Re: [edk2] [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak

Thu, 07 Dec 2017 04:23:44 -0800 

Hi Siyuan and Jiaxin,
Thanks for your review; shall I generate a formal patch and post it again, as well as making some commit message refinement? 

Regards,


Gary (Heyi Guo)


在 12/7/2017 3:01 PM, Wu, Jiaxin 写道:

It's is good to me.

Reviewed-by: Jiaxin Wu <jiaxin...@intel.com>

Thanks,
Jiaxin



-----Original Message-----
From: Heyi Guo [mailto:heyi....@linaro.org]
Sent: Thursday, December 7, 2017 10:22 AM
To: linaro-u...@lists.linaro.org; edk2-devel@lists.01.org
Cc: Heyi Guo <heyi....@linaro.org>; Junbiao Hong
<hongjunb...@huawei.com>; Zeng, Star <star.z...@intel.com>; Dong, Eric
<eric.d...@intel.com>; Ni, Ruiyu <ruiyu...@intel.com>; Fu, Siyuan
<siyuan...@intel.com>; Wu, Jiaxin <jiaxin...@intel.com>
Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak

When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
function, and then call Ip4Output. However, if Ip4Output gets some
error and exits early, e.g. fails to find the route entry, memory
buffer of "Data" gets no chance to be freed and memory leak will be
caused. If there is such an attacker in the network, we will see UEFI
runs out of memory and system hangs.

Network stack code is so complicated that this is just a RFC to fix
this issue. Please provide your comments about this.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Junbiao Hong <hongjunb...@huawei.com>
Signed-off-by: Heyi Guo <heyi....@linaro.org>
Cc: Star Zeng <star.z...@intel.com>
Cc: Eric Dong <eric.d...@intel.com>
Cc: Ruiyu Ni <ruiyu...@intel.com>
Cc: Siyuan Fu <siyuan...@intel.com>
Cc: Jiaxin Wu <jiaxin...@intel.com>
---
  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
  1 file changed, 3 insertions(+)

diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
index b4b0864..ed6bdbe 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
@@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
               Ip4SysPacketSent,
               NULL
               );
+  if (EFI_ERROR (Status)) {
+    NetbufFree (Data);
+  }

  ON_EXIT:
    NetbufFree (Packet);
--
2.7.4


_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel






















					Reply via email to