The branch stable/13 has been updated by glebius: URL: https://cgit.FreeBSD.org/src/commit/?id=166bc357c6a4813e7c03ecaea54d7ef6508e7132
commit 166bc357c6a4813e7c03ecaea54d7ef6508e7132 Author: Alexander V. Chernikov <[email protected]> AuthorDate: 2023-05-17 09:06:04 +0000 Commit: Gleb Smirnoff <[email protected]> CommitDate: 2024-01-22 18:21:34 +0000 routing: plug mbuf leak for the packets hitting IPv6 blackhole route Reported by: Dmitriy Smirnov <[email protected]> Tested by: Dmitriy Smirnov <[email protected]> MFC after: 1 day (cherry picked from commit b50e1465e88dcf5f6f008892d802df010e7029d1) --- sys/netinet6/ip6_forward.c | 9 ++++++--- 1 file changed, 6 insertions(+), 3 deletions(-) diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c index 7415c72d9aea..8c5748533a77 100644 --- a/sys/netinet6/ip6_forward.c +++ b/sys/netinet6/ip6_forward.c @@ -196,9 +196,12 @@ again: if (nh->nh_flags & (NHF_BLACKHOLE | NHF_REJECT)) { IP6STAT_INC(ip6s_cantforward); - if ((nh->nh_flags & NHF_REJECT) && (mcopy != NULL)) { - icmp6_error(mcopy, ICMP6_DST_UNREACH, - ICMP6_DST_UNREACH_REJECT, 0); + if (mcopy != NULL) { + if (nh->nh_flags & NHF_REJECT) { + icmp6_error(mcopy, ICMP6_DST_UNREACH, + ICMP6_DST_UNREACH_REJECT, 0); + } else + m_freem(mcopy); } goto bad; }
