Fix to avoid potential mbuf leak in network stack, if userland sends control messages to bad file descriptors.
ClosedPublic
Actions

Authored by lohithbsd_gmail.com on Sep 17 2016, 8:57 PM.

Details

Reviewers

hiren
adrian

Group Reviewers

network

Commits

rS306337: In sendit(), if mp->msg_control is present, then in sockargs() we are allocating

Summary

In sendit(), if mp->msg_control is present, then in sockargs() we are allocating mbuf to store mp->msg_control. Later in kern_sendit(), call to getsock_cap(), will check validity of file pointer passed, if this fails EBADF is returned but mbuf allocated in sockargs() is not freed. Made code changes to free the same.

Diff Detail

Repository

rS FreeBSD src repository - subversion

Lint

Lint Not Applicable

Unit

Tests Not Applicable

Event Timeline

lohithbsd_gmail.com updated this revision to Diff 20405.Sep 17 2016, 8:57 PM

lohithbsd_gmail.com retitled this revision from to Fix to avoid potential mbuf leak in network stack, if userland sends control messages to bad file descriptors..

lohithbsd_gmail.com updated this object.

lohithbsd_gmail.com edited the test plan for this revision. (Show Details)

lohithbsd_gmail.com added a reviewer: hiren.

Herald added a subscriber: imp. · View Herald TranscriptSep 17 2016, 8:57 PM

hiren added a reviewer: network.Sep 18 2016, 12:02 AM

adrian accepted this revision.Sep 18 2016, 12:12 AM

adrian added a reviewer: adrian.

This revision is now accepted and ready to land.Sep 18 2016, 12:12 AM