|
| From: | Rob Stedman |
| Subject: | [lwip-devel] [bug #19162] lwip_sendto: possible to corrupt remote addr/port connection state |
| Date: | Tue, 27 Feb 2007 08:34:24 +0000 |
| User-agent: | Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 5.1; SV1; .NET CLR 1.1.4322; .NET CLR 2.0.50727) |
URL:
<http://savannah.nongnu.org/bugs/?19162>
Summary: lwip_sendto: possible to corrupt remote addr/port
connection state
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: robstedman1
Submitted on: Tuesday 27/02/07 at 08:34
Category: None
Severity: 3 - Normal
Item Group: Faulty Behaviour
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
_______________________________________________________
Details:
lwip_sendto appears to work as a series of steps that should be atomic.
1 poll current connection state
2 force connect state supplied by caller using netconn_connect
3 send data with lwip_send
4 restore previous polled connection state
I think there is a problem in that steps 1..4 may not be atomic in that there
is no multithreading protection mechanism used.
Could struct netconn be extended to include a lock()/unlock() semphore?
My understaning is clients call lwip_xyx() functions which in turn call
netconn_xyz() functions. These post messages to tcpip_thread() which
actually 'does the work' before posting back to a netconn semaphore that the
client caller waits on.
This whole mechanism implies there's only one calling thread accessing a
given netcon at any one instant. This may not be true. A netcon
lock()/unlock() mechanism could be used to protect lwip from multithreaded
access to the same netconn.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?19162>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |