VirtualBox

Changeset 14577 in vbox for trunk/src


Ignore:
Timestamp:
Nov 25, 2008 3:12:54 PM (16 years ago)
Author:
vboxsync
Message:

slirp: attempt to fix memory corruption

File:
1 edited

Legend:

Unmodified
Added
Removed
  • trunk/src/VBox/Devices/Network/slirp/tcp_input.c

    r14476 r14577  
    422422        u_long tiwin;
    423423/*      int ts_present = 0; */
    424         int mbuf_freed = 0;
    425424
    426425        DEBUG_CALL("tcp_input");
     
    14811480
    14821481        /*
     1482         * If this is a small packet, then ACK now - with Nagel
     1483         *      congestion avoidance sender won't send more until
     1484         *      he gets an ACK.
     1485         *
     1486         * See above.
     1487         */
     1488        if (ti->ti_len && (unsigned)ti->ti_len <= 5 &&
     1489            ((struct tcpiphdr_2 *)ti)->first_char == (char)27) {
     1490                tp->t_flags |= TF_ACKNOW;
     1491        }
     1492
     1493        /*
    14831494         * Process the segment text, merging it into the TCP sequencing queue,
    14841495         * and arranging for acknowledgment of receipt if necessary.
     
    15181529                len = so->so_rcv.sb_datalen - (tp->rcv_adv - tp->rcv_nxt);
    15191530        } else {
    1520                 mbuf_freed = 1; /* The mbuf must be freed, but only when its content is not needed anymore. */
     1531                m_free(pData, m);
    15211532                tiflags &= ~TH_FIN;
    15221533        }
     
    15861597        }
    15871598
    1588         /*
    1589          * If this is a small packet, then ACK now - with Nagel
    1590          *      congestion avoidance sender won't send more until
    1591          *      he gets an ACK.
    1592          *
    1593          * See above.
    1594          */
    1595 /*      if (ti->ti_len && (unsigned)ti->ti_len < tp->t_maxseg) {
    1596  */
    1597 /*      if ((ti->ti_len && (unsigned)ti->ti_len < tp->t_maxseg &&
    1598  *              (so->so_iptos & IPTOS_LOWDELAY) == 0) ||
    1599  *             ((so->so_iptos & IPTOS_LOWDELAY) &&
    1600  *             ((struct tcpiphdr_2 *)ti)->first_char == (char)27)) {
    1601  */
    1602         if (ti->ti_len && (unsigned)ti->ti_len <= 5 &&
    1603             ((struct tcpiphdr_2 *)ti)->first_char == (char)27) {
    1604                 tp->t_flags |= TF_ACKNOW;
    1605         }
    1606 
    1607         if (mbuf_freed) {
    1608                 m_free(pData, m);
    1609         }
    16101599        /*
    16111600         * Return any desired output.
Note: See TracChangeset for help on using the changeset viewer.

© 2024 Oracle Support Privacy / Do Not Sell My Info Terms of Use Trademark Policy Automated Access Etiquette