This is the mail archive of the ecos-discuss@sourceware.org mailing list for the eCos project.


Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]
Other format: [Raw text]

DNS race condition and patch


Hi,

There's a race condition in
packages/net/ns/dns/current/include/dns_impl.inl and dns.c.

Here's a quick example of how the current code may cause a problem:
 1) Call cyg_dns_res_start() in thread #1.
    Assume the connect() call blocks for a few seconds.
    Note that at this point 's' is valid, but 'ptdindex' in
uninitialized or invalid.
 2) While thread #1 is blocked, call gethostbyname() (or
gethostbyaddr()) in thread #2.
    The call to free_stored_hent() assumes 'ptdindex' is valid, but it
is not.
    If you have asserts on, cyg_thread_get_data(ptdindex) will hit an
assert or return
    a bogus pointer value that may get passed to free().

The attached fix:
 - puts 's' and free_stored_hent()/ptdindex inside the mutex lock so
they are
   always consistent with each other.
 - makes 'init' file-visible so it can protect against accessing an
uninitialized mutex.

Thanks,
Will

Attachment: patch_dns.txt
Description: patch_dns.txt

-- 
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss

Index Nav: [Date Index] [Subject Index] [Author Index] [Thread Index]
Message Nav: [Date Prev] [Date Next] [Thread Prev] [Thread Next]