svn commit: r362840 - head/sys/netinet
Mark Johnston
markj at FreeBSD.org
Wed Jul 1 15:42:49 UTC 2020
Author: markj
Date: Wed Jul 1 15:42:48 2020
New Revision: 362840
URL: https://svnweb.freebsd.org/changeset/base/362840
Log:
Fix a possible next-hop refcount leak when handling IPSec traffic.
It may be possible to fix this by deferring the lookup, but let's
keep the initial change simple to make MFCs easier.
PR: 246951
Reviewed by: melifaro
MFC after: 1 week
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D25519
Modified:
head/sys/netinet/ip_input.c
Modified: head/sys/netinet/ip_input.c
==============================================================================
--- head/sys/netinet/ip_input.c Wed Jul 1 15:30:27 2020 (r362839)
+++ head/sys/netinet/ip_input.c Wed Jul 1 15:42:48 2020 (r362840)
@@ -1028,6 +1028,7 @@ ip_forward(struct mbuf *m, int srcrt)
if (IPSEC_ENABLED(ipv4)) {
if ((error = IPSEC_FORWARD(ipv4, m)) != 0) {
/* mbuf consumed by IPsec */
+ RO_NHFREE(&ro);
m_freem(mcopy);
if (error != EINPROGRESS)
IPSTAT_INC(ips_cantforward);
More information about the svn-src-all
mailing list