1From c5db70bef7f1ac6627b278fdf06be57bce0ef00b Mon Sep 17 00:00:00 2001 2From: wuchangsheng <wuchangsheng2@huawei.com> 3Date: Thu, 19 Aug 2021 14:53:14 +0800 4Subject: [PATCH] fix event.data.ptr double free due to socket don't free in 5lwip_close 6 7--- 8src/api/sockets.c | 10 ++++++---- 91 file changed, 6 insertions(+), 4 deletions(-) 10 11diff --git a/src/api/sockets.c b/src/api/sockets.c 12index 7ce9378..ac4cccb 100644 13--- a/src/api/sockets.c 14+++ b/src/api/sockets.c 15@@ -963,18 +963,20 @@ lwip_close(int s) 16 struct lwip_sock *sock; 17 int is_tcp = 0; 18 err_t err; 19+ int ret = 0; 20 21 LWIP_DEBUGF(SOCKETS_DEBUG, ("lwip_close(%d)\n", s)); 22 23 #if USE_LIBOS 24- int ret; 25 if (posix_api->is_epfd(s)) { 26 return posix_api->epoll_close_fn(s); 27 } 28 29+ /* No matter what the result of close, lwip_sock resources should release 30+ * to prevent the potential double freee problem caused by reporting events after the close */ 31 ret = posix_api->close_fn(s); 32- if (ret < 0) 33- return ret; 34+ if ((ret < 0) && (errno == EINTR)) 35+ ret = posix_api->close_fn(s); 36 if (posix_api->is_chld == 0) 37 clean_host_fd(s); 38 39@@ -1014,7 +1016,7 @@ lwip_close(int s) 40 41 free_socket(sock, is_tcp); 42 set_errno(0); 43- return 0; 44+ return ret; 45 } 46 47 int 48-- 492.23.0 50