|
From: | Rob Stedman |
Subject: | [lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/port connection state |
Date: | Tue, 27 Feb 2007 08:34:24 +0000 |
User-agent: | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) |
URL: <http://savannah.nongnu.org/bugs/?19162> Summary: lwip_sendto: possible to corrupt remote addr/port connection state Project: lwIP - A Lightweight TCP/IP stack Submitted by: robstedman1 Submitted on: Tuesday 27/02/07 at 08:34 Category: None Severity: 3 - Normal Item Group: Faulty Behaviour Status: None Privacy: Public Assigned to: None Open/Closed: Open Discussion Lock: Any _______________________________________________________ Details: lwip_sendto appears to work as a series of steps that should be atomic. 1 poll current connection state 2 force connect state supplied by caller using netconn_connect 3 send data with lwip_send 4 restore previous polled connection state I think there is a problem in that steps 1..4 may not be atomic in that there is no multithreading protection mechanism used. Could struct netconn be extended to include a lock()/unlock() semphore? My understaning is clients call lwip_xyx() functions which in turn call netconn_xyz() functions. These post messages to tcpip_thread() which actually 'does the work' before posting back to a netconn semaphore that the client caller waits on. This whole mechanism implies there's only one calling thread accessing a given netcon at any one instant. This may not be true. A netcon lock()/unlock() mechanism could be used to protect lwip from multithreaded access to the same netconn. _______________________________________________________ Reply to this item at: <http://savannah.nongnu.org/bugs/?19162> _______________________________________________ Message sent via/by Savannah http://savannah.nongnu.org/
[Prev in Thread] | Current Thread | [Next in Thread] |