[ros-diffs] [cmihail] 52385: [lwIP] Fix the nasty crash on socket closure bug. The bug was due to corrupting memory by wrongly assuming the LISTEN pcb had send, receive and error callbacks.

cmihail at svn.reactos.org cmihail at svn.reactos.org
Mon Jun 20 14:49:59 UTC 2011 

Author: cmihail
Date: Mon Jun 20 14:49:58 2011
New Revision: 52385

URL: http://svn.reactos.org/svn/reactos?rev=52385&view=rev
Log:
[lwIP]
Fix the nasty crash on socket closure bug. The bug was due to corrupting memory by wrongly assuming the LISTEN pcb had send, receive and error callbacks.

Modified:
    branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c

Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c
URL: http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c?rev=52385&r1=52384&r2=52385&view=diff
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c [iso-8859-1] (original)
+++ branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c [iso-8859-1] Mon Jun 20 14:49:58 2011
@@ -330,20 +330,16 @@
 LibTCPListenCallback(void *arg)
 {
     struct listen_callback_msg *msg = arg;
-    void *p;
     
     ASSERT(msg);
 
     DbgPrint("[lwIP, LibTCPListenCallback] Called\n");
-    
-    p = msg->Pcb->callback_arg;
+
     msg->NewPcb = tcp_listen_with_backlog(msg->Pcb, msg->Backlog);
     
     if (msg->NewPcb)
     {
-        tcp_arg(msg->NewPcb, p);
         tcp_accept(msg->NewPcb, InternalAcceptEventHandler);
-        tcp_err(msg->NewPcb, InternalErrorEventHandler);
     }
 
     DbgPrint("[lwIP, LibTCPListenCallback] Done\n");
@@ -641,9 +637,18 @@
     DbgPrint("[lwIP, LibTCPClose] pcb->state = %s\n", tcp_state_str[pcb->state]);
 
     tcp_arg(pcb, NULL);
-    tcp_recv(pcb, NULL);
-    tcp_sent(pcb, NULL);
-    tcp_err(pcb, NULL);
+
+    /*  
+        if this pcb is not in LISTEN state than it has
+        valid recv, send and err callbacks to cancel
+    */
+    if (pcb->state != LISTEN)
+    {
+        tcp_recv(pcb, NULL);
+        tcp_sent(pcb, NULL);
+        tcp_err(pcb, NULL);
+    }
+
     tcp_accept(pcb, NULL);
 
     DbgPrint("[lwIP, LibTCPClose] Attempting to allocate memory for msg\n");

More information about the Ros-diffs mailing list