From 362a295e0693d30c086e69425d60213ac769a396 Mon Sep 17 00:00:00 2001 From: goldsimon Date: Sun, 23 Aug 2009 11:32:38 +0000 Subject: [PATCH] Fixed bug #27252: Address pointer invalid after freeing pbuf in UDP receive callback --- CHANGELOG | 4 ++++ src/core/udp.c | 4 +++- 2 files changed, 7 insertions(+), 1 deletion(-) diff --git a/CHANGELOG b/CHANGELOG index 53a852c4..5cb5bde3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -25,6 +25,10 @@ HISTORY ++ Bugfixes: + 2009-08-23 Simon Goldschmidt + * udp.c: bug #27252: Address pointer invalid after freeing pbuf in UDP + receive callback + 2009-08-23 Simon Goldschmidt * many ppp files: bug #27267: Added include to string.h where needed diff --git a/src/core/udp.c b/src/core/udp.c index d8d644d4..b884d755 100644 --- a/src/core/udp.c +++ b/src/core/udp.c @@ -281,8 +281,10 @@ udp_input(struct pbuf *p, struct netif *inp) snmp_inc_udpindatagrams(); /* callback */ if (pcb->recv != NULL) { + /* copy the source address to make it independent of the pbuf */ + struct ip_addr src_addr = iphdr->src; /* now the recv function is responsible for freeing p */ - pcb->recv(pcb->recv_arg, pcb, p, &(iphdr->src), src); + pcb->recv(pcb->recv_arg, pcb, p, &src_addr, src); } else { /* no recv function registered? then we have to free the pbuf! */ pbuf_free(p);