Commit bd3e2a5a authored by Anthony Ryan's avatar Anthony Ryan Committed by Jari Sundell

Drop packets everywhere we're deleting DhtTransaction's (#135)

This is a continuation of 856d9ca8

I've observed at least two more behaviours where this deletion of
the DhtTransaction within dht_server.cc can later lead to a use
after free when attempting to process the associated packets.

As such this commit updates all of the areas where we're deleting
DhtTransactions to also drop the corresponding packets. While this
arguably could be placed within the DhtTransactions' destructor, it
feels like that would be messing up the hierarchy within the Dht*
classes.
parent 8d640352
......@@ -263,6 +263,7 @@ DhtServer::cancel_announce(DownloadInfo* info, const TrackerDht* tracker) {
DhtAnnounce* announce = static_cast<DhtAnnounce*>(itr->second->as_search()->search());
if ((info == NULL || announce->target() == info->hash()) && (tracker == NULL || announce->tracker() == tracker)) {
drop_packet(itr->second->packet());
delete itr->second;
m_transactions.erase(itr++);
continue;
......@@ -409,6 +410,7 @@ DhtServer::process_response(const HashString& id, const rak::socket_address* sa,
m_router->node_replied(id, sa);
} catch (std::exception& e) {
drop_packet(itr->second->packet());
delete itr->second;
m_transactions.erase(itr);
......@@ -416,6 +418,7 @@ DhtServer::process_response(const HashString& id, const rak::socket_address* sa,
throw;
}
drop_packet(itr->second->packet());
delete itr->second;
m_transactions.erase(itr);
}
......@@ -436,6 +439,7 @@ DhtServer::process_error(const rak::socket_address* sa, const DhtMessage& error)
// If it consistently returns errors for valid queries it's probably broken. But a
// few error messages are acceptable. So we do nothing and pretend the query never happened.
drop_packet(itr->second->packet());
delete itr->second;
m_transactions.erase(itr);
}
......@@ -698,8 +702,10 @@ DhtServer::failed_transaction(transaction_itr itr, bool quick) {
void
DhtServer::clear_transactions() {
for (transaction_map::iterator itr = m_transactions.begin(), last = m_transactions.end(); itr != last; itr++)
for (transaction_map::iterator itr = m_transactions.begin(), last = m_transactions.end(); itr != last; itr++) {
drop_packet(itr->second->packet());
delete itr->second;
}
m_transactions.clear();
}
......
Markdown is supported
0%
or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment