diff --git a/CHANGELOG b/CHANGELOG index dbed662e..b3f6890f 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -80,6 +80,17 @@ HISTORY ++ Bugfixes: + 2012-08-13: Simon Goldschmidt + * dhcp.c: fixed bug #36645: Calling dhcp_release before dhcp_start + dereferences NULL + + 2012-08-13: Simon Goldschmidt + * msg_out.c: fixed bug #36840 snmp_send_trap() NULL de-reference if traps + configured but no interfaces available + + 2012-08-13: Simon Goldschmidt + * dns.c: fixed bug #36899 DNS TTL 0 is cached for a long time + 2012-05-11: Simon Goldschmidt (patch by Marty) * memp.c: fixed bug #36412: memp.c does not compile when MEMP_OVERFLOW_CHECK > zero and MEMP_SEPARATE_POOLS == 1 diff --git a/src/api/api_msg.c b/src/api/api_msg.c index 7ec9cfba..8b6286d9 100644 --- a/src/api/api_msg.c +++ b/src/api/api_msg.c @@ -579,10 +579,7 @@ netconn_alloc(enum netconn_type t, netconn_callback callback) conn->type = t; conn->pcb.tcp = NULL; -#if (DEFAULT_RAW_RECVMBOX_SIZE == DEFAULT_UDP_RECVMBOX_SIZE) && \ - (DEFAULT_RAW_RECVMBOX_SIZE == DEFAULT_TCP_RECVMBOX_SIZE) - size = DEFAULT_RAW_RECVMBOX_SIZE; -#else + /* If all sizes are the same, every compiler should optimize this switch to nothing, */ switch(NETCONNTYPE_GROUP(t)) { #if LWIP_RAW case NETCONN_RAW: @@ -603,7 +600,6 @@ netconn_alloc(enum netconn_type t, netconn_callback callback) LWIP_ASSERT("netconn_alloc: undefined netconn_type", 0); goto free_and_return; } -#endif if (sys_sem_new(&conn->op_completed, 0) != ERR_OK) { goto free_and_return; diff --git a/src/core/dhcp.c b/src/core/dhcp.c index 614fa324..f0f594f1 100644 --- a/src/core/dhcp.c +++ b/src/core/dhcp.c @@ -1164,6 +1164,9 @@ dhcp_release(struct netif *netif) err_t result; u16_t msecs; LWIP_DEBUGF(DHCP_DEBUG | LWIP_DBG_TRACE, ("dhcp_release()\n")); + if (dhcp == NULL) { + return ERR_ARG; + } /* idle DHCP client */ dhcp_set_state(dhcp, DHCP_OFF); @@ -1693,7 +1696,7 @@ dhcp_create_msg(struct netif *netif, struct dhcp *dhcp, u8_t message_type) ip_addr_set_zero(&dhcp->msg_out->giaddr); for (i = 0; i < DHCP_CHADDR_LEN; i++) { /* copy netif hardware address, pad with zeroes */ - dhcp->msg_out->chaddr[i] = (i < netif->hwaddr_len) ? netif->hwaddr[i] : 0/* pad byte*/; + dhcp->msg_out->chaddr[i] = (i < netif->hwaddr_len && i < NETIF_MAX_HWADDR_LEN) ? netif->hwaddr[i] : 0/* pad byte*/; } for (i = 0; i < DHCP_SNAME_LEN; i++) { dhcp->msg_out->sname[i] = 0; diff --git a/src/core/dns.c b/src/core/dns.c index d6336122..788df715 100644 --- a/src/core/dns.c +++ b/src/core/dns.c @@ -694,7 +694,7 @@ dns_check_entry(u8_t i) case DNS_STATE_DONE: { /* if the time to live is nul */ - if (--pEntry->ttl == 0) { + if ((pEntry->ttl == 0) || (--pEntry->ttl == 0)) { LWIP_DEBUGF(DNS_DEBUG, ("dns_check_entry: \"%s\": flush\n", pEntry->name)); /* flush this entry */ pEntry->state = DNS_STATE_UNUSED; @@ -816,6 +816,13 @@ dns_recv(void *arg, struct udp_pcb *pcb, struct pbuf *p, ip_addr_t *addr, u16_t if (pEntry->found) { (*pEntry->found)(pEntry->name, &pEntry->ipaddr, pEntry->arg); } + if (pEntry->ttl == 0) { + /* RFC 883, page 29: "Zero values are + interpreted to mean that the RR can only be used for the + transaction in progress, and should not be cached." + -> flush this entry now */ + goto flushentry; + } /* deallocate memory and return */ goto memerr; } else { @@ -838,6 +845,7 @@ responseerr: if (pEntry->found) { (*pEntry->found)(pEntry->name, NULL, pEntry->arg); } +flushentry: /* flush this entry */ pEntry->state = DNS_STATE_UNUSED; pEntry->found = NULL; diff --git a/src/core/netif.c b/src/core/netif.c index 90bbff48..f8133f76 100644 --- a/src/core/netif.c +++ b/src/core/netif.c @@ -84,6 +84,10 @@ struct netif *netif_default; static u8_t netif_num; +#if LWIP_IPV6 +static err_t netif_null_output_ip6(struct netif *netif, struct pbuf *p, ip6_addr_t *ipaddr); +#endif /* LWIP_IPV6 */ + #if LWIP_HAVE_LOOPIF static struct netif loop_netif; @@ -161,6 +165,7 @@ netif_add(struct netif *netif, ip_addr_t *ipaddr, ip_addr_t *netmask, ip6_addr_set_zero(&netif->ip6_addr[i]); netif_ip6_addr_set_state(netif, i, IP6_ADDR_INVALID); } + netif->output_ip6 = netif_null_output_ip6; #endif /* LWIP_IPV6 */ netif->flags = 0; #if LWIP_DHCP @@ -878,4 +883,14 @@ netif_create_ip6_linklocal_address(struct netif * netif, u8_t from_mac_48bit) netif->ip6_addr_state[0] = IP6_ADDR_PREFERRED; #endif /* LWIP_IPV6_AUTOCONFIG */ } + +static err_t +netif_null_output_ip6(struct netif *netif, struct pbuf *p, ip6_addr_t *ipaddr) +{ + (void)netif; + (void)p; + (void)ipaddr; + + return ERR_IF; +} #endif /* LWIP_IPV6 */ diff --git a/src/core/snmp/msg_out.c b/src/core/snmp/msg_out.c index 485f076a..fc0807c5 100644 --- a/src/core/snmp/msg_out.c +++ b/src/core/snmp/msg_out.c @@ -217,6 +217,7 @@ snmp_send_trap(s8_t generic_trap, struct snmp_obj_id *eoid, s32_t specific_trap) ip_addr_t dst_ip; struct pbuf *p; u16_t i,tot_len; + err_t err = ERR_OK; for (i=0, td = &trap_dst[0]; idip); /* lookup current source address for this dst */ dst_if = ip_route(&td->dip); - ip_addr_copy(dst_ip, dst_if->ip_addr); - /* @todo: what about IPv6? */ - trap_msg.sip_raw[0] = ip4_addr1(&dst_ip); - trap_msg.sip_raw[1] = ip4_addr2(&dst_ip); - trap_msg.sip_raw[2] = ip4_addr3(&dst_ip); - trap_msg.sip_raw[3] = ip4_addr4(&dst_ip); - trap_msg.gen_trap = generic_trap; - trap_msg.spc_trap = specific_trap; - if (generic_trap == SNMP_GENTRAP_ENTERPRISESPC) - { - /* enterprise-Specific trap */ - trap_msg.enterprise = eoid; - } - else - { - /* generic (MIB-II) trap */ - snmp_get_snmpgrpid_ptr(&trap_msg.enterprise); - } - snmp_get_sysuptime(&trap_msg.ts); + if (dst_if != NULL) { + ip_addr_copy(dst_ip, dst_if->ip_addr); + /* @todo: what about IPv6? */ + trap_msg.sip_raw[0] = ip4_addr1(&dst_ip); + trap_msg.sip_raw[1] = ip4_addr2(&dst_ip); + trap_msg.sip_raw[2] = ip4_addr3(&dst_ip); + trap_msg.sip_raw[3] = ip4_addr4(&dst_ip); + trap_msg.gen_trap = generic_trap; + trap_msg.spc_trap = specific_trap; + if (generic_trap == SNMP_GENTRAP_ENTERPRISESPC) + { + /* enterprise-Specific trap */ + trap_msg.enterprise = eoid; + } + else + { + /* generic (MIB-II) trap */ + snmp_get_snmpgrpid_ptr(&trap_msg.enterprise); + } + snmp_get_sysuptime(&trap_msg.ts); - /* pass 0, calculate length fields */ - tot_len = snmp_varbind_list_sum(&trap_msg.outvb); - tot_len = snmp_trap_header_sum(&trap_msg, tot_len); + /* pass 0, calculate length fields */ + tot_len = snmp_varbind_list_sum(&trap_msg.outvb); + tot_len = snmp_trap_header_sum(&trap_msg, tot_len); - /* allocate pbuf(s) */ - p = pbuf_alloc(PBUF_TRANSPORT, tot_len, PBUF_POOL); - if (p != NULL) - { - u16_t ofs; + /* allocate pbuf(s) */ + p = pbuf_alloc(PBUF_TRANSPORT, tot_len, PBUF_POOL); + if (p != NULL) + { + u16_t ofs; - /* pass 1, encode packet ino the pbuf(s) */ - ofs = snmp_trap_header_enc(&trap_msg, p); - snmp_varbind_list_enc(&trap_msg.outvb, p, ofs); + /* pass 1, encode packet ino the pbuf(s) */ + ofs = snmp_trap_header_enc(&trap_msg, p); + snmp_varbind_list_enc(&trap_msg.outvb, p, ofs); - snmp_inc_snmpouttraps(); - snmp_inc_snmpoutpkts(); + snmp_inc_snmpouttraps(); + snmp_inc_snmpoutpkts(); - /** send to the TRAP destination */ - udp_sendto(trap_msg.pcb, p, &trap_msg.dip, SNMP_TRAP_PORT); + /** send to the TRAP destination */ + udp_sendto(trap_msg.pcb, p, &trap_msg.dip, SNMP_TRAP_PORT); - pbuf_free(p); - } - else - { - return ERR_MEM; + pbuf_free(p); + } else { + err = ERR_MEM; + } + } else { + /* routing error */ + err = ERR_RTE; } } } - return ERR_OK; + return err; } void