Corrected two harmful bugs in tunnel connexion code:

- added a destructor to RsTunnelDataItem, to remove a memory leak on all data packets. - apparently the code would allow data items of zero size, hence calling malloc(0), which has undetermined behavior. git-svn-id: http://svn.code.sf.net/p/retroshare/code/trunk@3191 b45a01b8-16f6-495d-af2f-9b41ad6348cc
2025-02-17 21:34:10 -05:00 · 2010-06-22 21:05:56 +00:00 · 2010-06-22 21:05:56 +00:00 · 5045e720b2
commit 5045e720b2
parent 13671d03ea
3 changed files with 229 additions and 204 deletions
--- a/libretroshare/src/serialiser/rstunnelitems.cc
+++ b/libretroshare/src/serialiser/rstunnelitems.cc
@ -82,6 +82,12 @@ RsItem *RsTunnelSerialiser::deserialise(void *data, uint32_t *size)
 	}
 }
 RsTunnelDataItem::~RsTunnelDataItem()
 {
 	if(encoded_data != NULL)
 		free(encoded_data) ;
 }
 bool RsTunnelDataItem::serialize(void *data,uint32_t& pktsize)
 {
 #ifdef P3TUNNEL_DEBUG
@ -112,6 +118,8 @@ bool RsTunnelDataItem::serialize(void *data,uint32_t& pktsize)
 	ok &= SetTlvString(data, tlvsize, &offset, TLV_TYPE_STR_VALUE, destPeerId);
 	ok &= setRawUInt32(data, tlvsize, &offset, encoded_data_len) ;
 	if(encoded_data != NULL)
 		memcpy((void*)((unsigned char*)data+offset),encoded_data,encoded_data_len) ;
 #ifdef P3TUNNEL_DEBUG
@ -215,11 +223,16 @@ RsTunnelDataItem *RsTunnelDataItem::deserialise(void *data,uint32_t pktsize)
 	ok &= getRawUInt32(data, pktsize, &offset, &item->encoded_data_len) ;
-	if(!ok)					// return early to avoid calling malloc with 0 size
+	if(!ok)					// return early to avoid calling malloc with invalid size
 		return NULL ;
 	if(item->encoded_data_len > 0)
 	{
 		item->encoded_data = (void*)malloc(item->encoded_data_len) ;
 		memcpy(item->encoded_data, (void*)((unsigned char*)data+offset), item->encoded_data_len);
 	}
 	else
 		item->encoded_data = NULL ;
 	if ((offset + item->encoded_data_len) != rssize)
 	{
--- a/libretroshare/src/serialiser/rstunnelitems.h
+++ b/libretroshare/src/serialiser/rstunnelitems.h
@ -47,6 +47,8 @@ class RsTunnelItem: public RsItem
 	public:
 		RsTunnelItem(uint8_t tunnel_subtype) : RsItem(RS_PKT_VERSION_SERVICE,RS_SERVICE_TYPE_TUNNEL,tunnel_subtype) {}
 		virtual ~RsTunnelItem() {}
 		virtual bool serialize(void *data,uint32_t& size) = 0 ;	// Isn't it better that items can serialize themselves ?
                virtual uint32_t serial_size() { return  0;}
@ -56,8 +58,13 @@ class RsTunnelItem: public RsItem
 class RsTunnelDataItem: public RsTunnelItem
 {
 	public:
-		RsTunnelDataItem() : RsTunnelItem(RS_TUNNEL_SUBTYPE_DATA) {}
+		RsTunnelDataItem() : RsTunnelItem(RS_TUNNEL_SUBTYPE_DATA) 
-		RsTunnelDataItem(void *data,uint32_t size) ;		// deserialization
+		{
 			encoded_data = NULL ;	// To comply with the destructor below.
 		}
 		virtual ~RsTunnelDataItem() ;
 		static RsTunnelDataItem *deserialise(void *data,uint32_t size) ;		// deserialization
 		uint32_t encoded_data_len;
 		void *encoded_data;
@ -76,7 +83,9 @@ class RsTunnelHandshakeItem: public RsTunnelItem
 {
        public:
                RsTunnelHandshakeItem() : RsTunnelItem(RS_TUNNEL_SUBTYPE_HANDSHAKE) {}
-                RsTunnelHandshakeItem(void *data,uint32_t size) ;		// deserialization
+					 virtual ~RsTunnelHandshakeItem() {}
                static RsTunnelHandshakeItem *deserialise(void *data,uint32_t size) ;		// deserialization
                std::string sourcePeerId ;
                std::string relayPeerId ;
--- a/libretroshare/src/services/p3tunnel.cc
+++ b/libretroshare/src/services/p3tunnel.cc
@ -139,8 +139,11 @@ void p3tunnel::sendTunnelDataPrivate(std::string to, std::string sourcePeerId, s
 	rdi->relayPeerId = relayPeerId;
 	rdi->encoded_data_len = data_length;
 	if(data_length > 0)
 	{
 		rdi->encoded_data = (void*)malloc(data_length);
 		memcpy(rdi->encoded_data, data, data_length);
 	}
 	rdi->PeerId(to);