|
| From: | Brad Plant |
| Subject: | [lwip-devel] [bug #31903] Calling lwip_close() twice causes a null pointer deference |
| Date: | Fri, 17 Dec 2010 08:31:59 +0000 |
| User-agent: | Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US) AppleWebKit/534.7 (KHTML, like Gecko) Chrome/7.0.517.44 Safari/534.7 |
URL:
<http://savannah.nongnu.org/bugs/?31903>
Summary: Calling lwip_close() twice causes a null pointer
deference
Project: lwIP - A Lightweight TCP/IP stack
Submitted by: bplant
Submitted on: Fri Dec 17 08:31:58 2010
Category: sockets
Severity: 3 - Normal
Item Group: Crash Error
Status: None
Privacy: Public
Assigned to: None
Open/Closed: Open
Discussion Lock: Any
Planned Release:
lwIP version: 1.3.0
_______________________________________________________
Details:
Calling lwip_close() twice on a socket creates a race condition resulting in
a null pointer deference. This issue appears to be that the second call to
lwip_close() isn't aware that the socket has already been closed. The second
call might try and post to a mailbox just after netconn_free is called by the
first call resulting in a null pointer deference.
Yes, code shouldn't be trying to call lwip_close() twice. I am using a third
party web server that calls lwip_shutdown and then later calls lwip_close.
lwip_shutdown is mapped to lwip_close resulting in 2 calls to lwip_close.
_______________________________________________________
Reply to this item at:
<http://savannah.nongnu.org/bugs/?31903>
_______________________________________________
Message sent via/by Savannah
http://savannah.nongnu.org/
| [Prev in Thread] | Current Thread | [Next in Thread] |