From 40d6417ae4e36ebbfaeb89d1f7eba8cc8aca9b5e Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Wiesner=20Andr=C3=A1s?= Date: Sat, 25 Feb 2023 13:46:47 +0100 Subject: [PATCH] - ARP and ICMP double free bug fixed - Memory leak caused by packet drop fixed - MemoryPool warns about possible double free --- eth_interface.c | 1 + memory_pool.c | 4 ++++ msg_queue.c | 2 +- packet_sieve.c | 2 ++ prefab/conn_blocks/arp_connblock.c | 2 +- prefab/conn_blocks/icmp_connblock.c | 2 +- prefab/packet_parsers/dhcp.c | 4 ---- utils.h | 1 + 8 files changed, 11 insertions(+), 7 deletions(-) diff --git a/eth_interface.c b/eth_interface.c index 675e5b1..101fe93 100644 --- a/eth_interface.c +++ b/eth_interface.c @@ -62,6 +62,7 @@ void ethinf_receive(EthInterface *intf, const RawPckt *rawPckt) { if (pushOK) { ETHLIB_OS_SEM_POST(&intf->rxSem); } else { + dynmem_free(rawPckt->payload); ERROR("Input queue full, packet dropped!\n"); } } diff --git a/memory_pool.c b/memory_pool.c index ea41c90..ac9030f 100644 --- a/memory_pool.c +++ b/memory_pool.c @@ -153,6 +153,10 @@ void mp_free(MP *mp, const uint8_t *p) { if (success) { mp_join_free_blocks(mp); } + + if (!success) { + WARNING("Possible double free!\n"); + } } void mp_report(MP *mp) { diff --git a/msg_queue.c b/msg_queue.c index ebc2060..f33592a 100644 --- a/msg_queue.c +++ b/msg_queue.c @@ -50,7 +50,7 @@ RawPckt mq_top(MsgQueue * mq) { } void mq_pop(MsgQueue * mq) { - if (mq_avail(mq) > 0) { // if there's something to pop + if (mq_avail(mq) > 0) { // if there's anything to pop mq->readIdx = MQ_NEXT(mq->size, mq->readIdx); } } diff --git a/packet_sieve.c b/packet_sieve.c index cec5bce..882d771 100644 --- a/packet_sieve.c +++ b/packet_sieve.c @@ -90,6 +90,8 @@ void packsieve_input(PcktSieve *sieve, const RawPckt *rawPckt) { lastHeader = header; } while ((ownClass != 0) && lastHeader->props.validityOK); + lastHeader->next = NULL; + // ------------------------------------ if (!lastHeader->props.validityOK) { // if packet is not valid, then drop diff --git a/prefab/conn_blocks/arp_connblock.c b/prefab/conn_blocks/arp_connblock.c index 987ffca..ab0916b 100644 --- a/prefab/conn_blocks/arp_connblock.c +++ b/prefab/conn_blocks/arp_connblock.c @@ -77,7 +77,7 @@ void arp_send(const ConnBlock * connBlock, const ArpProps * props) { ethinf_transmit(connBlock->sieve->intf, &rpckt); // release transmit buffer - dynmem_free(txBuf); + //dynmem_free(txBuf); } void arp_print_report(const ConnBlock *connBlock) { diff --git a/prefab/conn_blocks/icmp_connblock.c b/prefab/conn_blocks/icmp_connblock.c index 70e507c..fa095e3 100644 --- a/prefab/conn_blocks/icmp_connblock.c +++ b/prefab/conn_blocks/icmp_connblock.c @@ -48,7 +48,7 @@ static int icmp_recv_cb(const Pckt * pckt, PcktSieveLayerTag tag) { pckt_assemble(&raw, pckt); // release headers - pckthdr_chain_free(pckt->header); + //pckthdr_chain_free(pckt->header); ethinf_transmit(intf, &raw); } diff --git a/prefab/packet_parsers/dhcp.c b/prefab/packet_parsers/dhcp.c index 2a946f9..00e3cee 100644 --- a/prefab/packet_parsers/dhcp.c +++ b/prefab/packet_parsers/dhcp.c @@ -253,8 +253,6 @@ void dhcp_request(ip4_addr reqAddr, ip4_addr dhcpServerAddr) { } static void dhcp_process(DhcpProps *props, DhcpOption *opts) { - MSG("ENTER\n"); - ETHLIB_OS_MTX_LOCK(&s.procMtx); // LOCK! switch (s.state) { @@ -323,8 +321,6 @@ static void dhcp_process(DhcpProps *props, DhcpOption *opts) { } ETHLIB_OS_MTX_UNLOCK(&s.procMtx); // RELEASE! - - MSG("EXIT\n"); } static int dhcp_resp_cb(const Pckt *pckt, PcktSieveLayerTag tag) { diff --git a/utils.h b/utils.h index 07c1638..4f87e93 100644 --- a/utils.h +++ b/utils.h @@ -32,6 +32,7 @@ #endif #define ERROR(...) MSG(__VA_ARGS__) +#define WARNING(...) MSG(__VA_ARGS__) #define INFO(...) MSG(__VA_ARGS__) #define SNPRINTF(s,n,...) snprintf(s,n,__VA_ARGS__)