From 9a95c2ff0803e463dc020daa36e57b9bc8175ddb Mon Sep 17 00:00:00 2001 From: goldsimon Date: Sat, 11 Feb 2012 18:15:17 +0100 Subject: [PATCH] fixed bug #35435: No pcb state check before adding it to time-wait queue while closing --- CHANGELOG | 4 ++++ src/core/tcp.c | 17 +++++++++-------- 2 files changed, 13 insertions(+), 8 deletions(-) diff --git a/CHANGELOG b/CHANGELOG index 5e935d19..03ac6ab3 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -76,6 +76,10 @@ HISTORY ++ Bugfixes: + 2012-02-11: Simon Goldschmidt + * tcp.c: fixed bug #35435: No pcb state check before adding it to time-wait + queue while closing + 2012-01-22: Simon Goldschmidt * tcp.c, tcp_in.c: fixed bug #35305: pcb may be freed too early on shutdown(WR) diff --git a/src/core/tcp.c b/src/core/tcp.c index 9adba7cb..3bcd41a3 100644 --- a/src/core/tcp.c +++ b/src/core/tcp.c @@ -174,7 +174,7 @@ tcp_close_shutdown(struct tcp_pcb *pcb, u8_t rst_on_unacked_data) { err_t err; - if (rst_on_unacked_data && (pcb->state != LISTEN)) { + if (rst_on_unacked_data && ((pcb->state == ESTABLISHED) || (pcb->state == CLOSE_WAIT))) { if ((pcb->refused_data != NULL) || (pcb->rcv_wnd != TCP_WND)) { /* Not all data received by application, send RST to tell the remote side about this. */ @@ -186,14 +186,15 @@ tcp_close_shutdown(struct tcp_pcb *pcb, u8_t rst_on_unacked_data) pcb->local_port, pcb->remote_port, PCB_ISIPV6(pcb)); tcp_pcb_purge(pcb); - - /* TODO: to which state do we move now? */ - - /* move to TIME_WAIT since we close actively */ TCP_RMV_ACTIVE(pcb); - pcb->state = TIME_WAIT; - TCP_REG(&tcp_tw_pcbs, pcb); - + if (pcb->state == ESTABLISHED) { + /* move to TIME_WAIT since we close actively */ + pcb->state = TIME_WAIT; + TCP_REG(&tcp_tw_pcbs, pcb); + } else { + /* CLOSE_WAIT: deallocate the pcb since we already sent a RST for it */ + memp_free(MEMP_TCP_PCB, pcb); + } return ERR_OK; } }