This is the mail archive of the
ecos-bugs@sourceware.org
mailing list for the eCos project.
[Bug 1000802] New: DNS race condition
- From: bugzilla-daemon at ecoscentric dot com
- To: ecos-bugs at ecos dot sourceware dot org
- Date: Wed, 15 Jul 2009 16:23:20 +0100
- Subject: [Bug 1000802] New: DNS race condition
http://bugs.ecos.sourceware.org/show_bug.cgi?id=1000802
Summary: DNS race condition
Product: eCos
Version: CVS
Platform: All
OS/Version: All
Status: UNCONFIRMED
Severity: normal
Priority: normal
Component: TCP/IP
AssignedTo: gary@mlbassoc.com
ReportedBy: will_lentz@trimble.com
QAContact: ecos-bugs@ecos.sourceware.org
Class: ---
Created an attachment (id=762)
--> (http://bugs.ecos.sourceware.org/attachment.cgi?id=762)
Fix for DNS race condition
Hi,
There's a race condition in packages/net/ns/dns/current/include/dns_impl.inl
and dns.c.
Here's a quick example of how the current code may cause a problem:
1) Call cyg_dns_res_start() in thread #1.
Assume the connect() call blocks for a few seconds.
Note that at this point 's' is valid, but 'ptdindex' in uninitialized or
invalid.
2) While thread #1 is blocked, call gethostbyname() (or gethostbyaddr()) in
thread #2.
The call to free_stored_hent() assumes 'ptdindex' is valid, but it is not.
If you have asserts on, cyg_thread_get_data(ptdindex) will hit an assert or
return a bogus pointer value that may get passed to free().
The attached fix:
- puts 's' and free_stored_hent()/ptdindex inside the mutex lock so they are
always consistent with each other.
- makes 'init' file-visible so it can protect against accessing an
uninitialized mutex.
Thanks,
Will
--
Configure bugmail: http://bugs.ecos.sourceware.org/userprefs.cgi?tab=email
------- You are receiving this mail because: -------
You are the QA contact for the bug.