[Bug 255878] [PATCH] netpfil/ipfw: Fix a double free in aqm_pie_enqueue
bugzilla-noreply at freebsd.org
bugzilla-noreply at freebsd.org
Fri May 14 14:06:22 UTC 2021
https://bugs.freebsd.org/bugzilla/show_bug.cgi?id=255878
Bug ID: 255878
Summary: [PATCH] netpfil/ipfw: Fix a double free in
aqm_pie_enqueue
Product: Base System
Version: CURRENT
Hardware: Any
OS: Any
Status: New
Severity: Affects Many People
Priority: ---
Component: kern
Assignee: bugs at FreeBSD.org
Reporter: lylgood at foxmail.com
Created attachment 224941
--> https://bugs.freebsd.org/bugzilla/attachment.cgi?id=224941&action=edit
avoid the double free
Bug File: sys/netpfil/ipfw/dn_aqm_pie.c
In function aqm_pie_enqueue, m is freed via m_freem(m) at line 545.
But the freed m is freed again by FREE_PKT(m) at line 561.
My patch returns the error right away when m_tag_alloc() allocate memory
failed, rather than continues to free the m again.
--
You are receiving this mail because:
You are the assignee for the bug.
More information about the freebsd-bugs
mailing list