[Top][All Lists]

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/p

From: Rob Stedman
Subject: [lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/port connection state
Date: Tue, 27 Feb 2007 08:34:24 +0000
User-agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727)


                 Summary: lwip_sendto: possible to corrupt remote addr/port
connection state
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: robstedman1
            Submitted on: Tuesday 27/02/07 at 08:34
                Category: None
                Severity: 3 - Normal
              Item Group: Faulty Behaviour
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any



lwip_sendto appears to work as a series of steps that should be atomic.

1 poll current connection state
2 force connect state supplied by caller using netconn_connect
3 send data with lwip_send
4 restore previous polled connection state

I think there is a problem in that steps 1..4 may not be atomic in that there
is no multithreading protection mechanism used.

Could struct netconn be extended to include a lock()/unlock() semphore? 

My understaning is clients call lwip_xyx() functions which in turn call
netconn_xyz() functions.  These post messages to tcpip_thread() which
actually 'does the work' before posting back to a netconn semaphore that the
client caller waits on.

This whole mechanism implies there's only one calling thread accessing a
given netcon at any one instant.  This may not be true.  A netcon
lock()/unlock() mechanism could be used to protect lwip from multithreaded
access to the same netconn. 


Reply to this item at:


  Message sent via/by Savannah

reply via email to

[Prev in Thread] Current Thread [Next in Thread]