From mboxrd@z Thu Jan 1 00:00:00 1970 Return-Path: Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records returned) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com; envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org Received: from mga17.intel.com (mga17.intel.com [192.55.52.151]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id C20C020356276 for ; Wed, 6 Dec 2017 22:56:54 -0800 (PST) Received: from orsmga008.jf.intel.com ([10.7.209.65]) by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384; 06 Dec 2017 23:01:27 -0800 X-ExtLoop1: 1 X-IronPort-AV: E=Sophos;i="5.45,371,1508828400"; d="scan'208";a="796421" Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206]) by orsmga008.jf.intel.com with ESMTP; 06 Dec 2017 23:01:26 -0800 Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 6 Dec 2017 23:01:26 -0800 Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS) id 14.3.319.2; Wed, 6 Dec 2017 23:01:26 -0800 Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by SHSMSX101.ccr.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0319.002; Thu, 7 Dec 2017 15:01:24 +0800 From: "Wu, Jiaxin" To: Heyi Guo , "linaro-uefi@lists.linaro.org" , "edk2-devel@lists.01.org" CC: Junbiao Hong , "Zeng, Star" , "Dong, Eric" , "Ni, Ruiyu" , "Fu, Siyuan" Thread-Topic: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak Thread-Index: AQHTbwI7fts57Lc+IU6UAnR+CiqlJaM3cReQ Date: Thu, 7 Dec 2017 07:01:23 +0000 Message-ID: <895558F6EA4E3B41AC93A00D163B727416350E2D@SHSMSX103.ccr.corp.intel.com> References: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org> In-Reply-To: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org> Accept-Language: en-US X-MS-Has-Attach: X-MS-TNEF-Correlator: x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjBhZDFlODUtY2Q1ZS00MzIxLTk4MWItYTkwYjBkNDQxMmQ2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6InZnTGJSbW9mU3VNZksrZSt3ZEd6MHNyWU5CUVV5NDhLZGZydFNcL1wvNEM1WT0ifQ== x-ctpclassification: CTP_IC dlp-product: dlpe-windows dlp-version: 11.0.0.116 dlp-reaction: no-action x-originating-ip: [10.239.127.40] MIME-Version: 1.0 Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Thu, 07 Dec 2017 06:56:54 -0000 Content-Language: en-US Content-Type: text/plain; charset="us-ascii" Content-Transfer-Encoding: quoted-printable It's is good to me.=20 Reviewed-by: Jiaxin Wu Thanks, Jiaxin > -----Original Message----- > From: Heyi Guo [mailto:heyi.guo@linaro.org] > Sent: Thursday, December 7, 2017 10:22 AM > To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org > Cc: Heyi Guo ; Junbiao Hong > ; Zeng, Star ; Dong, Eric > ; Ni, Ruiyu ; Fu, Siyuan > ; Wu, Jiaxin > Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak >=20 > When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho > function, and then call Ip4Output. However, if Ip4Output gets some > error and exits early, e.g. fails to find the route entry, memory > buffer of "Data" gets no chance to be freed and memory leak will be > caused. If there is such an attacker in the network, we will see UEFI > runs out of memory and system hangs. >=20 > Network stack code is so complicated that this is just a RFC to fix > this issue. Please provide your comments about this. >=20 > Contributed-under: TianoCore Contribution Agreement 1.1 > Signed-off-by: Junbiao Hong > Signed-off-by: Heyi Guo > Cc: Star Zeng > Cc: Eric Dong > Cc: Ruiyu Ni > Cc: Siyuan Fu > Cc: Jiaxin Wu > --- > MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++ > 1 file changed, 3 insertions(+) >=20 > diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c > b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c > index b4b0864..ed6bdbe 100644 > --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c > +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c > @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho ( > Ip4SysPacketSent, > NULL > ); > + if (EFI_ERROR (Status)) { > + NetbufFree (Data); > + } >=20 > ON_EXIT: > NetbufFree (Packet); > -- > 2.7.4