[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]
Re: [lwip-users] PPPOS udp error
From: |
Sylvain Rochet |
Subject: |
Re: [lwip-users] PPPOS udp error |
Date: |
Tue, 1 Aug 2017 15:16:59 +0200 |
User-agent: |
Mutt/1.5.23 (2014-03-12) |
Hi,
On Tue, Aug 01, 2017 at 09:10:58AM -0400, Patrick Klos wrote:
> On 8/1/2017 2:06 AM, address@hidden wrote:
> >Hi,
> > Here i have attached lwipopts.h file for our configuration. I need to
> >run 4 udp clients on this stack but currently i am running one udp client.
>
> I would recommend increasing the number of pbufs (PBUF_POOL_SIZE) and the
> size of the heap (MEM_SIZE) and see if your system runs longer? If so, that
> would imply you have a resource issue that you can look for? If not, then
> the problem is probably someplace else?
>
> >I am sending data in loop here bellow i have added part of code t
> >
> >
> >int pppudpsenddata(char *buffer, u16_t len) {
> > int status;
> > struct pbuf* pbuffer;
> > pbuffer->next = NULL;
>
> If this is your actual code, then you have a HUGE BUG right here! You are
> trying to set 'pbuffer->next' BEFORE pbuffer has a valid pointer. That
> can't be good! :o) (I'm surprised your compiler didn't warn you that
> you're using a variable before it has been initialized?!?)
>
> Patrick Klos
> Klos Technologies, Inc.
>
> > pbuffer = pbuf_alloc(PBUF_TRANSPORT, len, PBUF_POOL);
> > memcpy(pbuffer->payload, buffer, len);
> > pbuffer->len = pbuffer->tot_len = len;
> > status = udp_send(sock, pbuffer);
Furthermore pbuffer->len and pbuffer->tot_len are already set by
pbuf_alloc... overriding them can't be good... you must take time to
understand how lwIP chained pbuf should be handled. I am confident you
are leaking pbufs here as well as a buffer overflow.
Sylvain
signature.asc
Description: Digital signature