diff --git a/CHANGELOG b/CHANGELOG index bd1c39c6..ea0c25c1 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -247,6 +247,10 @@ HISTORY ++ Bug fixes: + 2007-07-24 Simon Goldschmidt + * api_msg.c, tcp.c: Fix bug #20480: Check the pcb passed to tcp_listen() for the + correct state (must be CLOSED). + 2007-07-13 Thomas Taranowski (commited by Jared Grubb) * memp.c: Fix bug #20478: memp_malloc returned NULL+MEMP_SIZE on failed allocation. It now returns NULL. diff --git a/src/api/api_msg.c b/src/api/api_msg.c index 0a32e425..ad49e90f 100644 --- a/src/api/api_msg.c +++ b/src/api/api_msg.c @@ -669,20 +669,24 @@ do_listen(struct api_msg_msg *msg) if (msg->conn->err == ERR_OK) { if (msg->conn->pcb.tcp != NULL) { if (msg->conn->type == NETCONN_TCP) { - struct tcp_pcb* lpcb = tcp_listen(msg->conn->pcb.tcp); - if (lpcb == NULL) { - msg->conn->err = ERR_MEM; - } else { - if (msg->conn->acceptmbox == SYS_MBOX_NULL) { - if ((msg->conn->acceptmbox = sys_mbox_new()) == SYS_MBOX_NULL) { - msg->conn->err = ERR_MEM; + if (msg->conn->pcb.tcp->state == CLOSED) { + struct tcp_pcb* lpcb = tcp_listen(msg->conn->pcb.tcp); + if (lpcb == NULL) { + msg->conn->err = ERR_MEM; + } else { + if (msg->conn->acceptmbox == SYS_MBOX_NULL) { + if ((msg->conn->acceptmbox = sys_mbox_new()) == SYS_MBOX_NULL) { + msg->conn->err = ERR_MEM; + } + } + if (msg->conn->err == ERR_OK) { + msg->conn->pcb.tcp = lpcb; + tcp_arg(msg->conn->pcb.tcp, msg->conn); + tcp_accept(msg->conn->pcb.tcp, accept_function); } } - if (msg->conn->err == ERR_OK) { - msg->conn->pcb.tcp = lpcb; - tcp_arg(msg->conn->pcb.tcp, msg->conn); - tcp_accept(msg->conn->pcb.tcp, accept_function); - } + } else { + msg->conn->err = ERR_CONN; } } } diff --git a/src/core/tcp.c b/src/core/tcp.c index 7df02332..15055a47 100644 --- a/src/core/tcp.c +++ b/src/core/tcp.c @@ -343,6 +343,8 @@ tcp_listen(struct tcp_pcb *pcb) { struct tcp_pcb_listen *lpcb; + LWIP_ERROR("pcb not already connected", pcb->state == CLOSED, return NULL); + /* already listening? */ if (pcb->state == LISTEN) { return pcb;