From owner-freebsd-net@FreeBSD.ORG  Mon Nov  7 14:23:21 2011
Return-Path: <owner-freebsd-net@FreeBSD.ORG>
Delivered-To: freebsd-net@FreeBSD.org
Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34])
	by hub.freebsd.org (Postfix) with ESMTP id C4894106567C
	for <freebsd-net@FreeBSD.org>; Mon,  7 Nov 2011 14:23:21 +0000 (UTC)
	(envelope-from glebius@FreeBSD.org)
Received: from cell.glebius.int.ru (glebius.int.ru [81.19.64.117])
	by mx1.freebsd.org (Postfix) with ESMTP id 439EB8FC23
	for <freebsd-net@FreeBSD.org>; Mon,  7 Nov 2011 14:23:21 +0000 (UTC)
Received: from cell.glebius.int.ru (localhost [127.0.0.1])
	by cell.glebius.int.ru (8.14.5/8.14.5) with ESMTP id pA7ENKsw013542;
	Mon, 7 Nov 2011 18:23:20 +0400 (MSK)
	(envelope-from glebius@FreeBSD.org)
Received: (from glebius@localhost)
	by cell.glebius.int.ru (8.14.5/8.14.5/Submit) id pA7ENJu1013541;
	Mon, 7 Nov 2011 18:23:19 +0400 (MSK)
	(envelope-from glebius@FreeBSD.org)
X-Authentication-Warning: cell.glebius.int.ru: glebius set sender to
	glebius@FreeBSD.org using -f
Date: Mon, 7 Nov 2011 18:23:19 +0400
From: Gleb Smirnoff <glebius@FreeBSD.org>
To: Kristof Provost <kristof@sigsegv.be>
Message-ID: <20111107142319.GK71907@FreeBSD.org>
References: <CALg+rhV-PcA2BJ2KcMd8KrHWN+rzpLu4QTC6aZL6UbUX23ebkA@mail.gmail.com>
	<20111103120752.GG9553@thebe.jupiter.sigsegv.be>
MIME-Version: 1.0
Content-Type: text/plain; charset=koi8-r
Content-Disposition: inline
In-Reply-To: <20111103120752.GG9553@thebe.jupiter.sigsegv.be>
User-Agent: Mutt/1.5.21 (2010-09-15)
Cc: freebsd-net@FreeBSD.org, prabhakar lakhera <prabhakar.lakhera@gmail.com>
Subject: Re: mbuf leak in icmp6 code??
X-BeenThere: freebsd-net@freebsd.org
X-Mailman-Version: 2.1.5
Precedence: list
List-Id: Networking and TCP/IP with FreeBSD <freebsd-net.freebsd.org>
List-Unsubscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=unsubscribe>
List-Archive: <http://lists.freebsd.org/pipermail/freebsd-net>
List-Post: <mailto:freebsd-net@freebsd.org>
List-Help: <mailto:freebsd-net-request@freebsd.org?subject=help>
List-Subscribe: <http://lists.freebsd.org/mailman/listinfo/freebsd-net>,
	<mailto:freebsd-net-request@freebsd.org?subject=subscribe>
X-List-Received-Date: Mon, 07 Nov 2011 14:23:21 -0000

  Kristof,

On Thu, Nov 03, 2011 at 01:07:52PM +0100, Kristof Provost wrote:
K> > For example:
K> > 
K> > icmp6_input calls icmp6_redirect_input and right after it returns it
K> > makes m=NULL. Inside icmp6_redirect_input there are checks for ifp and
K> > for the message being short (which probably don't get exercised that
K> > often (or at all?)) and for these checks simply return. Looks to be
K> > mbuf leak. In other icmp6 functions also we have similar instances.
K> 
K> The checks for m and ifp should probably be asserts, rather than just
K> returns. I think they are always supposed to be true.

I've checked all callers, and it looks like m and m->pkthdr.rcvif
can be safely asserted. I've committed that change.

-- 
Totus tuus, Glebius.