Date: Thu, 8 Apr 2004 22:44:08 +0300 From: Ruslan Ermilov <ru@freebsd.org> To: Julian Elischer <julian@elischer.org> Cc: Julian Elischer <julian@freebsd.org> Subject: Re: ng_bridge(4) has an easily exploitable memory leak Message-ID: <20040408194408.GB1919@ip.net.ua> In-Reply-To: <Pine.BSF.4.21.0404081053540.63085-100000@InterJet.elischer.org> References: <20040408100929.GD16290@ip.net.ua> <Pine.BSF.4.21.0404081053540.63085-100000@InterJet.elischer.org>
next in thread | previous in thread | raw e-mail | index | archive | help
[-- Attachment #1 --]
On Thu, Apr 08, 2004 at 11:42:21AM -0700, Julian Elischer wrote:
> looks good but:
>
> + if (destLink == firstLink) {
> + /*
> + * If we've sent all the others, send the
> original
> + * on the first link we found.
> + */
> + NG_SEND_DATA(error, destLink->hook, m, meta);
> + break; /* always done last - not really
> needed. */
> + } else {
> + NG_SEND_DATA(error, destLink->hook, m2, meta2);
> + }
>
>
> couldn't this be avoided by previously doing:
>
>
> + if (linkNum == priv->numLinks) {
> + /* If we never saw a good link, leave. */
> + if (firstLink == NULL) {
> + NG_FREE_DATA(m, meta);
> + return (0);
> + }
> + destLink = firstLink;
> ---> m2 = m;
> ---> meta2 = meta;
> ---> m=NULL;
> ---> meta=NULL;
> + }
>
>
> I leave it up to you to decide which you prefer, (but remember that
> NG_SEND_DATA is a macro and expads somewhat.
>
> specifically, to (sorry about linewrap):
> #define NG_SEND_DATA(error, hook, m, meta) \
> do {\
> item_p _item; \
> if ((_item = ng_package_data((m), (meta)))) {\
> NG_FWD_ITEM_HOOK(error, _item, hook); \
> } else { \
> (error) = ENOMEM; \
> }\
> (m) = NULL; \
> (meta) = NULL; \
> } while (0)
>
> where NG_FWD_ITEM_HOOK
> itself expands to:
> #define NG_FWD_ITEM_HOOK(error, item, hook) \
> do { \
> (error) = \
> ng_address_hook(NULL, (item), (hook), 0); \
> if (error == 0) { \
> SAVE_LINE(item); \
> (error) = ng_snd_item((item), 0); \
> } \
> (item) = NULL; \
> } while (0)
>
> so only having one of those saves a bit of code.
>
Your proposal of course looks good, but remember I was only doing a
porting of _your_ code for MFC, per your request. My whole purpose
of this posting was to go ask you to please MFC your fix which you
mixed with the SMP-related work on Netgraph in rev. 1.8. ;)
Cheers,
--
Ruslan Ermilov
ru@FreeBSD.org
FreeBSD committer
[-- Attachment #2 --]
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v1.2.4 (FreeBSD)
iD8DBQFAdauIUkv4P6juNwoRApBSAJsGgp/4vzHUgdMDLVijAWgNOo6KkQCcD3/O
st6JKkGv3SqKh9vH3FexnSA=
=tKhi
-----END PGP SIGNATURE-----
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20040408194408.GB1919>