|
From: | Brad Plant |
Subject: | [lwip-devel] [bug #31903] Calling lwip_close() twice causes a null pointer deference |
Date: | Fri, 17 Dec 2010 08:31:59 +0000 |
User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 |
URL: <http://savannah.nongnu.org/bugs/?31903> Summary: Calling lwip_close() twice causes a null pointer deference Project: lwIP - A Lightweight TCP/IP stack Submitted by: bplant Submitted on: Fri Dec 17 08:31:58 2010 Category: sockets Severity: 3 - Normal Item Group: Crash Error Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any Planned Release: lwIP version: 1.3.0 _______________________________________________________ Details: Calling lwip_close() twice on a socket creates a race condition resulting in a null pointer deference. This issue appears to be that the second call to lwip_close() isn't aware that the socket has already been closed. The second call might try and post to a mailbox just after netconn_free is called by the first call resulting in a null pointer deference. Yes, code shouldn't be trying to call lwip_close() twice. I am using a third party web server that calls lwip_shutdown and then later calls lwip_close. lwip_shutdown is mapped to lwip_close resulting in 2 calls to lwip_close. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?31903> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |