From 45800a25e9374e63caaabba05c89585c86acd668 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Mon, 28 Dec 2015 19:22:37 +0000 Subject: [PATCH 1/4] db_lmdb: fix a strdup/delete[] mistmatch --- src/blockchain_db/lmdb/db_lmdb.cpp | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/src/blockchain_db/lmdb/db_lmdb.cpp b/src/blockchain_db/lmdb/db_lmdb.cpp index 325ed8b8c..ded648cae 100644 --- a/src/blockchain_db/lmdb/db_lmdb.cpp +++ b/src/blockchain_db/lmdb/db_lmdb.cpp @@ -130,13 +130,16 @@ private: template<> struct MDB_val_copy: public MDB_val { - MDB_val_copy(const char *s) : - data(strdup(s)) + MDB_val_copy(const char *s): + len(strlen(s)), + data(new char[len+1]) { - mv_size = strlen(s) + 1; // include the NUL, makes it easier for compares + memcpy(data.get(), s, len+1); + mv_size = len + 1; // include the NUL, makes it easier for compares mv_data = data.get(); } private: + size_t len; std::unique_ptr data; }; From 78b65cf7e8089d370aa7e8b481ccce8a3b9cd4af Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Mon, 28 Dec 2015 19:23:02 +0000 Subject: [PATCH 2/4] db_lmdb: safety close db at exit Noticed by hyc Also set m_open to false when closed --- src/blockchain_db/lmdb/db_lmdb.cpp | 3 +++ 1 file changed, 3 insertions(+) diff --git a/src/blockchain_db/lmdb/db_lmdb.cpp b/src/blockchain_db/lmdb/db_lmdb.cpp index ded648cae..85eaf4569 100644 --- a/src/blockchain_db/lmdb/db_lmdb.cpp +++ b/src/blockchain_db/lmdb/db_lmdb.cpp @@ -926,6 +926,8 @@ BlockchainLMDB::~BlockchainLMDB() // batch transaction shouldn't be active at this point. If it is, consider it aborted. if (m_batch_active) batch_abort(); + if (m_open) + close(); } BlockchainLMDB::BlockchainLMDB(bool batch_transactions) @@ -1156,6 +1158,7 @@ void BlockchainLMDB::close() // FIXME: not yet thread safe!!! Use with care. mdb_env_close(m_env); + m_open = false; } void BlockchainLMDB::sync() From 4a5a5ff1573cc6a1081b28ef8611ca8bf8417800 Mon Sep 17 00:00:00 2001 From: moneromooo-monero Date: Mon, 28 Dec 2015 19:53:07 +0000 Subject: [PATCH 3/4] blockchain: always stop the ioservice before returning Fixes a use after free --- src/cryptonote_core/blockchain.cpp | 2 ++ 1 file changed, 2 insertions(+) diff --git a/src/cryptonote_core/blockchain.cpp b/src/cryptonote_core/blockchain.cpp index 71a2b8841..02cb348d6 100644 --- a/src/cryptonote_core/blockchain.cpp +++ b/src/cryptonote_core/blockchain.cpp @@ -2113,6 +2113,7 @@ bool Blockchain::check_tx_inputs(const transaction& tx, uint64_t* pmax_used_bloc if(have_tx_keyimg_as_spent(in_to_key.k_image)) { LOG_PRINT_L1("Key image already spent in blockchain: " << epee::string_tools::pod_to_hex(in_to_key.k_image)); + KILL_IOSERVICE(); return false; } @@ -2126,6 +2127,7 @@ bool Blockchain::check_tx_inputs(const transaction& tx, uint64_t* pmax_used_bloc if(!itk->second) { LOG_PRINT_L1("Failed ring signature for tx " << get_transaction_hash(tx) << " vin key with k_image: " << in_to_key.k_image << " sig_index: " << sig_index); + KILL_IOSERVICE(); return false; } From b39aae7aa5ca7f362aa4fdc1159e853b80077ade Mon Sep 17 00:00:00 2001 From: hyc Date: Tue, 29 Dec 2015 00:09:10 +0000 Subject: [PATCH 4/4] Tweak 45800a25e9374e63caaabba05c89585c86acd668 trivial cleanup --- src/blockchain_db/lmdb/db_lmdb.cpp | 10 +++++----- 1 file changed, 5 insertions(+), 5 deletions(-) diff --git a/src/blockchain_db/lmdb/db_lmdb.cpp b/src/blockchain_db/lmdb/db_lmdb.cpp index 85eaf4569..0fd18bc18 100644 --- a/src/blockchain_db/lmdb/db_lmdb.cpp +++ b/src/blockchain_db/lmdb/db_lmdb.cpp @@ -131,15 +131,15 @@ template<> struct MDB_val_copy: public MDB_val { MDB_val_copy(const char *s): - len(strlen(s)), - data(new char[len+1]) + size(strlen(s)+1), // include the NUL, makes it easier for compares + data(new char[size]) { - memcpy(data.get(), s, len+1); - mv_size = len + 1; // include the NUL, makes it easier for compares + mv_size = size; mv_data = data.get(); + memcpy(mv_data, s, size); } private: - size_t len; + size_t size; std::unique_ptr data; };