Date: Fri, 10 Nov 2023 03:01:13 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 275002] if_wg: Missing failure check for m_copyback() Message-ID: <bug-275002-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D275002 Bug ID: 275002 Summary: if_wg: Missing failure check for m_copyback() Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: aly@aaronly.me Well, the m_copyback() may need to allocate new mbufs in order to hold the data, so the allocation may fail because it uses the 'M_NOWAIT' flag and doesn't provided any parameter to use the 'M_WAITOK' flag for allocation. = (For the reference, OpenBSD extended m_copyback() to have the extra 'how' parame= ter for this purpose.) As a consequence, the caller should check the resulting packet length for m_copyback() failure. Below is the patch to 'if_wg.c' function 'wg_send_buf()', please review. --- if_wg.c.orig 2023-10-12 09:06:16.983637264 +0800 +++ if_wg.c 2023-10-21 15:29:47.928807521 +0800 @@ -911,6 +911,11 @@ retry: goto out; } m_copyback(m, 0, len, buf); + if (m->m_pkthdr.len !=3D len) { + m_freem(m); + ret =3D ENOMEM; + goto out; + } if (ret =3D=3D 0) { ret =3D wg_send(sc, e, m); --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-275002-227>