[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
[lwip-devel] [bug #50424] Double free of http_state when post data enabl
From: |
Josh Green |
Subject: |
[lwip-devel] [bug #50424] Double free of http_state when post data enabled |
Date: |
Tue, 28 Feb 2017 19:30:39 -0500 (EST) |
User-agent: |
Mozilla/5.0 (X11; Linux x86_64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/56.0.2924.87 Safari/537.36 |
URL:
<http://savannah.nongnu.org/bugs/?50424>
Summary: Double free of http_state when post data enabled
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: jgreen
Submitted on: Tue 28 Feb 2017 04:30:38 PM PST
Category: None
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release: None
lwIP version: 2.0.0
_______________________________________________________
Details:
I'm getting double frees in the 2.0.1 httpd app. I've customized the code
somewhat to handle unknown custom file lengths (for dynamic POST data
responses), but I don't think this issue is related to those changes. This
worked fine with the HTTP server in lwIP 1.0.4.
In http_recv() http_post_rxpbuf() is called where the first call to http_eof()
occurs.
After returning from http_post_rxpbuf() the http_state should no longer be
used, but it is with the statement:
if (hs->post_content_len_left == 0)
http_send is then called, which calls http_eof() again, causing a double
free.
Attached are backtraces for both frees. Please note that line numbers will
not match stock 2.0.1 lwIP.
Also attached is my lwipopts.h header file.
_______________________________________________________
File Attachments:
-------------------------------------------------------
Date: Tue 28 Feb 2017 04:30:38 PM PST Name: lwIP-httpd-double-free.txt Size:
4kB By: jgreen
<http://savannah.nongnu.org/bugs/download.php?file_id=39857>
-------------------------------------------------------
Date: Tue 28 Feb 2017 04:30:38 PM PST Name: lwipopts.h Size: 2kB By:
jgreen
<http://savannah.nongnu.org/bugs/download.php?file_id=39858>
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?50424>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
[Prev in Thread] |
Current Thread |
[Next in Thread] |
- [lwip-devel] [bug #50424] Double free of http_state when post data enabled,
Josh Green <=