Skip to content

security: add option to disable accept event to app layer on PCB allocation failure #78

New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Open
IustinDumitru wants to merge 1 commit into
base: master
Choose a base branch
from
Open

security: add option to disable accept event to app layer on PCB allocation failure #78

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
1 commit
Select commit
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
6 changes: 6 additions & 0 deletions src/core/tcp_in.c
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -664,7 +664,13 @@ tcp_listen_input(struct tcp_pcb_listen *pcb)
err_t err;
LWIP_DEBUGF(TCP_DEBUG, ("tcp_listen_input: could not allocate PCB\n"));
TCP_STATS_INC(tcp.memerr);
#if !DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR
/* Notify application of connection refusal due to memory exhaustion.
* NOTE: Can cause instability during resource exhaustion as the application
* may attempt connection management while the stack is at resource limits.
* Consider enabling DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR if unstable. */
TCP_EVENT_ACCEPT(pcb, NULL, pcb->callback_arg, ERR_MEM, err);
#endif
LWIP_UNUSED_ARG(err); /* err not useful here */
return;
}
Expand Down
20 changes: 20 additions & 0 deletions src/include/lwip/opt.h
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -1471,6 +1471,26 @@
#define TCP_DEFAULT_LISTEN_BACKLOG 0xff
#endif

/**
* DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR: Disable TCP_EVENT_ACCEPT notification
* when PCB allocation fails due to memory exhaustion (MEMP_NUM_TCP_PCB limit reached).
*
* Security/Stability: When enabled (set to 1), prevents the accept event callback from
* being invoked when tcp_alloc() fails to allocate a new PCB for an incoming connection.
* This avoids triggering application-layer logic during critical resource exhaustion,
* which can cause instability as the stack attempts to release and restore connections
* while already operating at resource limits.
*
* The remote peer will simply retransmit the SYN when resources become available.
* Enable this if your application does not handle ERR_MEM in accept callbacks or if
* you experience instability during high connection load.
*
* Default is 0 (accept event is called with ERR_MEM for backward compatibility).
*/
#if !defined DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR || defined __DOXYGEN__
#define DISABLE_TCPIP_EVENT_ACCEPT_AT_MEM_ERR 0
#endif

/**
* TCP_OVERSIZE: The maximum number of bytes that tcp_write may
* allocate ahead of time in an attempt to create shorter pbuf chains
Expand Down