Merge branch 'master' of git://git.savannah.nongnu.org/lwip

CHANGELOG

@@ -117,6 +117,19 @@ HISTORY
 
   ++ Bugfixes:
 
+  2014-09-03: Simon Goldschmidt
+  * msg_in.c: fixed bug #39355 SNMP Memory Leak in case of error
+
+  2014-09-02: Simon Goldschmidt
+  * err.h/.c, sockets.c, api_msg.c: fixed bug #43110 call getpeername() before
+    listen() will cause a error
+
+  2014-09-02: Simon Goldschmidt
+  * sockets.c: fixed bug #42117 lwip_fcntl does not set errno
+
+  2014-09-02: Simon Goldschmidt
+  * tcp.c: fixed bug #42299 tcp_abort() leaves freed pcb on tcp_bound_pcbs list
+
   2014-08-20: Simon Goldschmidt
   * dns.c: fixed bug #42987 lwIP is vulnerable to DNS cache poisoning due to
     non-randomized TXIDs

src/api/api_lib.c

@@ -826,6 +826,11 @@ netconn_gethostbyname(const char *name, ip_addr_t *addr)
 
   LWIP_ERROR("netconn_gethostbyname: invalid name", (name != NULL), return ERR_ARG;);
   LWIP_ERROR("netconn_gethostbyname: invalid addr", (addr != NULL), return ERR_ARG;);
+#if LWIP_MPU_COMPATIBLE
+  if (strlen(name >= DNS_MAX_NAME_LENGTH) {
+    return ERR_ARG;
+  }
+#endif
 
   API_VAR_ALLOC(struct dns_api_msg, MEMP_DNS_API_MSG, msg);
 #if LWIP_MPU_COMPATIBLE

src/api/api_msg.c

@@ -1076,53 +1076,58 @@ lwip_netconn_do_disconnect(struct api_msg_msg *msg)
 void
 lwip_netconn_do_listen(struct api_msg_msg *msg)
 {
-  if (ERR_IS_FATAL(msg->conn->last_err)) {
+  if (ERR_IS_FATAL_LISTENCONNECT(msg->conn->last_err)) {
     msg->err = msg->conn->last_err;
   } else {
     msg->err = ERR_CONN;
     if (msg->conn->pcb.tcp != NULL) {
       if (NETCONNTYPE_GROUP(msg->conn->type) == NETCONN_TCP) {
         if (msg->conn->state == NETCONN_NONE) {
           struct tcp_pcb* lpcb;
+          if (msg->conn->pcb.tcp->state != CLOSED) {
+            /* connection is not closed, cannot listen */
+            msg->err = ERR_VAL;
+          } else {
 #if LWIP_IPV6
-          if ((msg->conn->flags & NETCONN_FLAG_IPV6_V6ONLY) == 0) {
+            if ((msg->conn->flags & NETCONN_FLAG_IPV6_V6ONLY) == 0) {
 #if TCP_LISTEN_BACKLOG
-            lpcb = tcp_listen_dual_with_backlog(msg->conn->pcb.tcp, msg->msg.lb.backlog);
+              lpcb = tcp_listen_dual_with_backlog(msg->conn->pcb.tcp, msg->msg.lb.backlog);
 #else  /* TCP_LISTEN_BACKLOG */
-            lpcb = tcp_listen_dual(msg->conn->pcb.tcp);
+              lpcb = tcp_listen_dual(msg->conn->pcb.tcp);
 #endif /* TCP_LISTEN_BACKLOG */
-          } else
+            } else
 #endif /* LWIP_IPV6 */
-          {
+            {
 #if TCP_LISTEN_BACKLOG
-            lpcb = tcp_listen_with_backlog(msg->conn->pcb.tcp, msg->msg.lb.backlog);
+              lpcb = tcp_listen_with_backlog(msg->conn->pcb.tcp, msg->msg.lb.backlog);
 #else  /* TCP_LISTEN_BACKLOG */
-            lpcb = tcp_listen(msg->conn->pcb.tcp);
+              lpcb = tcp_listen(msg->conn->pcb.tcp);
 #endif /* TCP_LISTEN_BACKLOG */
-          }
-          if (lpcb == NULL) {
-            /* in this case, the old pcb is still allocated */
-            msg->err = ERR_MEM;
-          } else {
-            /* delete the recvmbox and allocate the acceptmbox */
-            if (sys_mbox_valid(&msg->conn->recvmbox)) {
-              /** @todo: should we drain the recvmbox here? */
-              sys_mbox_free(&msg->conn->recvmbox);
-              sys_mbox_set_invalid(&msg->conn->recvmbox);
-            }
-            msg->err = ERR_OK;
-            if (!sys_mbox_valid(&msg->conn->acceptmbox)) {
-              msg->err = sys_mbox_new(&msg->conn->acceptmbox, DEFAULT_ACCEPTMBOX_SIZE);
             }
-            if (msg->err == ERR_OK) {
-              msg->conn->state = NETCONN_LISTEN;
-              msg->conn->pcb.tcp = lpcb;
-              tcp_arg(msg->conn->pcb.tcp, msg->conn);
-              tcp_accept(msg->conn->pcb.tcp, accept_function);
+            if (lpcb == NULL) {
+              /* in this case, the old pcb is still allocated */
+              msg->err = ERR_MEM;
             } else {
-              /* since the old pcb is already deallocated, free lpcb now */
-              tcp_close(lpcb);
-              msg->conn->pcb.tcp = NULL;
+              /* delete the recvmbox and allocate the acceptmbox */
+              if (sys_mbox_valid(&msg->conn->recvmbox)) {
+                /** @todo: should we drain the recvmbox here? */
+                sys_mbox_free(&msg->conn->recvmbox);
+                sys_mbox_set_invalid(&msg->conn->recvmbox);
+              }
+              msg->err = ERR_OK;
+              if (!sys_mbox_valid(&msg->conn->acceptmbox)) {
+                msg->err = sys_mbox_new(&msg->conn->acceptmbox, DEFAULT_ACCEPTMBOX_SIZE);
+              }
+              if (msg->err == ERR_OK) {
+                msg->conn->state = NETCONN_LISTEN;
+                msg->conn->pcb.tcp = lpcb;
+                tcp_arg(msg->conn->pcb.tcp, msg->conn);
+                tcp_accept(msg->conn->pcb.tcp, accept_function);
+              } else {
+                /* since the old pcb is already deallocated, free lpcb now */
+                tcp_close(lpcb);
+                msg->conn->pcb.tcp = NULL;
+              }
             }
           }
         }

src/api/err.c

@@ -51,10 +51,10 @@ static const char *err_strerr[] = {
            "Operation would block.", /* ERR_WOULDBLOCK -7  */
            "Address in use.",        /* ERR_USE        -8  */
            "Already connected.",     /* ERR_ISCONN     -9  */
-           "Connection aborted.",    /* ERR_ABRT       -10 */
-           "Connection reset.",      /* ERR_RST        -11 */
-           "Connection closed.",     /* ERR_CLSD       -12 */
-           "Not connected.",         /* ERR_CONN       -13 */
+           "Not connected.",         /* ERR_CONN       -10 */
+           "Connection aborted.",    /* ERR_ABRT       -11 */
+           "Connection reset.",      /* ERR_RST        -12 */
+           "Connection closed.",     /* ERR_CLSD       -13 */
            "Illegal argument.",      /* ERR_ARG        -14 */
            "Low-level netif error.", /* ERR_IF         -15 */
 };

src/api/sockets.c

@@ -208,10 +208,10 @@ static const int err_to_errno_table[] = {
   EWOULDBLOCK,   /* ERR_WOULDBLOCK -7      Operation would block.   */
   EADDRINUSE,    /* ERR_USE        -8      Address in use.          */
   EALREADY,      /* ERR_ISCONN     -9      Already connected.       */
-  ECONNABORTED,  /* ERR_ABRT       -10     Connection aborted.      */
-  ECONNRESET,    /* ERR_RST        -11     Connection reset.        */
-  ENOTCONN,      /* ERR_CLSD       -12     Connection closed.       */
-  ENOTCONN,      /* ERR_CONN       -13     Not connected.           */
+  ENOTCONN,      /* ERR_CONN       -10     Not connected.           */
+  ECONNABORTED,  /* ERR_ABRT       -11     Connection aborted.      */
+  ECONNRESET,    /* ERR_RST        -12     Connection reset.        */
+  ENOTCONN,      /* ERR_CLSD       -13     Connection closed.       */
   EIO,           /* ERR_ARG        -14     Illegal argument.        */
   -1,            /* ERR_IF         -15     Low-level netif error    */
 };
@@ -2622,23 +2622,28 @@ lwip_fcntl(int s, int cmd, int val)
   struct lwip_sock *sock = get_socket(s);
   int ret = -1;
 
-  if (!sock || !sock->conn) {
+  if (!sock) {
     return -1;
   }
 
   switch (cmd) {
   case F_GETFL:
     ret = netconn_is_nonblocking(sock->conn) ? O_NONBLOCK : 0;
+    sock_set_errno(sock, 0);
     break;
   case F_SETFL:
     if ((val & ~O_NONBLOCK) == 0) {
       /* only O_NONBLOCK, all other bits are zero */
       netconn_set_nonblocking(sock->conn, val & O_NONBLOCK);
       ret = 0;
+      sock_set_errno(sock, 0);
+    } else {
+      sock_set_errno(sock, ENOSYS); /* not yet implemented */
     }
     break;
   default:
     LWIP_DEBUGF(SOCKETS_DEBUG, ("lwip_fcntl(%d, UNIMPL: %d, %d)\n", s, cmd, val));
+    sock_set_errno(sock, ENOSYS); /* not yet implemented */
     break;
   }
   return ret;

src/core/ipv6/ip6_frag.c

@@ -545,7 +545,7 @@ ip6_reass(struct pbuf *p)
   return NULL;
 }
 
-#endif /* LWIP_IPV6 ^^ LWIP_IPV6_REASS */
+#endif /* LWIP_IPV6 && LWIP_IPV6_REASS */
 
 #if LWIP_IPV6 && LWIP_IPV6_FRAG
 

src/core/memp.c

@@ -58,6 +58,7 @@
 #include "lwip/snmp_structs.h"
 #include "lwip/snmp_msg.h"
 #include "lwip/dns.h"
+#include "lwip/netdb.h"
 #include "netif/ppp/ppp.h"
 #include "netif/ppp/pppoe.h"
 #include "netif/ppp/pppol2tp.h"

src/core/snmp/msg_in.c

@@ -110,6 +110,10 @@ snmp_error_response(struct snmp_msg_pstat *msg_ps, u8_t error)
   struct snmp_varbind *vbi = msg_ps->invb.head;
   struct snmp_varbind *vbo = msg_ps->outvb.head;
   for (v=0; v<msg_ps->vb_idx; v++) {
+    if (vbi->ident != NULL) {
+      /* free previously allocated value before overwriting the pointer */
+      memp_free(MEMP_SNMP_VALUE, vbi->ident);
+    }
     vbi->ident_len = vbo->ident_len;
     vbo->ident_len = 0;
     vbi->ident = vbo->ident;

src/core/tcp.c

@@ -382,14 +382,19 @@ tcp_abandon(struct tcp_pcb *pcb, int reset)
     errf = pcb->errf;
 #endif /* LWIP_CALLBACK_API */
     errf_arg = pcb->callback_arg;
-    TCP_PCB_REMOVE_ACTIVE(pcb);
+    if ((pcb->state == CLOSED) && (pcb->local_port != 0)) {
+      /* bound, not yet opened */
+      TCP_RMV(&tcp_bound_pcbs, pcb);
+    } else {
+      TCP_PCB_REMOVE_ACTIVE(pcb);
+    }
     if (pcb->unacked != NULL) {
       tcp_segs_free(pcb->unacked);
     }
     if (pcb->unsent != NULL) {
       tcp_segs_free(pcb->unsent);
     }
-#if TCP_QUEUE_OOSEQ    
+#if TCP_QUEUE_OOSEQ
     if (pcb->ooseq != NULL) {
       tcp_segs_free(pcb->ooseq);
     }
@@ -1634,7 +1639,7 @@ tcp_pcb_remove(struct tcp_pcb **pcblist, struct tcp_pcb *pcb)
   TCP_RMV(pcblist, pcb);
 
   tcp_pcb_purge(pcb);
-  
+
   /* if there is an outstanding delayed ACKs, send it */
   if (pcb->state != TIME_WAIT &&
      pcb->state != LISTEN &&
@@ -1652,6 +1657,8 @@ tcp_pcb_remove(struct tcp_pcb **pcblist, struct tcp_pcb *pcb)
   }
 
   pcb->state = CLOSED;
+  /* reset the local port to prevent the pcb from being 'bound' */
+  pcb->local_port = 0;
 
   LWIP_ASSERT("tcp_pcb_remove: tcp_pcbs_sane()", tcp_pcbs_sane());
 }

src/include/lwip/dns.h

@@ -70,13 +70,6 @@ extern "C" {
 #define DNS_RRCLASS_HS            4     /* Hesiod [Dyer 87] */
 #define DNS_RRCLASS_FLUSH         0x800 /* Flush bit */
 
-/* The size used for the next line is rather a hack, but it prevents including socket.h in all files
-   that include memp.h, and that would possibly break portability (since socket.h defines some types
-   and constants possibly already define by the OS).
-   Calculation rule:
-   sizeof(struct addrinfo) + sizeof(struct sockaddr_in) + DNS_MAX_NAME_LENGTH + 1 byte zero-termination */
-#define NETDB_ELEM_SIZE           (32 + 16 + DNS_MAX_NAME_LENGTH + 1)
-
 #if DNS_LOCAL_HOSTLIST
 /** struct used for local host-list */
 struct local_hostlist_entry {

src/include/lwip/err.h

@@ -62,10 +62,12 @@ typedef s8_t err_t;
 
 #define ERR_IS_FATAL(e) ((e) < ERR_ISCONN)
 
-#define ERR_ABRT       -10   /* Connection aborted.      */
-#define ERR_RST        -11   /* Connection reset.        */
-#define ERR_CLSD       -12   /* Connection closed.       */
-#define ERR_CONN       -13   /* Not connected.           */
+#define ERR_CONN       -10   /* Not connected.           */
+#define ERR_IS_FATAL_LISTENCONNECT(e) ((e) < ERR_CONN)
+
+#define ERR_ABRT       -11   /* Connection aborted.      */
+#define ERR_RST        -12   /* Connection reset.        */
+#define ERR_CLSD       -13   /* Connection closed.       */
 
 #define ERR_ARG        -14   /* Illegal argument.        */
 

src/include/lwip/netdb.h

@@ -92,6 +92,8 @@ struct addrinfo {
 };
 #endif /* LWIP_DNS_API_DECLARE_STRUCTS */
 
+#define NETDB_ELEM_SIZE           (sizeof(struct addrinfo) + sizeof(struct sockaddr_in) + DNS_MAX_NAME_LENGTH + 1)
+
 #if LWIP_DNS_API_DECLARE_H_ERRNO
 /* application accessible error code set by the DNS API functions */
 extern int h_errno;