[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #48503] tcp_abandon() on CLOSED unbound PCB tries to r
|
From: |
Ambroz Bizjak |
|
Subject: |
[lwip-devel] [bug #48503] tcp_abandon() on CLOSED unbound PCB tries to remove it from tcp_active_pcbs |
|
Date: |
Wed, 13 Jul 2016 21:15:59 +0000 (UTC) |
|
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?48503>
Summary: tcp_abandon() on CLOSED unbound PCB tries to remove
it from tcp_active_pcbs
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: abizjak
Submitted on: Wed 13 Jul 2016 09:15:56 PM GMT
Category: TCP
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: git head
_______________________________________________________
Details:
Well that should be clear enough. I'm assuming this is a crash but I'm
reporting this based having read the code only.
The faulty code is this:
if ((pcb->state == CLOSED) && (pcb->local_port != 0)) {
/* bound, not yet opened */
TCP_RMV(&tcp_bound_pcbs, pcb);
} else {
send_rst = reset;
local_port = pcb->local_port;
TCP_PCB_REMOVE_ACTIVE(pcb);
}
I'm not sure how relevant this is, but I suspect it can happen if you leave
around such a PCB and lwIP decides to recycle it for a new connection (through
tcp_kill_state).
Possible fix:
if (pcb->state == CLOSED) {
if (pcb->local_port != 0) {
/* bound, not yet opened */
TCP_RMV(&tcp_bound_pcbs, pcb);
}
} else {
send_rst = reset;
local_port = pcb->local_port;
TCP_PCB_REMOVE_ACTIVE(pcb);
}
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?48503>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
- [lwip-devel] [bug #48503] tcp_abandon() on CLOSED unbound PCB tries to remove it from tcp_active_pcbs,
Ambroz Bizjak <=