git: 7174ef705c03 - stable/13 - tcp: improve mbuf handling when processing SYN segments
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 31 Oct 2024 16:58:29 UTC
The branch stable/13 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=7174ef705c036b5a47e4d4903f57ddc005465b0c
commit 7174ef705c036b5a47e4d4903f57ddc005465b0c
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-30 18:00:04 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-10-31 16:57:58 +0000
tcp: improve mbuf handling when processing SYN segments
When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero,
an mbuf would be leaked when processing a SYN-segment containing an
IPv4 strict or loose source routing option, when the on-stack
syncache entry is used or there is an error related to processing
TCP MD5 options.
Fix this by freeing the mbuf whenever an error occurred or the
on-stack syncache entry is used.
Reviewed by: markj, rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46839
(cherry picked from commit 01eb635d12953e24ee5fae69692c28e4aab4f0f6)
---
sys/netinet/tcp_syncache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index 4544788e8318..b5b7e90ebefd 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1646,8 +1646,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
("%s: bucket unexpectedly unlocked",
__func__));
SCH_UNLOCK(sch);
- if (ipopts)
- (void)m_free(ipopts);
goto done;
}
}
@@ -1810,6 +1808,8 @@ tfo_expanded:
#ifdef MAC
mac_syncache_destroy(&maclabel);
#endif
+ if (ipopts)
+ (void)m_free(ipopts);
}
return (rv);
}