Page MenuHomeFreeBSD

Fix to avoid potential mbuf leak in network stack, if userland sends control messages to bad file descriptors.
ClosedPublic

Authored by lohithbsd_gmail.com on Sep 17 2016, 8:57 PM.
Tags
None
Referenced Files
Unknown Object (File)
Wed, Dec 11, 3:48 AM
Unknown Object (File)
Oct 6 2024, 11:09 PM
Unknown Object (File)
Oct 2 2024, 3:59 AM
Unknown Object (File)
Oct 1 2024, 10:04 PM
Unknown Object (File)
Sep 29 2024, 2:40 AM
Unknown Object (File)
Sep 29 2024, 2:00 AM
Unknown Object (File)
Sep 21 2024, 3:37 AM
Unknown Object (File)
Sep 20 2024, 11:25 PM
Subscribers

Details

Summary

In sendit(), if mp->msg_control is present, then in sockargs() we are allocating mbuf to store mp->msg_control. Later in kern_sendit(), call to getsock_cap(), will check validity of file pointer passed, if this fails EBADF is returned but mbuf allocated in sockargs() is not freed. Made code changes to free the same.

Diff Detail

Repository
rS FreeBSD src repository - subversion
Lint
Lint Not Applicable
Unit
Tests Not Applicable

Event Timeline

lohithbsd_gmail.com retitled this revision from to Fix to avoid potential mbuf leak in network stack, if userland sends control messages to bad file descriptors..
lohithbsd_gmail.com updated this object.
lohithbsd_gmail.com edited the test plan for this revision. (Show Details)
lohithbsd_gmail.com added a reviewer: hiren.
adrian added a reviewer: adrian.
This revision is now accepted and ready to land.Sep 18 2016, 12:12 AM
hiren edited edge metadata.

Thanks Lohith for the patch.

I'll wait for a few more days for any other comments before committing on your behalf.

This revision was automatically updated to reflect the committed changes.