[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/p
[lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/port connection state
Tue, 27 Feb 2007 08:34:24 +0000
Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)
Summary: lwip_sendto: possible to corrupt remote addr/port
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: robstedman1
Submitted on: Tuesday 27/02/07 at 08:34
Severity: 3 - Normal
Item Group: Faulty Behaviour
Assigned to: None
Discussion Lock: Any
lwip_sendto appears to work as a series of steps that should be atomic.
1 poll current connection state
2 force connect state supplied by caller using netconn_connect
3 send data with lwip_send
4 restore previous polled connection state
I think there is a problem in that steps 1..4 may not be atomic in that there
is no multithreading protection mechanism used.
Could struct netconn be extended to include a lock()/unlock() semphore?
My understaning is clients call lwip_xyx() functions which in turn call
netconn_xyz() functions. These post messages to tcpip_thread() which
actually 'does the work' before posting back to a netconn semaphore that the
client caller waits on.
This whole mechanism implies there's only one calling thread accessing a
given netcon at any one instant. This may not be true. A netcon
lock()/unlock() mechanism could be used to protect lwip from multithreaded
access to the same netconn.
Reply to this item at:
Message sent via/by Savannah
- [lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/port connection state,
Rob Stedman <=