git: 67e469299821 - stable/14 - tcp: improve mbuf handling when processing SYN segments
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 31 Oct 2024 13:57:43 UTC
The branch stable/14 has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=67e469299821c9b02b26e1b379f2b1754fee536c commit 67e469299821c9b02b26e1b379f2b1754fee536c Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2024-09-30 18:00:04 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2024-10-31 11:36:12 +0000 tcp: improve mbuf handling when processing SYN segments When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero, an mbuf would be leaked when processing a SYN-segment containing an IPv4 strict or loose source routing option, when the on-stack syncache entry is used or there is an error related to processing TCP MD5 options. Fix this by freeing the mbuf whenever an error occurred or the on-stack syncache entry is used. Reviewed by: markj, rscheff Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46839 (cherry picked from commit 01eb635d12953e24ee5fae69692c28e4aab4f0f6) --- sys/netinet/tcp_syncache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index c0c571fb76c2..6d171b2b7ea6 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1614,8 +1614,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, ("%s: bucket unexpectedly unlocked", __func__)); SCH_UNLOCK(sch); - if (ipopts) - (void)m_free(ipopts); goto done; } } @@ -1785,6 +1783,8 @@ tfo_expanded: #ifdef MAC mac_syncache_destroy(&maclabel); #endif + if (ipopts) + (void)m_free(ipopts); } return (rv); }