mbuf leak in icmp6 code??
Kristof Provost
kristof at sigsegv.be
Thu Nov 3 12:07:55 UTC 2011
On 2011-11-01 14:27:13 (-0700), prabhakar lakhera <prabhakar.lakhera at gmail.com> wrote:
> In FreeBSD icmp6 code I see function where we are either going to
> freeit where passed mbuf is freed or we are simply returning.
> For example:
>
> icmp6_input calls icmp6_redirect_input and right after it returns it
> makes m=NULL. Inside icmp6_redirect_input there are checks for ifp and
> for the message being short (which probably don't get exercised that
> often (or at all?)) and for these checks simply return. Looks to be
> mbuf leak. In other icmp6 functions also we have similar instances.
The checks for m and ifp should probably be asserts, rather than just
returns. I think they are always supposed to be true.
You do have a point with the message length check, but that's only true
if PULLDOWN_TEST is set. IP_EXTHDR_CHECK does free the mbuf is the message
is too short.
Regards,
Kristof
More information about the freebsd-net
mailing list