Opened 17 years ago

Closed 17 years ago

Last modified 17 years ago

#166 closed defect (fixed)

libc: three serious __libc_tcpipops_Close4x bugs that might cause process crashes/hangs

Reported by: bird Owned by: bird
Priority: normal Milestone: libc-0.6.3
Component: libc-backend Version: 0.6.2
Severity: major Keywords: tcpip exitlist close
Cc:

Description (last modified by bird)

The tcpip close method in tcpipver.cpp doesn't unlink the socket handle when it should, i.e. when the caller will be freeing it. This may cause corruption, crashes and exitlist hangs (with high cpu load).

When the socket is in use by another process and the close method only remove it from the tcpip32.dll exit list todos, it will set rc to 1 and think it failed. This typically happens when forking or spawning (libc) children. The result of this bug is that the socket which is really close, appears as not closed and we will be attempt closing it again (at exit if not earlier). It may also be incorrectly inherited by children which will confuse them. It may also break assumptions about dup()/open() results like in cupsd.

The tcpip dll was loader after the file handles was bought over to the child process, causing all symbol resolving to fail/crash.

Change History (3)

comment:1 Changed 17 years ago by bird

Description: modified (diff)
Status: newassigned
Summary: libc: two serious __libc_tcpipops_Close4x bugs that might cause process crashes/hangslibc: three serious __libc_tcpipops_Close4x bugs that might cause process crashes/hangs

comment:2 Changed 17 years ago by bird

Resolution: fixed
Status: assignedclosed

(In [3372]) Fixes #166.

comment:3 Changed 17 years ago by bird

Component: baselayoutlibc-backend
Note: See TracTickets for help on using tickets.