ng_bridge(4) has an easily exploitable memory leak
Archie Cobbs
archie at dellroad.org
Thu Apr 8 07:39:37 PDT 2004
Ruslan Ermilov wrote:
> > > On RELENG_4, ng_bridge(4) has an easily exploitable memory leak,
> > > and may quickly run system out of mbufs. It's enough to just
> > > have only one link connected to the bridge, e.g., the "upper"
> > > hook of the ng_ether(4) with IP address assigned, and pinging
> > > the broadcast IP address on the interface. The bug is more
> > > real when constructing a bridge, or, like we experienced it,
> > > by shutting down all except one bridge's link. The following
> > > patch fixes it:
> > >
> [snipped]
>
> > > An alternate solution is to MFC most of ng_bridge.c,v 1.8. Julian?
> >
> > what does an MFC diff look like?
> > (bridge is one of archies's nodes)
I'd just like to add a personal note... "Oops!"
:-)
-Archie
__________________________________________________________________________
Archie Cobbs * CTO, Awarix * http://www.awarix.com
More information about the freebsd-stable
mailing list