* [PATCH] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
@ 2017-12-11 11:11 Heyi Guo
0 siblings, 0 replies; only message in thread
From: Heyi Guo @ 2017-12-11 11:11 UTC (permalink / raw)
To: linaro-uefi, edk2-devel
Cc: Heyi Guo, Junbiao Hong, Star Zeng, Eric Dong, Ruiyu Ni, Siyuan Fu,
Jiaxin Wu
When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
function, and then call Ip4Output. However, if Ip4Output gets some
error and exits early, e.g. fails to find the route entry, memory
buffer of "Data" gets no chance to be freed and memory leak will be
caused. If there is such an attacker in the network, we will see UEFI
runs out of memory and system hangs.
So we explicitly free the memory when error status is returned.
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
---
MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
1 file changed, 3 insertions(+)
diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
index b4b0864..ed6bdbe 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
@@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
Ip4SysPacketSent,
NULL
);
+ if (EFI_ERROR (Status)) {
+ NetbufFree (Data);
+ }
ON_EXIT:
NetbufFree (Packet);
--
2.7.4
^ permalink raw reply related [flat|nested] only message in thread
only message in thread, other threads:[~2017-12-11 11:07 UTC | newest]
Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2017-12-11 11:11 [PATCH] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak Heyi Guo
This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox