From f87ede57a2e97f0743a85b94072c7163fa485ae9 Mon Sep 17 00:00:00 2001 From: Sebastian Huber Date: Thu, 15 Jan 2015 14:13:19 +0100 Subject: libnetworking: Fix close of active sockets Send a special event to notify tasks waiting for a socket state change in case this socket gets closed. This prevents a use after free. Close #785. --- testsuites/libtests/syscall01/init.c | 191 +++++++++++++++++++++++++++++++++-- testsuites/samples/loopback/init.c | 5 +- 2 files changed, 187 insertions(+), 9 deletions(-) (limited to 'testsuites') diff --git a/testsuites/libtests/syscall01/init.c b/testsuites/libtests/syscall01/init.c index bfffa0e901..ec5e5b2c13 100644 --- a/testsuites/libtests/syscall01/init.c +++ b/testsuites/libtests/syscall01/init.c @@ -1,8 +1,8 @@ /* - * Copyright (c) 2012 embedded brains GmbH. All rights reserved. + * Copyright (c) 2012-2015 embedded brains GmbH. All rights reserved. * * embedded brains GmbH - * Obere Lagerstr. 30 + * Dornierstr. 4 * 82178 Puchheim * Germany * @@ -18,8 +18,10 @@ #include "tmacros.h" +#include #include #include +#include #include #include #include @@ -29,14 +31,19 @@ const char rtems_test_name[] = "SYSCALL 1"; -/* forward declarations to avoid warnings */ -static rtems_task Init(rtems_task_argument argument); - static const char open_driver_path [] = "/dev/open_driver"; struct rtems_bsdnet_config rtems_bsdnet_config; -static void test(void) +typedef struct { + rtems_id main_task; + rtems_id close_task; + int fd; +} test_context; + +static test_context test_instance; + +static void test_sync(void) { int rv; char buf [1]; @@ -76,16 +83,184 @@ static void test(void) rtems_test_assert(rv == 0); } +static void close_task(rtems_task_argument arg) +{ + test_context *ctx = (test_context *) arg; + + while (true) { + rtems_status_code sc; + int rv; + + rv = close(ctx->fd); + rtems_test_assert(rv == 0); + + sc = rtems_event_transient_send(ctx->main_task); + rtems_test_assert(sc == RTEMS_SUCCESSFUL); + } +} + +static void wait_for_close_task(void) +{ + rtems_status_code sc; + + sc = rtems_event_transient_receive(RTEMS_WAIT, RTEMS_NO_TIMEOUT); + rtems_test_assert(sc == RTEMS_SUCCESSFUL); +} + +static void test_accept_and_close(test_context *ctx) +{ + int rv; + int fd; + struct sockaddr_in addr; + socklen_t addrlen = sizeof(addr); + + ctx->fd = socket(PF_INET, SOCK_STREAM, 0); + rtems_test_assert(ctx->fd >= 0); + + rv = listen(ctx->fd, 1); + rtems_test_assert(rv == 0); + + errno = 0; + fd = accept(ctx->fd, (struct sockaddr *) &addr, &addrlen); + rtems_test_assert(fd == -1); + rtems_test_assert(errno == ENXIO); + + errno = 0; + fd = accept(ctx->fd, (struct sockaddr *) &addr, &addrlen); + rtems_test_assert(fd == -1); + rtems_test_assert(errno == EBADF); + + wait_for_close_task(); +} + +static void test_connect_and_close(test_context *ctx) +{ + int rv; + struct sockaddr_in addr; + socklen_t addrlen = sizeof(addr); + + ctx->fd = socket(PF_INET, SOCK_STREAM, 0); + rtems_test_assert(ctx->fd >= 0); + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(1234); + addr.sin_addr.s_addr = htonl(INADDR_ANY); + + errno = 0; + rv = connect(ctx->fd, (struct sockaddr *) &addr, addrlen); + rtems_test_assert(rv == -1); + rtems_test_assert(errno == ENXIO); + + errno = 0; + rv = connect(ctx->fd, (struct sockaddr *) &addr, addrlen); + rtems_test_assert(rv == -1); + rtems_test_assert(errno == EBADF); + + wait_for_close_task(); +} + +static void test_recv_and_close(test_context *ctx) +{ + int rv; + struct sockaddr_in addr; + socklen_t addrlen = sizeof(addr); + char buf[1]; + ssize_t n; + + ctx->fd = socket(PF_INET, SOCK_DGRAM, 0); + rtems_test_assert(ctx->fd >= 0); + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(1234); + addr.sin_addr.s_addr = htonl(INADDR_ANY); + + rv = bind(ctx->fd, (struct sockaddr *) &addr, addrlen); + rtems_test_assert(rv == 0); + + errno = 0; + n = recv(ctx->fd, &buf[0], sizeof(buf), 0); + rtems_test_assert(n == -1); + rtems_test_assert(errno == ENXIO); + + errno = 0; + n = recv(ctx->fd, &buf[0], sizeof(buf), 0); + rtems_test_assert(n == -1); + rtems_test_assert(errno == EBADF); + + wait_for_close_task(); +} + +static void test_select_and_close(test_context *ctx) +{ + int rv; + struct sockaddr_in addr; + socklen_t addrlen = sizeof(addr); + int nfds; + struct fd_set set; + + ctx->fd = socket(PF_INET, SOCK_DGRAM, 0); + rtems_test_assert(ctx->fd >= 0); + + memset(&addr, 0, sizeof(addr)); + addr.sin_family = AF_INET; + addr.sin_port = htons(1234); + addr.sin_addr.s_addr = htonl(INADDR_ANY); + + rv = bind(ctx->fd, (struct sockaddr *) &addr, addrlen); + rtems_test_assert(rv == 0); + + nfds = ctx->fd + 1; + FD_ZERO(&set); + FD_SET(ctx->fd, &set); + + errno = 0; + rv = select(nfds, &set, NULL, NULL, NULL); + rtems_test_assert(rv == -1); + rtems_test_assert(errno == EBADF); + + wait_for_close_task(); +} + static void Init(rtems_task_argument arg) { + test_context *ctx = &test_instance; + rtems_status_code sc; int rv; TEST_BEGIN(); + ctx->main_task = rtems_task_self(); + + sc = rtems_task_create( + rtems_build_name('C', 'L', 'O', 'S'), + 2, + RTEMS_MINIMUM_STACK_SIZE, + RTEMS_DEFAULT_MODES, + RTEMS_DEFAULT_ATTRIBUTES, + &ctx->close_task + ); + rtems_test_assert(sc == RTEMS_SUCCESSFUL); + + sc = rtems_task_start( + ctx->close_task, + close_task, + (rtems_task_argument) ctx + ); + rtems_test_assert(sc == RTEMS_SUCCESSFUL); + rv = rtems_bsdnet_initialize_network(); rtems_test_assert(rv == 0); - test(); + test_sync(); + test_accept_and_close(ctx); + test_connect_and_close(ctx); + test_recv_and_close(ctx); + test_select_and_close(ctx); + + sc = rtems_task_delete(ctx->close_task); + rtems_test_assert(sc == RTEMS_SUCCESSFUL); TEST_END(); @@ -129,7 +304,7 @@ static rtems_device_driver open_driver_open( #define CONFIGURE_LIBIO_MAXIMUM_FILE_DESCRIPTORS 4 -#define CONFIGURE_MAXIMUM_TASKS 2 +#define CONFIGURE_MAXIMUM_TASKS 3 #define CONFIGURE_INITIAL_EXTENSIONS RTEMS_TEST_INITIAL_EXTENSION diff --git a/testsuites/samples/loopback/init.c b/testsuites/samples/loopback/init.c index 7ac376fbe8..ccaf3c65ce 100644 --- a/testsuites/samples/loopback/init.c +++ b/testsuites/samples/loopback/init.c @@ -167,7 +167,10 @@ static rtems_task serverTask(rtems_task_argument arg) addrlen = sizeof farAddr; s1 = accept(s, (struct sockaddr *)&farAddr, &addrlen); if (s1 < 0) - rtems_panic("Can't accept connection: %s", strerror(errno)); + if (errno == ENXIO) + rtems_task_delete(RTEMS_SELF); + else + rtems_panic("Can't accept connection: %s", strerror(errno)); else printf("ACCEPTED:%lX\n", ntohl(farAddr.sin_addr.s_addr)); spawnTask(workerTask, myPriority, s1); -- cgit v1.2.3