git: 166bc357c6a4 - stable/13 - routing: plug mbuf leak for the packets hitting IPv6 blackhole route
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 22 Jan 2024 18:22:46 UTC
The branch stable/13 has been updated by glebius:
URL: https://cgit.FreeBSD.org/src/commit/?id=166bc357c6a4813e7c03ecaea54d7ef6508e7132
commit 166bc357c6a4813e7c03ecaea54d7ef6508e7132
Author: Alexander V. Chernikov <melifaro@FreeBSD.org>
AuthorDate: 2023-05-17 09:06:04 +0000
Commit: Gleb Smirnoff <glebius@FreeBSD.org>
CommitDate: 2024-01-22 18:21:34 +0000
routing: plug mbuf leak for the packets hitting IPv6 blackhole route
Reported by: Dmitriy Smirnov <fox@sage.su>
Tested by: Dmitriy Smirnov <fox@sage.su>
MFC after: 1 day
(cherry picked from commit b50e1465e88dcf5f6f008892d802df010e7029d1)
---
sys/netinet6/ip6_forward.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index 7415c72d9aea..8c5748533a77 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -196,9 +196,12 @@ again:
if (nh->nh_flags & (NHF_BLACKHOLE | NHF_REJECT)) {
IP6STAT_INC(ip6s_cantforward);
- if ((nh->nh_flags & NHF_REJECT) && (mcopy != NULL)) {
- icmp6_error(mcopy, ICMP6_DST_UNREACH,
- ICMP6_DST_UNREACH_REJECT, 0);
+ if (mcopy != NULL) {
+ if (nh->nh_flags & NHF_REJECT) {
+ icmp6_error(mcopy, ICMP6_DST_UNREACH,
+ ICMP6_DST_UNREACH_REJECT, 0);
+ } else
+ m_freem(mcopy);
}
goto bad;
}