tcp_close_tcpip() only closed active TCP PCBs, leaking other types of TCP PCBs
(notably bound only, not yet connected/used). With time, this led to DoS
situations.
Fix by giving up on the hacky way of searching the LWIP innards for the TCP PCB
needing closing. The searching was non-comprehensive, hence the problem in
principle, and inherently racy: could close a meanwhile freed & reused PCB.
Pass the pointer to the struct mg_lwip_conn_state of the struct mg_connection
being destroyed to tcp_close_tcpip() instead of the bare PCB pointer, so the PCB
pointer stored within can be used. Delay unassigning that pointer from the
struct mg_connection until tcp_close_tcpip() finishes, so that
a mg_lwip_tcp_error_cb() meanwhile can clear the PCB pointer stored within.
That ensures no double-closing of the TCP PCB when a concurrent TCP error makes
LWIP close the TCP PCB from the LWIP side.
NB! At the moment, PCBs can still leak if tcp_close() fails, which is unlikely
but possible as per the API. Retrying tcp_close() should somehow be
implemented. For now, at least add logging of tcp_close() failures.
Also: remove the extraneous though benign double-calling of tcp_arg(…, NULL).
h/t @QRPp
A TCP connection can get closed while there are TCPIP thread callbacks
queued. Add checks to close and write functions to avoid acting on
tcp_pcbs that have already been disposed of.
Store adddress in the memory immediately preceding the packet data.
It is guaranteed to have enough space (IP header is 20 bytes).
Introduce a limit on the length of the RX chain,
MG_LWIP_MAX_UDP_RX_CHAIN_LEN. Default is 20.
This is required to distinguish input interface for multicast traffic
and select correct output interface for outgoing traffic (advertisements).
http://savannah.nongnu.org/bugs/?49662 removed ability to receive
multicast traffic on on interface-bound sockets (making the previous
change useless, hence the revert), so for LWIP 2.0.1 and newer
multicast packets can only be received on INADDR_ANY listeners.
User is then required to distinguish input interface in the receive path.
This information is only available in the udp_recv callback, so we must
pass this down to dns-sd library somehow, and priv_2 is the how.
It is normally used for DNS resolver state, and is never used on
listening sockets. We thus avoid growing the mg_connection structure.
* Do not set MG_F_SSL ona connection until it's been fully accepted (MG_SIG_ACCEPT is handled).
This fixes a crash when SSL connection is polled before it's fully initialized.
* Fix mg_lwip_tcp_error_cb to NULL out tcp_pcb pointer even if mg_connection is already shutting down.
After mg_lwip_tcp_error_cb, tcp_pcb pointer can no longer be used and doesn't need to be freed.
This fixes https://github.com/cesanta/mongoose-os/issues/545
ESP8266 non-OS has very limited stack - only 4K. Undetected stack
overflows cause nasty bugs and it turns out serving files over http
routinely causes stack overflow.
This was exposed by a5f59123ed
As a short-term workaround, push http_message into bss, this is enough
as an immediate workaround. Longer term, we need to think how to bring
8266 to parity with other platforms where we have at least 8K stack.
At the same time, get rid of the compiler bug workaround - modern
toolchain doesn't need this.
Now src contains exactly what's embedded in mongoose.c and .h, nothing more.
Added `tools/amalgam.sh` to aamlgamate both files at once.
There are no functional changes to mongoose.c, .h in this PR, only slight filename changes.
* Actually drop the connection when no response to ping arrives within the next interval.
* Avoid sending immediate ping when wall time is adjusted, it's usually spurious.
PUBLISHED_FROM=8049280b58edfb94dd0fcb6a1e89ffefe69bcea1
If file ends with .gz and has known "secondary extnesion", i.e. test.html.gz,
its content type is determined by the secondary extension and content-encoding is set to gzip.
PUBLISHED_FROM=a238763b4424bafabec2e58ccae4522cacdd7c78
Also free up some RAM by not allocating ca_cert when `MBEDTLS_X509_CA_CHAIN_ON_DISK` is enabled.
PUBLISHED_FROM=5e5f4103707de98c929973d2aed0aaedf0bb60da
The ASAN build fails with
```
cookie_auth.c:62:7: error: variable 'ret' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (cookie_header == NULL) goto clean;
^~~~~~~~~~~~~~~~~~~~~
cookie_auth.c:84:10: note: uninitialized use occurs here
return ret;
^~~
cookie_auth.c:62:3: note: remove the 'if' if its condition is always false
if (cookie_header == NULL) goto clean;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cookie_auth.c:65:3: note: variable 'ret' is declared here
struct session *ret = NULL;
^
cookie_auth.c:62:7: error: variable 'ssid' is used uninitialized whenever 'if' condition is true [-Werror,-Wsometimes-uninitialized]
if (cookie_header == NULL) goto clean;
^~~~~~~~~~~~~~~~~~~~~
cookie_auth.c:81:7: note: uninitialized use occurs here
if (ssid != ssid_buf) {
^~~~
cookie_auth.c:62:3: note: remove the 'if' if its condition is always false
if (cookie_header == NULL) goto clean;
^~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
cookie_auth.c:64:3: note: variable 'ssid' is declared here
char *ssid = ssid_buf;
^
2 errors generated.
```
tcpip_callback doesn't wait for the callback to run (as was previosuly assumed).
CL: mg_net_if_lwip: Fix invoking callbacks on tcpip thread
PUBLISHED_FROM=930c45f1346f9c3b024e5e684f4a452c762db92b
* ARM
* Provide MSP and PSP
* Provide FreeRTOS task info
* Profide target specification XML (extra regs and FPU / no FPU Cortex cores)
* ESP32
* Use uxTaskGetSystemState instead of uxTaskGetTaskHandles
* General cleanup and refactoring
CL: Core dump analysis improvements
PUBLISHED_FROM=3297ffb2e6069a3a6a598367273bc2183063cf1e
All the platforms except esp32 (which uses heavily patched 9.0 from IDF) and esp8266 (doesn't use RTOS at all) are using the same version of FreeRTOS now.
CL: Make FreeRTOS a library, upgrade to 10.2.0
PUBLISHED_FROM=a4f7949a9f1546d23fc183412445859830f02d1a
