Date: Mon, 30 Sep 2024 18:03:05 GMT From: Michael Tuexen <tuexen@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 01eb635d1295 - main - tcp: improve mbuf handling when processing SYN segments Message-ID: <202409301803.48UI35ii082489@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by tuexen: URL: https://cgit.FreeBSD.org/src/commit/?id=01eb635d12953e24ee5fae69692c28e4aab4f0f6 commit 01eb635d12953e24ee5fae69692c28e4aab4f0f6 Author: Michael Tuexen <tuexen@FreeBSD.org> AuthorDate: 2024-09-30 18:00:04 +0000 Commit: Michael Tuexen <tuexen@FreeBSD.org> CommitDate: 2024-09-30 18:00:04 +0000 tcp: improve mbuf handling when processing SYN segments When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero, an mbuf would be leaked when processing a SYN-segment containing an IPv4 strict or loose source routing option, when the on-stack syncache entry is used or there is an error related to processing TCP MD5 options. Fix this by freeing the mbuf whenever an error occurred or the on-stack syncache entry is used. Reviewed by: markj, rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46839 --- sys/netinet/tcp_syncache.c | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c index 04a964cf40cc..cb175d07c4d2 100644 --- a/sys/netinet/tcp_syncache.c +++ b/sys/netinet/tcp_syncache.c @@ -1604,8 +1604,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th, ("%s: bucket unexpectedly unlocked", __func__)); SCH_UNLOCK(sch); - if (ipopts) - (void)m_free(ipopts); goto done; } } @@ -1775,6 +1773,8 @@ tfo_expanded: #ifdef MAC mac_syncache_destroy(&maclabel); #endif + if (ipopts) + (void)m_free(ipopts); } return (rv); }
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202409301803.48UI35ii082489>