mirror of
https://github.com/lwip-tcpip/lwip.git
synced 2024-10-04 05:39:53 +00:00
PPP, PPPoS: fix memory leak when disconnecting if there are remaining input bytes
Art says: pppos_input() can call ppp_input() which can call pppos_disconnect() to disconnect the interface. However, it will continue to read in characters and allocate a pbuf from the PBUF_POOL and keep it in pppos->in_head and in_tail. When a re-connect happens and pppos_connect() is called, this pppos->in_head and in_tail are zeroed, hence a memory leak. (This happens with PPP_INPROC_IRQ_SAFE not defined.) A fix would be inside pppos_input() to break out of the loop inputting characters after calling ppp_input() if pppos->open == 0. Note that the loop is not even entered if pppos->open == 0. ppp_input(ppp, inp); if(pppos->open == 0) //get out if they disconnected break; Fix it in a similar way which doesn't add new code by moving the existing pppos->open check inside the byte loop.
This commit is contained in:
parent
4bbed75cc4
commit
bcaf2f08aa
@ -471,18 +471,20 @@ pppos_input(ppp_pcb *ppp, u8_t *s, int l)
|
||||
u8_t escaped;
|
||||
PPPOS_DECL_PROTECT(lev);
|
||||
|
||||
PPPOS_PROTECT(lev);
|
||||
if (!pppos->open) {
|
||||
PPPOS_UNPROTECT(lev);
|
||||
return;
|
||||
}
|
||||
PPPOS_UNPROTECT(lev);
|
||||
|
||||
PPPDEBUG(LOG_DEBUG, ("pppos_input[%d]: got %d bytes\n", ppp->netif->num, l));
|
||||
while (l-- > 0) {
|
||||
cur_char = *s++;
|
||||
|
||||
PPPOS_PROTECT(lev);
|
||||
/* ppp_input can disconnect the interface, we need to abort to prevent a memory
|
||||
* leak if there are remaining bytes because pppos_connect and pppos_listen
|
||||
* functions expect input buffer to be free. Furthermore there are no real
|
||||
* reason to continue reading bytes if we are disconnected.
|
||||
*/
|
||||
if (!pppos->open) {
|
||||
PPPOS_UNPROTECT(lev);
|
||||
return;
|
||||
}
|
||||
escaped = ESCAPE_P(pppos->in_accm, cur_char);
|
||||
PPPOS_UNPROTECT(lev);
|
||||
/* Handle special characters. */
|
||||
|
Loading…
Reference in New Issue
Block a user