git: 67e469299821 - stable/14 - tcp: improve mbuf handling when processing SYN segments
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 31 Oct 2024 13:57:43 UTC
The branch stable/14 has been updated by tuexen:
URL: https://cgit.FreeBSD.org/src/commit/?id=67e469299821c9b02b26e1b379f2b1754fee536c
commit 67e469299821c9b02b26e1b379f2b1754fee536c
Author: Michael Tuexen <tuexen@FreeBSD.org>
AuthorDate: 2024-09-30 18:00:04 +0000
Commit: Michael Tuexen <tuexen@FreeBSD.org>
CommitDate: 2024-10-31 11:36:12 +0000
tcp: improve mbuf handling when processing SYN segments
When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero,
an mbuf would be leaked when processing a SYN-segment containing an
IPv4 strict or loose source routing option, when the on-stack
syncache entry is used or there is an error related to processing
TCP MD5 options.
Fix this by freeing the mbuf whenever an error occurred or the
on-stack syncache entry is used.
Reviewed by: markj, rscheff
Sponsored by: Netflix, Inc.
Differential Revision: https://reviews.freebsd.org/D46839
(cherry picked from commit 01eb635d12953e24ee5fae69692c28e4aab4f0f6)
---
sys/netinet/tcp_syncache.c | 4 ++--
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/sys/netinet/tcp_syncache.c b/sys/netinet/tcp_syncache.c
index c0c571fb76c2..6d171b2b7ea6 100644
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@@ -1614,8 +1614,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
("%s: bucket unexpectedly unlocked",
__func__));
SCH_UNLOCK(sch);
- if (ipopts)
- (void)m_free(ipopts);
goto done;
}
}
@@ -1785,6 +1783,8 @@ tfo_expanded:
#ifdef MAC
mac_syncache_destroy(&maclabel);
#endif
+ if (ipopts)
+ (void)m_free(ipopts);
}
return (rv);
}