From mboxrd@z Thu Jan  1 00:00:00 1970
Return-Path: <jiaxin.wu@intel.com>
Received-SPF: Permerror (SPF Permanent Error: More than 10 MX records
 returned) identity=mailfrom; client-ip=192.55.52.151; helo=mga17.intel.com;
 envelope-from=jiaxin.wu@intel.com; receiver=edk2-devel@lists.01.org 
Received: from mga17.intel.com (mga17.intel.com [192.55.52.151])
 (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id C20C020356276
 for <edk2-devel@lists.01.org>; Wed,  6 Dec 2017 22:56:54 -0800 (PST)
Received: from orsmga008.jf.intel.com ([10.7.209.65])
 by fmsmga107.fm.intel.com with ESMTP/TLS/DHE-RSA-AES256-GCM-SHA384;
 06 Dec 2017 23:01:27 -0800
X-ExtLoop1: 1
X-IronPort-AV: E=Sophos;i="5.45,371,1508828400"; 
   d="scan'208";a="796421"
Received: from fmsmsx108.amr.corp.intel.com ([10.18.124.206])
 by orsmga008.jf.intel.com with ESMTP; 06 Dec 2017 23:01:26 -0800
Received: from fmsmsx155.amr.corp.intel.com (10.18.116.71) by
 FMSMSX108.amr.corp.intel.com (10.18.124.206) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 6 Dec 2017 23:01:26 -0800
Received: from shsmsx101.ccr.corp.intel.com (10.239.4.153) by
 FMSMSX155.amr.corp.intel.com (10.18.116.71) with Microsoft SMTP Server (TLS)
 id 14.3.319.2; Wed, 6 Dec 2017 23:01:26 -0800
Received: from shsmsx103.ccr.corp.intel.com ([169.254.4.213]) by
 SHSMSX101.ccr.corp.intel.com ([169.254.1.159]) with mapi id 14.03.0319.002;
 Thu, 7 Dec 2017 15:01:24 +0800
From: "Wu, Jiaxin" <jiaxin.wu@intel.com>
To: Heyi Guo <heyi.guo@linaro.org>, "linaro-uefi@lists.linaro.org"
 <linaro-uefi@lists.linaro.org>, "edk2-devel@lists.01.org"
 <edk2-devel@lists.01.org>
CC: Junbiao Hong <hongjunbiao@huawei.com>, "Zeng, Star" <star.zeng@intel.com>, 
 "Dong, Eric" <eric.dong@intel.com>, "Ni, Ruiyu" <ruiyu.ni@intel.com>, "Fu, 
 Siyuan" <siyuan.fu@intel.com>
Thread-Topic: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
Thread-Index: AQHTbwI7fts57Lc+IU6UAnR+CiqlJaM3cReQ
Date: Thu, 7 Dec 2017 07:01:23 +0000
Message-ID: <895558F6EA4E3B41AC93A00D163B727416350E2D@SHSMSX103.ccr.corp.intel.com>
References: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org>
In-Reply-To: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org>
Accept-Language: en-US
X-MS-Has-Attach: 
X-MS-TNEF-Correlator: 
x-titus-metadata-40: eyJDYXRlZ29yeUxhYmVscyI6IiIsIk1ldGFkYXRhIjp7Im5zIjoiaHR0cDpcL1wvd3d3LnRpdHVzLmNvbVwvbnNcL0ludGVsMyIsImlkIjoiNjBhZDFlODUtY2Q1ZS00MzIxLTk4MWItYTkwYjBkNDQxMmQ2IiwicHJvcHMiOlt7Im4iOiJDVFBDbGFzc2lmaWNhdGlvbiIsInZhbHMiOlt7InZhbHVlIjoiQ1RQX0lDIn1dfV19LCJTdWJqZWN0TGFiZWxzIjpbXSwiVE1DVmVyc2lvbiI6IjE2LjUuOS4zIiwiVHJ1c3RlZExhYmVsSGFzaCI6InZnTGJSbW9mU3VNZksrZSt3ZEd6MHNyWU5CUVV5NDhLZGZydFNcL1wvNEM1WT0ifQ==
x-ctpclassification: CTP_IC
dlp-product: dlpe-windows
dlp-version: 11.0.0.116
dlp-reaction: no-action
x-originating-ip: [10.239.127.40]
MIME-Version: 1.0
Subject: Re: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
X-List-Received-Date: Thu, 07 Dec 2017 06:56:54 -0000
Content-Language: en-US
Content-Type: text/plain; charset="us-ascii"
Content-Transfer-Encoding: quoted-printable

It's is good to me.=20

Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>

Thanks,
Jiaxin


> -----Original Message-----
> From: Heyi Guo [mailto:heyi.guo@linaro.org]
> Sent: Thursday, December 7, 2017 10:22 AM
> To: linaro-uefi@lists.linaro.org; edk2-devel@lists.01.org
> Cc: Heyi Guo <heyi.guo@linaro.org>; Junbiao Hong
> <hongjunbiao@huawei.com>; Zeng, Star <star.zeng@intel.com>; Dong, Eric
> <eric.dong@intel.com>; Ni, Ruiyu <ruiyu.ni@intel.com>; Fu, Siyuan
> <siyuan.fu@intel.com>; Wu, Jiaxin <jiaxin.wu@intel.com>
> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
>=20
> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> function, and then call Ip4Output. However, if Ip4Output gets some
> error and exits early, e.g. fails to find the route entry, memory
> buffer of "Data" gets no chance to be freed and memory leak will be
> caused. If there is such an attacker in the network, we will see UEFI
> runs out of memory and system hangs.
>=20
> Network stack code is so complicated that this is just a RFC to fix
> this issue. Please provide your comments about this.
>=20
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
> Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
> Cc: Star Zeng <star.zeng@intel.com>
> Cc: Eric Dong <eric.dong@intel.com>
> Cc: Ruiyu Ni <ruiyu.ni@intel.com>
> Cc: Siyuan Fu <siyuan.fu@intel.com>
> Cc: Jiaxin Wu <jiaxin.wu@intel.com>
> ---
>  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
>  1 file changed, 3 insertions(+)
>=20
> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> index b4b0864..ed6bdbe 100644
> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
>               Ip4SysPacketSent,
>               NULL
>               );
> +  if (EFI_ERROR (Status)) {
> +    NetbufFree (Data);
> +  }
>=20
>  ON_EXIT:
>    NetbufFree (Packet);
> --
> 2.7.4