[ECOS] DNS race condition and patch
Will Lentz
Will_Lentz@Trimble.com
Tue Jul 14 22:39:00 GMT 2009
Hi,
There's a race condition in
packages/net/ns/dns/current/include/dns_impl.inl and dns.c.
Here's a quick example of how the current code may cause a problem:
1) Call cyg_dns_res_start() in thread #1.
Assume the connect() call blocks for a few seconds.
Note that at this point 's' is valid, but 'ptdindex' in
uninitialized or invalid.
2) While thread #1 is blocked, call gethostbyname() (or
gethostbyaddr()) in thread #2.
The call to free_stored_hent() assumes 'ptdindex' is valid, but it
is not.
If you have asserts on, cyg_thread_get_data(ptdindex) will hit an
assert or return
a bogus pointer value that may get passed to free().
The attached fix:
- puts 's' and free_stored_hent()/ptdindex inside the mutex lock so
they are
always consistent with each other.
- makes 'init' file-visible so it can protect against accessing an
uninitialized mutex.
Thanks,
Will
-------------- next part --------------
An embedded and charset-unspecified text was scrubbed...
Name: patch_dns.txt
URL: <http://sourceware.org/pipermail/ecos-discuss/attachments/20090714/878f7ab3/attachment.txt>
-------------- next part --------------
--
Before posting, please read the FAQ: http://ecos.sourceware.org/fom/ecos
and search the list archive: http://ecos.sourceware.org/ml/ecos-discuss
More information about the Ecos-discuss
mailing list