Skip to content

Commit

Permalink
Fix potential leak in TCPEndPoint::LwIPHandleDataReceived (#11447)
Browse files Browse the repository at this point in the history 
#### Problem

`TCPEndPoint::LwIPHandleDataReceived()` receives a packet buffer and,
in the normal case, forwards its ownership via `PostEvent()`. If that
fails, `LwIPHandleDataReceived()` is responsible for freeing the pbuf,
but doesn't.

From LwIP documentation, “If the callback function returns ERR_OK or
ERR_ABRT it must have freed the pbuf”.

#### Change overview

Call `pbuf_free()` if `PostEvent()` fails.

#### Testing

None; we don't have any way to instrument LwIP to verify this.
  • Loading branch information
@kpschoedel @pull
kpschoedel authored and pull[bot] committed Dec 14, 2023
1 parent 06aa06a commit 5205317
Showing 1 changed file with 6 additions and 0 deletions.
6 changes: 6 additions & 0 deletions src/inet/TCPEndPoint.cpp
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1086,7 +1086,13 @@ err_t TCPEndPoint::LwIPHandleDataReceived(void * arg, struct tcp_pcb * tpcb, str
res = ERR_ABRT;

if (res != ERR_OK)
{
if (p != nullptr)
{
pbuf_free(p);
}
tcp_abort(tpcb);
}

return res;
}
Expand Down

0 comments on commit 5205317

Please sign in to comment.