https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255874
Bug ID: 255874
Summary: [PATCH] netgraph: Fix a double free in
ng_checksum_rcvdata
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: [email protected]
Reporter: [email protected]
Created attachment 224937
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=224937&action=edit
removes the NG_FREE_M(m) from drop branch.
Bug File: sys/netgraph/ng_checksum.c
In function ng_checksum_rcvdata, it calls checksum_ipv4(priv, m, pullup_len)
and checksum_ipv6(priv, m, pullup_len). Inside these callees, macro
PULLUP_CHECK is called. According the definition of this macro, m could be
freed in m_pullup() and return ENOBUFS.
Then caller ng_checksum_rcvdata accept the ENOBUFS and goto drop branch, where
the freed m is freed again by NG_FREE_M() at line 687.
My patch removes the NG_FREE_M(m) from drop branch.
--
You are receiving this mail because:
You are the assignee for the bug.
_______________________________________________
[email protected] mailing list
https://lists.freebsd.org/mailman/listinfo/freebsd-bugs
To unsubscribe, send any mail to "[email protected]"
