[lwip-devel] [bug #24228] Memory Corruption with PPP and DHCP

lwip-devel

[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #24228] Memory Corruption with PPP and DHCP

From:	Christophe Arzounian
Subject:	[lwip-devel] [bug #24228] Memory Corruption with PPP and DHCP
Date:	Tue, 09 Sep 2008 13:24:41 +0000
User-agent:	Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 5.1; .NET CLR 1.1.4322; .NET CLR 1.0.3705; .NET CLR 2.0.50727)

URL:
  <http://savannah.nongnu.org/bugs/?24228>

                 Summary: Memory Corruption with PPP and DHCP
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: carzounian
            Submitted on: mar 09 sep 2008 13:24:38 GMT
                Category: None
                Severity: 3 - Normal
              Item Group: Crash Error
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: 
            lwIP version: 1.3.0

    _______________________________________________________

Details:

When using PPP with LWIP_DHCP flag set to ON, data situated after the static
structure "pppControl" (the PPP context) are corrupted when dhcp function
"dhcp_coarse_tmr" is executed. This function writes into the dhcp context
associated with the used netifs. For PPP the dhcp context has savagely been
mapped to the "addrs" structure of the ppp context (see below : line 1344 of
ppp.c), which is too small to contain all of the fields of a dhcp context. 

1342 #if LWIP_DHCP
1343       /* ugly workaround for storing a reference to the ppp  related
info*/
1345      pc->netif.dhcp = (struct dhcp *) &pc->addrs;
#endif /* LWIP_DHCP */

In my case, when the "dhcp_coarse_tmr" function writes to the "t1_timeout"
field of the dhcp context associated with the PPP netif, it destroys important
data located after the pppControl structure.


Suggested solutions : 

As I also use other netifs that need DHCP to be activated, I can not just set
LWIP_DHCP to OFF.

Suggestion 1 :
Why not set to NULL the dhcp poiter of the PPP netif ? Is there any need for
DHCP with the PPP netif ?
I did not try this solution - I am not confident enough about the answer to
this question.

Suggestion 2 :
When flag LWIP_DHCP is on, why not declare a structure ppp_dhcp inside
"struct PPPControl_s" and set pointer netif.dhcp of the PPP context to the
address of the ppp_dhcp structure instead of the address of the "addrs"
structure. 
This solution seems to work fine.








    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?24228>

_______________________________________________
  Message posté via/par Savannah
  http://savannah.nongnu.org/

[Prev in Thread]

Current Thread

[Next in Thread]

[lwip-devel] [bug #24228] Memory Corruption with PPP and DHCP, Christophe Arzounian <=

Prev by Date: [lwip-devel] [bug #24227] wrong error message in tcp_bind
Next by Date: [lwip-devel] Open source toolchain with LWIP
Previous by thread: [lwip-devel] [bug #24227] wrong error message in tcp_bind
Next by thread: [lwip-devel] Open source toolchain with LWIP
Index(es):
- Date
- Thread