mirror of
https://github.com/servalproject/serval-dna.git
synced 2024-12-21 06:03:12 +00:00
trying to find memory corruption bug, probably queue handling
related.
This commit is contained in:
parent
788cef0201
commit
5c52c8e274
10
keyring.c
10
keyring.c
@ -241,9 +241,15 @@ void keyring_free_context(keyring_context *c)
|
||||
void keyring_free_identity(keyring_identity *id)
|
||||
{
|
||||
int i;
|
||||
WHYF("id->PKRPin=%p\n",id->PKRPin);
|
||||
if (id->PKRPin) {
|
||||
/* Wipe pin before freeing (slightly tricky since this is a variable length string */
|
||||
for(i=0;id->PKRPin[i];i++) id->PKRPin[i]=' '; i=0;
|
||||
for(i=0;id->PKRPin[i];i++) {
|
||||
fprintf(stderr,"clearing PIN char '%c'\n",id->PKRPin[i]);
|
||||
id->PKRPin[i]=' '; }
|
||||
i=0;
|
||||
|
||||
WHYF("id->PKRPin=%p\n",id->PKRPin);
|
||||
free(id->PKRPin); id->PKRPin=NULL;
|
||||
}
|
||||
|
||||
@ -516,6 +522,8 @@ keyring_identity *keyring_unpack_identity(unsigned char *slot,char *pin)
|
||||
|
||||
id->PKRPin=strdup(pin);
|
||||
|
||||
WHYF("id->PKRPin=%p\n",id->PKRPin);
|
||||
|
||||
/* There was a known plain-text opportunity here:
|
||||
byte 96 must be 0x01, and some other bytes are likely deducible, e.g., the
|
||||
location of the trailing 0x00 byte can probably be guessed with confidence.
|
||||
|
@ -347,17 +347,19 @@ int ob_dump(overlay_buffer *b,char *desc)
|
||||
#undef malloc
|
||||
#undef calloc
|
||||
#undef free
|
||||
#undef realloc
|
||||
|
||||
#define SDM_GUARD_AFTER 16384
|
||||
void *_serval_debug_malloc(unsigned int bytes,char *file,const char *func,int line)
|
||||
{
|
||||
void *r=malloc(bytes);
|
||||
void *r=malloc(bytes+SDM_GUARD_AFTER);
|
||||
fprintf(stderr,"%s:%d:%s(): malloc(%d) -> %p\n",file,line,func,bytes,r);
|
||||
return r;
|
||||
}
|
||||
|
||||
void *_serval_debug_calloc(unsigned int bytes,unsigned int count,char *file,const char *func,int line)
|
||||
{
|
||||
void *r=calloc(bytes,count);
|
||||
void *r=calloc(bytes+SDM_GUARD_AFTER,count);
|
||||
fprintf(stderr,"%s:%d:%s(): calloc(%d,%d) -> %p\n",file,line,func,bytes,count,r);
|
||||
return r;
|
||||
}
|
||||
|
@ -583,14 +583,17 @@ int overlay_interface_discover()
|
||||
|
||||
int overlay_stuff_packet_from_queue(int i,overlay_buffer *e,int q,long long now,overlay_frame *pax[],int *frame_pax,int frame_max_pax)
|
||||
{
|
||||
if (0) printf("Stuffing from queue #%d on interface #%d\n",q,i);
|
||||
if (1) printf("Stuffing from queue #%d on interface #%d\n",q,i);
|
||||
overlay_frame **p=&overlay_tx[q].first;
|
||||
while(p&&*p)
|
||||
if (1) printf("A p=%p, *p=%p, queue=%d\n",p,*p,q);
|
||||
while(p&&(*p))
|
||||
{
|
||||
if (0) printf("p=%p, *p=%p, queue=%d\n",p,*p,q);
|
||||
if (1) printf("B p=%p, *p=%p, queue=%d\n",p,*p,q);
|
||||
|
||||
/* Throw away any stale frames */
|
||||
overlay_frame *pp=*p;
|
||||
overlay_frame *pp;
|
||||
|
||||
if (p) pp=*p;
|
||||
|
||||
if (!pp) break;
|
||||
|
||||
@ -674,9 +677,15 @@ int overlay_stuff_packet_from_queue(int i,overlay_buffer *e,int q,long long now,
|
||||
}
|
||||
}
|
||||
}
|
||||
|
||||
if (1) printf("C p=%p, *p=%p, queue=%d\n",p,*p,q);
|
||||
|
||||
/* Consider next in queue */
|
||||
p=&(*p)->next;
|
||||
|
||||
if (1) printf("D p=%p, *p=%p, queue=%d\n",p,p?*p:-1,q);
|
||||
}
|
||||
if (1) printf("returning from stuffing\n");
|
||||
return 0;
|
||||
}
|
||||
|
||||
|
Loading…
Reference in New Issue
Block a user