Re: OpenBSD 6.1: mbuf leak after receiving icmp/ip-Messages with IP-Options

Alexander Bluhm Mon, 22 May 2017 06:55:20 -0700

On Mon, May 22, 2017 at 11:33:08AM +0000, Gerlach, Hendrik wrote:
>       A possible fix maybe would calling m_free(opts) (if opts != NULL) after 
> calling icmp_send()


As the options are not allocated in icmp_send() I think it is better
to free them in icmp_input_if() after a successful call to
icmp_reflect().

ok?

bluhm

Index: netinet/ip_icmp.c
===================================================================
RCS file: /data/mirror/openbsd/cvs/src/sys/netinet/ip_icmp.c,v
retrieving revision 1.167
diff -u -p -r1.167 ip_icmp.c
--- netinet/ip_icmp.c   4 May 2017 17:58:46 -0000       1.167
+++ netinet/ip_icmp.c   22 May 2017 13:25:37 -0000
@@ -591,8 +591,10 @@ reflect:
 
                icmpstat_inc(icps_reflect);
                icmpstat_inc(icps_outhist + icp->icmp_type);
-               if (!icmp_reflect(m, &opts, NULL))
+               if (!icmp_reflect(m, &opts, NULL)) {
                        icmp_send(m, opts);
+                       m_free(opts);
+               }
                return IPPROTO_DONE;
 
        case ICMP_REDIRECT:

Re: OpenBSD 6.1: mbuf leak after receiving icmp/ip-Messages with IP-Options

Reply via email to