Guard SYN enqueue state transitions

danielinux · danielinux · commit a82e5624b0c0 · 2026-03-31T11:35:42.000+02:00
F/1777
diff --git a/src/test/unit/unit.c b/src/test/unit/unit.c
@@ -253,6 +253,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_utils, test_sock_connect_tcp_filter_drop);
     tcase_add_test(tc_utils, test_sock_connect_tcp_src_port_low);
     tcase_add_test(tc_utils, test_sock_connect_tcp_initial_seq_randomized);
+    tcase_add_test(tc_utils, test_sock_connect_tcp_txbuf_full_does_not_enter_syn_sent);
     tcase_add_test(tc_utils, test_sock_sendto_more_error_paths);
     tcase_add_test(tc_utils, test_sock_sendto_udp_no_dest);
     tcase_add_test(tc_utils, test_sock_sendto_udp_sets_dest_and_assigns);
@@ -286,6 +287,7 @@ Suite *wolf_suite(void)
     tcase_add_test(tc_utils, test_sock_recvfrom_udp_payload_too_long);
     tcase_add_test(tc_utils, test_sock_recvfrom_icmp_payload_too_long);
     tcase_add_test(tc_utils, test_sock_accept_success);
+    tcase_add_test(tc_utils, test_sock_accept_synack_rto_txbuf_full_does_not_consume_retry);
     tcase_add_test(tc_utils, test_sock_accept_ack_with_payload_completes_handshake);
     tcase_add_test(tc_utils, test_sock_accept_ack_at_snd_nxt_completes_handshake);
     tcase_add_test(tc_utils, test_sock_accept_ack_psh_with_payload_completes_handshake);
diff --git a/src/test/unit/unit_tests_api.c b/src/test/unit/unit_tests_api.c
@@ -1937,6 +1937,38 @@ START_TEST(test_sock_connect_tcp_local_ip_from_primary)
 }
 END_TEST
 
+START_TEST(test_sock_connect_tcp_txbuf_full_does_not_enter_syn_sent)
+{
+    struct wolfIP s;
+    int tcp_sd;
+    struct tsocket *ts;
+    struct wolfIP_sockaddr_in sin;
+    uint8_t tiny_txbuf[32];
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
+
+    tcp_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_STREAM, WI_IPPROTO_TCP);
+    ck_assert_int_gt(tcp_sd, 0);
+    ts = &s.tcpsockets[SOCKET_UNMARK(tcp_sd)];
+    ts->sock.tcp.state = TCP_CLOSED;
+    fifo_init(&ts->sock.tcp.txbuf, tiny_txbuf, sizeof(tiny_txbuf));
+
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    sin.sin_port = ee16(80);
+    sin.sin_addr.s_addr = ee32(0x0A000002U);
+
+    ck_assert_int_eq(wolfIP_sock_connect(&s, tcp_sd, (struct wolfIP_sockaddr *)&sin, sizeof(sin)),
+            -WOLFIP_EAGAIN);
+    ck_assert_int_eq(ts->sock.tcp.state, TCP_CLOSED);
+    ck_assert_uint_eq(ts->sock.tcp.ctrl_rto_active, 0);
+    ck_assert_int_eq(ts->sock.tcp.tmr_rto, NO_TIMER);
+    ck_assert_ptr_null(fifo_peek(&ts->sock.tcp.txbuf));
+}
+END_TEST
+
 START_TEST(test_sock_connect_tcp_primary_ip_fallback)
 {
     struct wolfIP s;
@@ -2413,6 +2445,48 @@ START_TEST(test_sock_accept_clones_half_open_state_and_queues_synack)
 }
 END_TEST
 
+START_TEST(test_sock_accept_synack_rto_txbuf_full_does_not_consume_retry)
+{
+    struct wolfIP s;
+    int listen_sd;
+    int client_sd;
+    struct tsocket *accepted;
+    struct wolfIP_sockaddr_in sin;
+    uint8_t tiny_txbuf[32];
+
+    wolfIP_init(&s);
+    mock_link_init(&s);
+    wolfIP_ipconfig_set(&s, 0x0A000001U, 0xFFFFFF00U, 0);
+
+    listen_sd = wolfIP_sock_socket(&s, AF_INET, IPSTACK_SOCK_STREAM, WI_IPPROTO_TCP);
+    ck_assert_int_gt(listen_sd, 0);
+    memset(&sin, 0, sizeof(sin));
+    sin.sin_family = AF_INET;
+    sin.sin_port = ee16(1234);
+    sin.sin_addr.s_addr = ee32(0x0A000001U);
+    ck_assert_int_eq(wolfIP_sock_bind(&s, listen_sd, (struct wolfIP_sockaddr *)&sin, sizeof(sin)), 0);
+    ck_assert_int_eq(wolfIP_sock_listen(&s, listen_sd, 1), 0);
+
+    inject_tcp_syn(&s, TEST_PRIMARY_IF, 0x0A000001U, 1234);
+    client_sd = wolfIP_sock_accept(&s, listen_sd, NULL, NULL);
+    ck_assert_int_gt(client_sd, 0);
+
+    accepted = &s.tcpsockets[SOCKET_UNMARK(client_sd)];
+    ck_assert_int_eq(accepted->sock.tcp.state, TCP_SYN_RCVD);
+
+    fifo_init(&accepted->sock.tcp.txbuf, tiny_txbuf, sizeof(tiny_txbuf));
+    accepted->sock.tcp.ctrl_rto_retries = 0;
+    s.last_tick = 10000;
+
+    tcp_rto_cb(accepted);
+
+    ck_assert_uint_eq(accepted->sock.tcp.ctrl_rto_retries, 0);
+    ck_assert_uint_eq(accepted->sock.tcp.ctrl_rto_active, 1);
+    ck_assert_int_ne(accepted->sock.tcp.tmr_rto, NO_TIMER);
+    ck_assert_ptr_null(fifo_peek(&accepted->sock.tcp.txbuf));
+}
+END_TEST
+
 START_TEST(test_sock_accept_synack_retransmission)
 {
     struct wolfIP s;
diff --git a/src/wolfip.c b/src/wolfip.c
@@ -2648,7 +2648,7 @@ static void tcp_send_finack(struct tsocket *t)
     t->sock.tcp.last = t->sock.tcp.seq;
 }
 
-static void tcp_send_syn(struct tsocket *t, uint8_t flags)
+static int tcp_send_syn(struct tsocket *t, uint8_t flags)
 {
     struct wolfIP_tcp_seg *tcp;
     struct tcp_opt_ts *ts;
@@ -2731,7 +2731,7 @@ static void tcp_send_syn(struct tsocket *t, uint8_t flags)
         opt_len++;
     }
     tcp->hlen = ((20 + opt_len) << 2) & 0xF0;
-    fifo_push(&t->sock.tcp.txbuf, tcp, sizeof(struct wolfIP_tcp_seg) + opt_len);
+    return fifo_push(&t->sock.tcp.txbuf, tcp, sizeof(struct wolfIP_tcp_seg) + opt_len);
 }
 
 /* Returns true when handshake/teardown control traffic is outstanding and
@@ -4169,16 +4169,24 @@ static void tcp_rto_cb(void *arg)
             close_socket(ts);
             return;
         }
-        ts->sock.tcp.ctrl_rto_retries++;
-        if (ts->sock.tcp.state == TCP_SYN_SENT) {
-            tcp_send_syn(ts, TCP_FLAG_SYN);
-        } else if (ts->sock.tcp.state == TCP_SYN_RCVD) {
-            tcp_send_syn(ts, TCP_FLAG_SYN | TCP_FLAG_ACK);
-        } else if (ts->sock.tcp.state == TCP_FIN_WAIT_1 || ts->sock.tcp.state == TCP_LAST_ACK) {
-            tcp_send_finack(ts);
+        {
+            int queued = 0;
+
+            if (ts->sock.tcp.state == TCP_SYN_SENT) {
+                queued = (tcp_send_syn(ts, TCP_FLAG_SYN) == 0);
+            } else if (ts->sock.tcp.state == TCP_SYN_RCVD) {
+                queued = (tcp_send_syn(ts, TCP_FLAG_SYN | TCP_FLAG_ACK) == 0);
+            } else if (ts->sock.tcp.state == TCP_FIN_WAIT_1 || ts->sock.tcp.state == TCP_LAST_ACK) {
+                ts->sock.tcp.ctrl_rto_retries++;
+                tcp_send_finack(ts);
+                tcp_ctrl_rto_start(ts, ts->S->last_tick);
+                return;
+            }
+            if (queued)
+                ts->sock.tcp.ctrl_rto_retries++;
+            tcp_ctrl_rto_start(ts, ts->S->last_tick);
+            return;
         }
-        tcp_ctrl_rto_start(ts, ts->S->last_tick);
-        return;
     }
     if (ts->sock.tcp.state != TCP_ESTABLISHED &&
             ts->sock.tcp.state != TCP_FIN_WAIT_1)
@@ -4548,7 +4556,10 @@ int wolfIP_sock_connect(struct wolfIP *s, int sockfd, const struct wolfIP_sockad
             return -1;
         }
         ts->sock.tcp.ctrl_rto_retries = 0;
-        tcp_send_syn(ts, TCP_FLAG_SYN);
+        if (tcp_send_syn(ts, TCP_FLAG_SYN) < 0) {
+            ts->sock.tcp.state = TCP_CLOSED;
+            return -WOLFIP_EAGAIN;
+        }
         tcp_ctrl_rto_start(ts, s->last_tick);
         return -WOLFIP_EAGAIN;
     }
@@ -4581,7 +4592,6 @@ int wolfIP_sock_accept(struct wolfIP *s, int sockfd, struct wolfIP_sockaddr *add
             newts = tcp_new_socket(s);
             if (!newts)
                 return -1;
-            ts->events &= ~CB_EVENT_READABLE;
             /* Don't signal writable until connection fully established */
             newts->events &= ~CB_EVENT_WRITABLE;
             newts->callback = ts->callback;
@@ -4616,7 +4626,11 @@ int wolfIP_sock_accept(struct wolfIP *s, int sockfd, struct wolfIP_sockaddr *add
              * the caller could still close the listening socket
              * while we're still accepting.
              */
-            tcp_send_syn(newts, TCP_FLAG_SYN | TCP_FLAG_ACK);
+            if (tcp_send_syn(newts, TCP_FLAG_SYN | TCP_FLAG_ACK) < 0) {
+                close_socket(newts);
+                return -WOLFIP_EAGAIN;
+            }
+            ts->events &= ~CB_EVENT_READABLE;
             newts->sock.tcp.seq++;
             newts->sock.tcp.ctrl_rto_retries = 0;
             tcp_ctrl_rto_start(newts, s->last_tick);
