lwip-devel
[Top][All Lists]
Advanced
[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

[lwip-devel] [bug #34846] LWIP segfaults from IPv6 reassembly timer

From: Simon Goldschmidt
Subject: [lwip-devel] [bug #34846] LWIP segfaults from IPv6 reassembly timer
Date: Thu, 17 Nov 2011 06:28:21 +0000
User-agent: Mozilla/5.0 (Windows NT 5.1; rv:8.0) Gecko/20100101 Firefox/8.0 
Follow-up Comment #2, bug #34846 (project lwip):

> the problem is the use of ip_current_netif() in icmp6_send_response

Plus it uses ip6_current_src_addr(), which also is only valid during input.
However, while the IP6 source address can be found in the pbuf passed to
icmp6_send_response (see the IPv4 version of that function), the netif is not
noted anywhere.

Wouldn't solution 1 fail on link-local addresses when we have multiple netifs?
I think a mix of 1 and 2 would be the best:

- remember the netif on input (add a member in struct ip6_reassdata)
- in ip6_reass_free_complete_datagram, check if the netif is still in
netif_list (and if it's up) and set ip_current_netif to it (resetting it to
NULL after icmp6_time_exceeded() returned)
- then, use that netif in icmp6_send_response or use the default routing if it
is NULL

> BTW the version says CVS Head, but it really is the GIT HEAD.

Yeah, I think only project leaders can change that. However, it's clear to us
what you mean. :-)

    _______________________________________________________

Reply to this item at:

  <http://savannah.nongnu.org/bugs/?34846>

_______________________________________________
  Nachricht geschickt von/durch Savannah
  http://savannah.nongnu.org/
reply via email to
[Prev in Thread] Current Thread [Next in Thread]