mirror/lwip
1
0
Fork 0
mirror of https://github.com/lwip-tcpip/lwip.git synced 2024-10-05 22:29:49 +00:00
Code Issues Packages Projects Releases Wiki Activity

PPP, PPPoS, fix dereference of uninitialised pppos->in_head pointer

Browse Source 
When I create a new PPP connection, I am seeing a hardfault (segfault)
coming from pbuf_free.

I traced the problem to an invalid in_head field of the pppos_pcb structure.
The field is invalid because the memory is never cleared to zero after the
pppos_pcb structure is created in pppos_create().

I was able to fix the issue by adding a memset after the memp_malloc call.

Signed-off-by: Sylvain Rochet <gradator@gradator.net>
This commit is contained in:
Wayne Uroda 2016-01-20 20:50:08 +01:00 committed by Sylvain Rochet
parent 96373f6959
commit 52463fa25b
1 changed files with 1 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

1
src/netif/ppp/pppos.c
View File

@ -184,6 +184,7 @@ ppp_pcb *pppos_create(struct netif *pppif, pppos_output_cb_fn output_cb,
return NULL;
}
memset(pppos, 0, sizeof(pppos_pcb));
pppos->ppp = ppp;
pppos->output_cb = output_cb;
return ppp;