ng_bridge(4) has an easily exploitable memory leak
Ruslan Ermilov
ru at FreeBSD.org
Fri Apr 30 02:30:50 PDT 2004
On Thu, Apr 08, 2004 at 09:21:39AM -0500, Archie Cobbs wrote:
> Ruslan Ermilov wrote:
> > > > On RELENG_4, ng_bridge(4) has an easily exploitable memory leak,
> > > > and may quickly run system out of mbufs. It's enough to just
> > > > have only one link connected to the bridge, e.g., the "upper"
> > > > hook of the ng_ether(4) with IP address assigned, and pinging
> > > > the broadcast IP address on the interface. The bug is more
> > > > real when constructing a bridge, or, like we experienced it,
> > > > by shutting down all except one bridge's link. The following
> > > > patch fixes it:
> > > >
> > [snipped]
> >
> > > > An alternate solution is to MFC most of ng_bridge.c,v 1.8. Julian?
> > >
> > > what does an MFC diff look like?
> > > (bridge is one of archies's nodes)
>
> I'd just like to add a personal note... "Oops!"
>
OK, I've committed my patch now, after testing it locally.
Cheers,
--
Ruslan Ermilov
ru at FreeBSD.org
FreeBSD committer
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: application/pgp-signature
Size: 187 bytes
Desc: not available
Url : http://lists.freebsd.org/pipermail/freebsd-stable/attachments/20040430/781e5e0b/attachment.bin
More information about the freebsd-stable
mailing list