nuttx/net/local/local_accept.c

189 lines
5.4 KiB
C
Raw Normal View History

/****************************************************************************
* net/local/local_accept.c
*
* SPDX-License-Identifier: Apache-2.0
*
* Licensed to the Apache Software Foundation (ASF) under one or more
* contributor license agreements. See the NOTICE file distributed with
* this work for additional information regarding copyright ownership. The
* ASF licenses this file to you under the Apache License, Version 2.0 (the
* "License"); you may not use this file except in compliance with the
* License. You may obtain a copy of the License at
*
* http://www.apache.org/licenses/LICENSE-2.0
*
* Unless required by applicable law or agreed to in writing, software
* distributed under the License is distributed on an "AS IS" BASIS, WITHOUT
* WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the
* License for the specific language governing permissions and limitations
* under the License.
*
****************************************************************************/
/****************************************************************************
* Included Files
****************************************************************************/
#include <nuttx/config.h>
#include <string.h>
#include <errno.h>
#include <assert.h>
#include <debug.h>
#include <nuttx/nuttx.h>
#include <nuttx/queue.h>
#include <nuttx/net/net.h>
#include "socket/socket.h"
#include "local/local.h"
/****************************************************************************
* Private Functions
****************************************************************************/
/****************************************************************************
* Name: local_waitlisten
****************************************************************************/
static int local_waitlisten(FAR struct local_conn_s *server)
{
int ret;
/* Loop until a connection is requested or we receive a signal */
while (dq_empty(&server->u.server.lc_waiters))
{
/* No.. wait for a connection or a signal */
ret = net_sem_wait(&server->lc_waitsem);
if (ret < 0)
{
return ret;
}
}
/* There is an accept conn waiting to be processed */
return OK;
}
/****************************************************************************
* Public Functions
****************************************************************************/
/****************************************************************************
* Name: local_accept
*
* Description:
* This function implements accept() for Unix domain sockets. See the
* description of accept() for further information.
*
* Input Parameters:
* psock The listening Unix domain socket structure
* addr Receives the address of the connecting client
* addrlen Input: allocated size of 'addr',
* Return: returned size of 'addr'
* newconn The new, accepted Unix domain connection structure
*
* Returned Value:
* Returns zero (OK) on success or a negated errno value on failure.
* See the description of accept of the possible errno values in the
* description of accept().
*
* Assumptions:
* Network is NOT locked.
*
****************************************************************************/
int local_accept(FAR struct socket *psock, FAR struct sockaddr *addr,
FAR socklen_t *addrlen, FAR struct socket *newsock,
int flags)
{
FAR struct local_conn_s *server = psock->s_conn;
FAR struct local_conn_s *conn;
FAR dq_entry_t *waiter;
bool nonblock = !!(flags & SOCK_NONBLOCK);
int ret = OK;
/* Some sanity checks */
DEBUGASSERT(newsock && !newsock->s_conn);
/* Is the socket a stream? */
if (psock->s_domain != PF_LOCAL || psock->s_type != SOCK_STREAM)
{
return -EOPNOTSUPP;
}
if (server->lc_proto != SOCK_STREAM ||
server->lc_state != LOCAL_STATE_LISTENING)
{
return -EOPNOTSUPP;
}
2015-01-26 00:53:01 +01:00
/* Loop as necessary if we have to wait for a connection */
for (; ; )
2015-01-26 00:53:01 +01:00
{
/* Are there pending connections. Remove the accpet from the
2015-01-26 00:53:01 +01:00
* head of the waiting list.
*/
waiter = dq_remfirst(&server->u.server.lc_waiters);
if (waiter)
2015-01-26 00:53:01 +01:00
{
conn = container_of(waiter, struct local_conn_s,
u.accept.lc_waiter);
local socket: fix accept used after free ==1729315==ERROR: AddressSanitizer: heap-use-after-free on address 0xf0501d60 at pc 0x032ffe43 bp 0xef4ed158 sp 0xef4ed148 READ of size 2 at 0xf0501d60 thread T0 #0 0x32ffe42 in nxsem_wait semaphore/sem_wait.c:94 #1 0x3548cf5 in _net_timedwait utils/net_lock.c:97 #2 0x3548f48 in net_sem_timedwait utils/net_lock.c:236 #3 0x3548f8c in net_sem_wait utils/net_lock.c:318 #4 0x350124d in local_accept local/local_accept.c:246 #5 0x3492719 in psock_accept socket/accept.c:149 #6 0x3492bcc in accept4 socket/accept.c:280 #7 0x662dc04 in accept net/lib_accept.c:50 #8 0x55c81ab in kvdb_loop kvdb/server.c:415 #9 0x55c860a in kvdbd_main kvdb/server.c:458 #10 0x33d968b in nxtask_startup sched/task_startup.c:70 #11 0x32ec039 in nxtask_start task/task_start.c:134 #12 0x34109be in pre_start sim/sim_initialstate.c:52 0xf0501d60 is located 288 bytes inside of 420-byte region [0xf0501c40,0xf0501de4) freed by thread T0 here: #0 0xf7aa6a3f in __interceptor_free ../../../../../src/libsanitizer/asan/asan_malloc_linux.cpp:127 #1 0x73aa06e in host_free sim/posix/sim_hostmemory.c:192 #2 0x34131d6 in mm_free sim/sim_heap.c:230 #3 0x3409388 in free umm_heap/umm_free.c:49 #4 0x35631f3 in local_free local/local_conn.c:225 #5 0x3563f75 in local_release local/local_release.c:129 #6 0x34f5a32 in local_close local/local_sockif.c:785 #7 0x3496ee8 in psock_close socket/net_close.c:102 #8 0x36500bc in sock_file_close socket/socket.c:115 #9 0x3635f6c in file_close vfs/fs_close.c:74 #10 0x3632439 in nx_close_from_tcb inode/fs_files.c:670 #11 0x36324f3 in nx_close inode/fs_files.c:697 #12 0x3632557 in close inode/fs_files.c:735 #13 0x55be289 in property_set_ kvdb/client.c:210 #14 0x55c0309 in property_set_int32_ kvdb/common.c:226 #15 0x55c03f5 in property_set_int32_oneway kvdb/common.c:236 Signed-off-by: ligd <liguiding1@xiaomi.com>
2023-09-22 07:33:42 +02:00
/* Decrement the number of pending accpets */
2015-01-26 00:53:01 +01:00
DEBUGASSERT(server->u.server.lc_pending > 0);
server->u.server.lc_pending--;
/* Setup the accpet socket structure */
newsock->s_domain = psock->s_domain;
newsock->s_type = SOCK_STREAM;
newsock->s_sockif = psock->s_sockif;
newsock->s_conn = (FAR void *)conn;
/* Return the address family */
if (addr != NULL)
{
ret = local_getaddr(conn, addr, addrlen);
}
if (ret == OK && nonblock)
{
ret = local_set_nonblocking(conn);
}
return ret;
2015-01-26 00:53:01 +01:00
}
/* No.. then there should be no pending connections */
DEBUGASSERT(server->u.server.lc_pending == 0);
/* Was the socket opened non-blocking? */
if (_SS_ISNONBLOCK(server->lc_conn.s_flags))
{
/* Yes.. return EAGAIN */
return -EAGAIN;
}
/* Otherwise, listen for a connection and try again. */
ret = local_waitlisten(server);
if (ret < 0)
{
return ret;
}
}
}