Date: Fri, 14 May 2021 14:19:39 +0000 From: bugzilla-noreply@freebsd.org To: bugs@FreeBSD.org Subject: [Bug 255880] [PATCH] netpfil/ipfw: Fix a double free in pie_enqueue Message-ID: <bug-255880-227@https.bugs.freebsd.org/bugzilla/>
next in thread | raw e-mail | index | archive | help
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=3D255880 Bug ID: 255880 Summary: [PATCH] netpfil/ipfw: Fix a double free in pie_enqueue Product: Base System Version: CURRENT Hardware: Any OS: Any Status: New Severity: Affects Many People Priority: --- Component: kern Assignee: bugs@FreeBSD.org Reporter: lylgood@foxmail.com Created attachment 224943 --> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=3D224943&action= =3Dedit avoid the m been freed again Bug File: sys/netpfil/ipfw/dn_sched_fq_pie.c In function pie_enqueue, m is freed via m_freem() at line 737. But the freed m is freed again via FREE_PKT() at line 751, which is a double free bug. My patch returns the allocation error of m_tag_alloc() after m_freem(m), to avoid the m been freed again. --=20 You are receiving this mail because: You are the assignee for the bug.=
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?bug-255880-227>