mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-11-18 20:10:53 +00:00
Code Issues Packages Projects Releases Wiki Activity

fixed bug #42299 tcp_abort() leaves freed pcb on tcp_bound_pcbs list

Browse Source
This commit is contained in:
Simon Goldschmidt 2014-09-02 20:59:00 +02:00
parent b0502d1f3b
commit 39caf630a9
2 changed files with 13 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
CHANGELOG
View File

@ -117,6 +117,9 @@ HISTORY
++ Bugfixes: ++ Bugfixes:
2014-09-02: Simon Goldschmidt
* tcp.c: fixed bug #42299 tcp_abort() leaves freed pcb on tcp_bound_pcbs list
2014-08-20: Simon Goldschmidt 2014-08-20: Simon Goldschmidt
* dns.c: fixed bug #42987 lwIP is vulnerable to DNS cache poisoning due to * dns.c: fixed bug #42987 lwIP is vulnerable to DNS cache poisoning due to
non-randomized TXIDs non-randomized TXIDs

7
src/core/tcp.c
View File

@ -382,7 +382,12 @@ tcp_abandon(struct tcp_pcb *pcb, int reset)
errf = pcb->errf; errf = pcb->errf;
#endif /* LWIP_CALLBACK_API */ #endif /* LWIP_CALLBACK_API */
errf_arg = pcb->callback_arg; errf_arg = pcb->callback_arg;
if ((pcb->state == CLOSED) && (pcb->local_port != 0)) {
/* bound, not yet opened */
TCP_RMV(&tcp_bound_pcbs, pcb);
} else {
TCP_PCB_REMOVE_ACTIVE(pcb); TCP_PCB_REMOVE_ACTIVE(pcb);
}
if (pcb->unacked != NULL) { if (pcb->unacked != NULL) {
tcp_segs_free(pcb->unacked); tcp_segs_free(pcb->unacked);
} }
@ -1652,6 +1657,8 @@ tcp_pcb_remove(struct tcp_pcb **pcblist, struct tcp_pcb *pcb)
} }
pcb->state = CLOSED; pcb->state = CLOSED;
/* reset the local port to prevent the pcb from being 'bound' */
pcb->local_port = 0;
LWIP_ASSERT("tcp_pcb_remove: tcp_pcbs_sane()", tcp_pcbs_sane()); LWIP_ASSERT("tcp_pcb_remove: tcp_pcbs_sane()", tcp_pcbs_sane());
} }