diff options
author | Dimitri Staessens <dimitri@ouroboros.rocks> | 2019-03-21 00:51:55 +0100 |
---|---|---|
committer | Sander Vrijders <sander@ouroboros.rocks> | 2019-03-21 09:45:54 +0100 |
commit | 0164e81987eab940e5374b026a38a18ea94c53f9 (patch) | |
tree | 7ca437880e5d6ef116dbac0978a2b31bf1303d6b | |
parent | 086cd5dae628556ffaa2c2efe559a5bd2fba8d0e (diff) | |
download | ouroboros-0164e81987eab940e5374b026a38a18ea94c53f9.tar.gz ouroboros-0164e81987eab940e5374b026a38a18ea94c53f9.zip |
ipcpd: Don't reuse fqueue between threads
The UDP IPCP was reusing fqueues between threads. This is not
supported and lead to bad reads and buffer overflows.
Signed-off-by: Dimitri Staessens <dimitri@ouroboros.rocks>
Signed-off-by: Sander Vrijders <sander@ouroboros.rocks>
-rw-r--r-- | src/ipcpd/udp/main.c | 27 |
1 files changed, 17 insertions, 10 deletions
diff --git a/src/ipcpd/udp/main.c b/src/ipcpd/udp/main.c index 9f45bc73..a1dcb602 100644 --- a/src/ipcpd/udp/main.c +++ b/src/ipcpd/udp/main.c @@ -118,7 +118,6 @@ struct { int clt_port; fset_t * np1_flows; - fqueue_t * fq; struct uf fd_to_uf[SYS_MAX_FLOWS]; pthread_rwlock_t flows_lock; @@ -154,10 +153,6 @@ static int udp_data_init(void) if (udp_data.np1_flows == NULL) goto fail_fset; - udp_data.fq = fqueue_create(); - if (udp_data.fq == NULL) - goto fail_fqueue; - udp_data.shim_data = shim_data_create(); if (udp_data.shim_data == NULL) goto fail_data; @@ -166,8 +161,6 @@ static int udp_data_init(void) return 0; fail_data: - fqueue_destroy(udp_data.fq); - fail_fqueue: fset_destroy(udp_data.np1_flows); fail_fset: pthread_mutex_destroy(&udp_data.mgmt_lock); @@ -183,7 +176,6 @@ static void udp_data_fini(void) { shim_data_destroy(udp_data.shim_data); - fqueue_destroy(udp_data.fq); fset_destroy(udp_data.np1_flows); pthread_rwlock_destroy(&udp_data.flows_lock); @@ -498,17 +490,30 @@ static void * ipcp_udp_packet_reader(void * o) return 0; } +static void cleanup_writer(void * o) +{ + fqueue_destroy((fqueue_t *) o); +} + static void * ipcp_udp_packet_writer(void * o) { + fqueue_t * fq; + + fq = fqueue_create(); + if (fq == NULL) + return (void *) -1; + (void) o; ipcp_lock_to_core(); + pthread_cleanup_push(cleanup_writer, fq); + while (true) { int fd; int eid; - fevent(udp_data.np1_flows, udp_data.fq, NULL); - while ((fd = fqueue_next(udp_data.fq)) >= 0) { + fevent(udp_data.np1_flows, fq, NULL); + while ((fd = fqueue_next(fq)) >= 0) { struct shm_du_buff * sdb; uint8_t * buf; uint16_t len; @@ -550,6 +555,8 @@ static void * ipcp_udp_packet_writer(void * o) } } + pthread_cleanup_pop(true); + return (void *) 1; } |