Author: cmihail
Date: Mon Jun 20 14:49:58 2011
New Revision: 52385
URL: http://svn.reactos.org/svn/reactos?rev=52385&view=rev
Log:
[lwIP]
Fix the nasty crash on socket closure bug. The bug was due to corrupting memory
by wrongly assuming the LISTEN pcb had send, receive and error callbacks.
Modified:
branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c
Modified: branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c
URL:
http://svn.reactos.org/svn/reactos/branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c?rev=52385&r1=52384&r2=52385&view=diff
==============================================================================
--- branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c [iso-8859-1]
(original)
+++ branches/GSoC_2011/TcpIpDriver/lib/drivers/lwip/src/rostcp.c [iso-8859-1]
Mon Jun 20 14:49:58 2011
@@ -330,20 +330,16 @@
LibTCPListenCallback(void *arg)
{
struct listen_callback_msg *msg = arg;
- void *p;
ASSERT(msg);
DbgPrint("[lwIP, LibTCPListenCallback] Called\n");
-
- p = msg->Pcb->callback_arg;
+
msg->NewPcb = tcp_listen_with_backlog(msg->Pcb, msg->Backlog);
if (msg->NewPcb)
{
- tcp_arg(msg->NewPcb, p);
tcp_accept(msg->NewPcb, InternalAcceptEventHandler);
- tcp_err(msg->NewPcb, InternalErrorEventHandler);
}
DbgPrint("[lwIP, LibTCPListenCallback] Done\n");
@@ -641,9 +637,18 @@
DbgPrint("[lwIP, LibTCPClose] pcb->state = %s\n",
tcp_state_str[pcb->state]);
tcp_arg(pcb, NULL);
- tcp_recv(pcb, NULL);
- tcp_sent(pcb, NULL);
- tcp_err(pcb, NULL);
+
+ /*
+ if this pcb is not in LISTEN state than it has
+ valid recv, send and err callbacks to cancel
+ */
+ if (pcb->state != LISTEN)
+ {
+ tcp_recv(pcb, NULL);
+ tcp_sent(pcb, NULL);
+ tcp_err(pcb, NULL);
+ }
+
tcp_accept(pcb, NULL);
DbgPrint("[lwIP, LibTCPClose] Attempting to allocate memory for msg\n");
