mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-01 04:12:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Fixed bug #32926 (TCP_RMV(&tcp_bound_pcbs) is called on unbound tcp pcbs) by checking if the pcb was bound (local_port != 0).

Browse Source
This commit is contained in:
goldsimon 2011-03-27 17:12:26 +00:00
parent b5dd87b184
commit 11b1c9f19f
2 changed files with 15 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
CHANGELOG
View File

@ -237,6 +237,10 @@ HISTORY
++ Bugfixes: ++ Bugfixes:
2011-03-27: Simon Goldschmidt
* tcp.c: Fixed bug #32926 (TCP_RMV(&tcp_bound_pcbs) is called on unbound tcp
pcbs) by checking if the pcb was bound (local_port != 0).
2011-03-27: Simon Goldschmidt 2011-03-27: Simon Goldschmidt
* ppp.c: Fixed bug #32280 (ppp: a pbuf is freed twice) * ppp.c: Fixed bug #32280 (ppp: a pbuf is freed twice)

14
src/core/tcp.c
View File

@ -173,7 +173,9 @@ tcp_close_shutdown(struct tcp_pcb *pcb, u8_t rst_on_unacked_data)
* is erroneous, but this should never happen as the pcb has in those cases * is erroneous, but this should never happen as the pcb has in those cases
* been freed, and so any remaining handles are bogus. */ * been freed, and so any remaining handles are bogus. */
err = ERR_OK; err = ERR_OK;
TCP_RMV(&tcp_bound_pcbs, pcb); if (pcb->local_port != 0) {
TCP_RMV(&tcp_bound_pcbs, pcb);
}
memp_free(MEMP_TCP_PCB, pcb); memp_free(MEMP_TCP_PCB, pcb);
pcb = NULL; pcb = NULL;
break; break;
@ -517,7 +519,9 @@ tcp_listen_with_backlog(struct tcp_pcb *pcb, u8_t backlog)
lpcb->ttl = pcb->ttl; lpcb->ttl = pcb->ttl;
lpcb->tos = pcb->tos; lpcb->tos = pcb->tos;
ip_addr_copy(lpcb->local_ip, pcb->local_ip); ip_addr_copy(lpcb->local_ip, pcb->local_ip);
TCP_RMV(&tcp_bound_pcbs, pcb); if (pcb->local_port != 0) {
TCP_RMV(&tcp_bound_pcbs, pcb);
}
memp_free(MEMP_TCP_PCB, pcb); memp_free(MEMP_TCP_PCB, pcb);
#if LWIP_CALLBACK_API #if LWIP_CALLBACK_API
lpcb->accept = tcp_accept_null; lpcb->accept = tcp_accept_null;
@ -645,6 +649,7 @@ tcp_connect(struct tcp_pcb *pcb, ip_addr_t *ipaddr, u16_t port,
{ {
err_t ret; err_t ret;
u32_t iss; u32_t iss;
u16_t old_local_port;
LWIP_ERROR("tcp_connect: can only connect from state CLOSED", pcb->state == CLOSED, return ERR_ISCONN); LWIP_ERROR("tcp_connect: can only connect from state CLOSED", pcb->state == CLOSED, return ERR_ISCONN);
@ -669,6 +674,7 @@ tcp_connect(struct tcp_pcb *pcb, ip_addr_t *ipaddr, u16_t port,
ip_addr_copy(pcb->local_ip, netif->ip_addr); ip_addr_copy(pcb->local_ip, netif->ip_addr);
} }
old_local_port = pcb->local_port;
if (pcb->local_port == 0) { if (pcb->local_port == 0) {
pcb->local_port = tcp_new_port(); pcb->local_port = tcp_new_port();
} }
@ -720,7 +726,9 @@ tcp_connect(struct tcp_pcb *pcb, ip_addr_t *ipaddr, u16_t port,
if (ret == ERR_OK) { if (ret == ERR_OK) {
/* SYN segment was enqueued, changed the pcbs state now */ /* SYN segment was enqueued, changed the pcbs state now */
pcb->state = SYN_SENT; pcb->state = SYN_SENT;
TCP_RMV(&tcp_bound_pcbs, pcb); if (old_local_port != 0) {
TCP_RMV(&tcp_bound_pcbs, pcb);
}
TCP_REG(&tcp_active_pcbs, pcb); TCP_REG(&tcp_active_pcbs, pcb);
snmp_inc_tcpactiveopens(); snmp_inc_tcpactiveopens();