ff13acc0cb2f5d7210aa48819395fecf12a3d.
---
 src/cadet/gnunet-service-cadet_peer.c | 51 ++++++++++++-----------------------
 1 file changed, 17 insertions(+), 34 deletions(-)

diff --git a/src/cadet/gnunet-service-cadet_peer.c 
b/src/cadet/gnunet-service-cadet_peer.c
index c4e2c0ccf..71c7c67d0 100644
--- a/src/cadet/gnunet-service-cadet_peer.c
+++ b/src/cadet/gnunet-service-cadet_peer.c
@@ -532,49 +532,32 @@ GCP_set_mq (struct CadetPeer *cp,
        GCP_2s (cp),
        mq);
   cp->core_mq = mq;
-  /* Since these callbacks can remove any items from this list, we must take a
-   * snapshot and then test each one to see if it's still in the list. */
-  int count = 0;
-  for (struct GCP_MessageQueueManager *mqm = cp->mqm_head;
+  for (struct GCP_MessageQueueManager *mqm = cp->mqm_head, *next;
        NULL != mqm;
-       mqm = mqm->next)
-    ++count;
-  struct GCP_MessageQueueManager *mqms[count];
-  int i = 0;
-  for (struct GCP_MessageQueueManager *mqm = cp->mqm_head;
-       NULL != mqm;
-       mqm = mqm->next)
-    mqms[i++] = mqm;
-  for (i = 0; i < count; ++i)
+       mqm = next)
   {
-    for (struct GCP_MessageQueueManager *mqm = cp->mqm_head;
-         NULL != mqm;
-         mqm = mqm->next)
+    /* Save next pointer in case mqm gets freed by the callback */
+    next = mqm->next;
+    if (NULL == mq)
     {
-      if (mqms[i] != mqm)
-        continue;
-      if (NULL == mq)
+      if (NULL != mqm->env)
       {
-        if (NULL != mqm->env)
-        {
-          GNUNET_MQ_discard (mqm->env);
-          mqm->env = NULL;
-          mqm->cb (mqm->cb_cls,
-                   GNUNET_SYSERR);
-        }
-        else
-        {
-          mqm->cb (mqm->cb_cls,
-                   GNUNET_NO);
-        }
+        GNUNET_MQ_discard (mqm->env);
+        mqm->env = NULL;
+        mqm->cb (mqm->cb_cls,
+                 GNUNET_SYSERR);
       }
       else
       {
-        GNUNET_assert (NULL == mqm->env);
         mqm->cb (mqm->cb_cls,
-                 GNUNET_YES);
+                 GNUNET_NO);
       }
-      break;
+    }
+    else
+    {
+      GNUNET_assert (NULL == mqm->env);
+      mqm->cb (mqm->cb_cls,
+               GNUNET_YES);
     }
   }
   if ( (NULL != mq) ||

-- 
To stop receiving notification emails like this one, please contact
address@hidden
reply via email to
[Prev in Thread] Current Thread [Next in Thread]