Date: Wed, 1 Jul 2020 15:42:49 +0000 (UTC) From: Mark Johnston <markj@FreeBSD.org> To: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-head@freebsd.org Subject: svn commit: r362840 - head/sys/netinet Message-ID: <202007011542.061FgnbC002926@repo.freebsd.org>
next in thread | raw e-mail | index | archive | help
Author: markj Date: Wed Jul 1 15:42:48 2020 New Revision: 362840 URL: https://svnweb.freebsd.org/changeset/base/362840 Log: Fix a possible next-hop refcount leak when handling IPSec traffic. It may be possible to fix this by deferring the lookup, but let's keep the initial change simple to make MFCs easier. PR: 246951 Reviewed by: melifaro MFC after: 1 week Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D25519 Modified: head/sys/netinet/ip_input.c Modified: head/sys/netinet/ip_input.c ============================================================================== --- head/sys/netinet/ip_input.c Wed Jul 1 15:30:27 2020 (r362839) +++ head/sys/netinet/ip_input.c Wed Jul 1 15:42:48 2020 (r362840) @@ -1028,6 +1028,7 @@ ip_forward(struct mbuf *m, int srcrt) if (IPSEC_ENABLED(ipv4)) { if ((error = IPSEC_FORWARD(ipv4, m)) != 0) { /* mbuf consumed by IPsec */ + RO_NHFREE(&ro); m_freem(mcopy); if (error != EINPROGRESS) IPSTAT_INC(ips_cantforward);
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202007011542.061FgnbC002926>