git: 01eb635d1295 - main - tcp: improve mbuf handling when processing SYN segments
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 30 Sep 2024 18:03:05 UTC
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=01eb635d12953e24ee5fae69692c28e4aab4f0f6 commit 01eb635d12953e24ee5fae69692c28e4aab4f0f6 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2024-09-30 18:00:04 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2024-09-30 18:00:04 +0000 tcp: improve mbuf handling when processing SYN segments When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero, an mbuf would be leaked when processing a SYN-segment containing an IPv4 strict or loose source routing option, when the on-stack syncache entry is used or there is an error related to processing TCP MD5 options. Fix this by freeing the mbuf whenever an error occurred or the on-stack syncache entry is used. Reviewed by: markj, rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46839 --- sys/netinet/tcp_syncache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 04a964cf40cc..cb175d07c4d2 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1604,8 +1604,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, ("%s: bucket unexpectedly unlocked", __func__)); SCH_UNLOCK(sch); - if (ipopts) - (void)m_free(ipopts); goto done; } } @@ -1775,6 +1773,8 @@ tfo_expanded: #ifdef MAC mac_syncache_destroy(&maclabel); #endif + if (ipopts) + (void)m_free(ipopts); } return (rv); }