From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <heyi.guo@linaro.org>
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:400e:c05::22b; helo=mail-pg0-x22b.google.com;
 envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org 
Received: from mail-pg0-x22b.google.com (mail-pg0-x22b.google.com
 [IPv6:2607:f8b0:400e:c05::22b])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id 1F03D21B02843
 for <edk2-devel@lists.01.org>; Thu,  7 Dec 2017 04:18:45 -0800 (PST)
Received: by mail-pg0-x22b.google.com with SMTP id m25so4352641pgv.12
 for <edk2-devel@lists.01.org>; Thu, 07 Dec 2017 04:23:18 -0800 (PST)
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=subject:to:cc:references:from:message-id:date:user-agent
 :mime-version:in-reply-to:content-transfer-encoding:content-language;
 bh=PDnSwZdiMt5ed6YfMf4CCxnxdvsiBtfRRRzJoMQ/P+I=;
 b=g9TGgWzj1f/63xjk1Q4A7RGnjUZZFcX2OfUb5BLsfQ28QJNtiRlU51/ySVgtAigIbh
 Ku498gHCGSjloczTBVC3riTUm0n+9tbRzlRMMbo926/SO+g/PPKTRu84uPKEcZt+FwgW
 Msx7OrbHy6ML+/6M4pULXl6nd4dgAx8m497zQ=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:subject:to:cc:references:from:message-id:date
 :user-agent:mime-version:in-reply-to:content-transfer-encoding
 :content-language;
 bh=PDnSwZdiMt5ed6YfMf4CCxnxdvsiBtfRRRzJoMQ/P+I=;
 b=V/gFMiLUrOG5Q/rePG2VuJw1dDRgUXOEFg6RH37as5YIyvhp32zidyKn+n18P3TQ/n
 56KlyETIvZ9+dfab7PurBEamES483+UomNEyHFEIiePqB5adD9pS2MqZu3JobPA9pLdG
 VgWfuPSkMapwZQkN3a3Ix5HHGCVHXLgNns35h0KBYbNvd5qphqOtR0MdmxEA+USGqByq
 vQaxOtJjPSpMHdCqj2YphtIACcMGTkqi5nAhy2rUHM/bqNxq4ExTjSg3U5Df6hj8i2Zv
 ej5NXgtWKY7YscXpdwjNJhQAFuUlt808EFFqXc+0I2pz0P/rumpq0FTiF/3Brvr2rzhu
 DBOA==
X-Gm-Message-State: AJaThX7RuZf2HAXBa3vOiD6uPvinxM+K/DiezZQqzpzG1ZcKFfkWRyJQ
 DvVcCn3EPDXHuoUIP15XjISMIQ==
X-Google-Smtp-Source: AGs4zMaQQly6ko8MSyR0u9x89VA02f9LIOnFMMQH0qAIF2DjqjgWMjnnEHHOg5hfmoc3Cfl6MeH0kw==
X-Received: by 10.99.108.66 with SMTP id h63mr25170327pgc.362.1512649397707;
 Thu, 07 Dec 2017 04:23:17 -0800 (PST)
Received: from [10.171.242.110] ([45.56.155.91])
 by smtp.gmail.com with ESMTPSA id q74sm8866498pfd.134.2017.12.07.04.23.15
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128);
 Thu, 07 Dec 2017 04:23:17 -0800 (PST)
To: "Wu, Jiaxin" <jiaxin.wu@intel.com>,
 "linaro-uefi@lists.linaro.org" <linaro-uefi@lists.linaro.org>,
 "edk2-devel@lists.01.org" <edk2-devel@lists.01.org>,
 "Fu, Siyuan" <siyuan.fu@intel.com>
Cc: Junbiao Hong <hongjunbiao@huawei.com>, "Zeng, Star"
 <star.zeng@intel.com>, "Dong, Eric" <eric.dong@intel.com>,
 "Ni, Ruiyu" <ruiyu.ni@intel.com>
References: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org>
 <895558F6EA4E3B41AC93A00D163B727416350E2D@SHSMSX103.ccr.corp.intel.com>
From: Heyi Guo <heyi.guo@linaro.org>
Message-ID: <5b9ff1f2-d12b-9f81-555f-97fa2a2ef7b3@linaro.org>
Date: Thu, 7 Dec 2017 20:23:13 +0800
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:52.0) Gecko/20100101
 Thunderbird/52.5.0
MIME-Version: 1.0
In-Reply-To: <895558F6EA4E3B41AC93A00D163B727416350E2D@SHSMSX103.ccr.corp.intel.com>
Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2017 12:18:45 -0000
Content-Type: text/plain; charset=gbk; format=flowed
Content-Transfer-Encoding: 8bit
Content-Language: en-US

Hi Siyuan and Jiaxin,

Thanks for your review; shall I generate a formal patch and post it 
again, as well as making some commit message refinement?

Regards,


Gary (Heyi Guo)


ÔÚ 12/7/2017 3:01 PM, Wu, Jiaxin дµÀ:
> It's is good to me.
>
> Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
>
> Thanks,
> Jiaxin
>
>
>> -----Original Message-----
>> From: Heyi Guo [mailto:heyi.guo@linaro.org]
>> Sent: Thursday, December 7, 2017 10:22 AM
>> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
>> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
>> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong, Eric
>> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
>> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
>> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
>>
>> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
>> function, and then call Ip4Output. However, if Ip4Output gets some
>> error and exits early, e.g. fails to find the route entry, memory
>> buffer of "Data" gets no chance to be freed and memory leak will be
>> caused. If there is such an attacker in the network, we will see UEFI
>> runs out of memory and system hangs.
>>
>> Network stack code is so complicated that this is just a RFC to fix
>> this issue. Please provide your comments about this.
>>
>> Contributed-under: TianoCore Contribution Agreement 1.1
>> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
>> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
>> Cc: Star Zeng <star.zeng@intel.com>
>> Cc: Eric Dong <eric.dong@intel.com>
>> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
>> Cc: Siyuan Fu <siyuan.fu@intel.com>
>> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
>> ---
>>   MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
>>   1 file changed, 3 insertions(+)
>>
>> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> index b4b0864..ed6bdbe 100644
>> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
>> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
>>                Ip4SysPacketSent,
>>                NULL
>>                );
>> +  if (EFI_ERROR (Status)) {
>> +    NetbufFree (Data);
>> +  }
>>
>>   ON_EXIT:
>>     NetbufFree (Packet);
>> --
>> 2.7.4