[lwip-devel] [bug #51379] Sockets: prevent select_waiting overflow

[Joan Lledó]

URL:
  <http://savannah.nongnu.org/bugs/?51379>

                 Summary: Sockets: prevent select_waiting overflow
                 Project: lwIP - A Lightweight TCP/IP stack
            Submitted by: jllledo
            Submitted on: Tue 04 Jul 2017 12:49:32 PM CEST
                Category: sockets/netconn
                Severity: 3 - Normal
              Item Group: None
                  Status: None
                 Privacy: Public
             Assigned to: None
             Open/Closed: Open
         Discussion Lock: Any
         Planned Release: None
            lwIP version: git head

    _______________________________________________________

Details:

>From the mailing list:
-------------------------

I'm having an overflow in my select_waiting due to a bug, and the
assertion "sock->select_waiting > 0" is failing and aborting the
stack.

Would it not be better to use LWIP_ERROR instead of LWIP_ASSERT?, to
allow the user to return gracefully with a proper errno. The current
assertion could be used in a DoS attack to abort the stack from a
client.

--------------------------

I don't know if this can be solved by just using LWIP_ERROR, because I don't
know the effects this may have on the FULL_DUPLEX thread handling... anyway,
attached is a patch that uses LWIP_ERROR.



    _______________________________________________________

File Attachments:


-------------------------------------------------------
Date: Tue 04 Jul 2017 12:49:32 PM CEST  Name:
0001-Sockets-prevent-select_waiting-overflow.patch  Size: 1kB   By: jllledo

<http://savannah.nongnu.org/bugs/download.php?file_id=41117>

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?51379>

_______________________________________________
  Message sent via/by Savannah
  http://savannah.nongnu.org/