Crash_Override/OVMS3-idf
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity

httpd_sess_close: Check for session validity before closing

Browse source 
If httpd_sess_trigger_close() gets called twice for the same socket,
the first httpd_sess_close() cb closes the correct socket, but the second
invocation closes the wrong socket which was just accepted and added to
the socket db. Checking for the lru counter will help identify this as the
counter is set only for requests actually served.
This commit is contained in:
Piyush Shah 2019-08-06 19:30:58 +05:30 committed by bot
parent dbf2c3d480
commit 4ee065df79
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
components/esp_http_server/src/httpd_sess.c
View file

@ -378,6 +378,10 @@ static void httpd_sess_close(void *arg)
{ {
struct sock_db *sock_db = (struct sock_db *)arg; struct sock_db *sock_db = (struct sock_db *)arg;
if (sock_db) { if (sock_db) {
if (sock_db->lru_counter == 0) {
ESP_LOGD(TAG, "Skipping session close for %d as it seems to be a race condition", sock_db->fd);
return;
}
int fd = sock_db->fd; int fd = sock_db->fd;
struct httpd_data *hd = (struct httpd_data *) sock_db->handle; struct httpd_data *hd = (struct httpd_data *) sock_db->handle;
httpd_sess_delete(hd, fd); httpd_sess_delete(hd, fd);