The branch main has been updated by melifaro:
URL:
https://cgit.FreeBSD.org/src/commit/?id=b50e1465e88dcf5f6f008892d802df010e7029d1
commit b50e1465e88dcf5f6f008892d802df010e7029d1
Author: Alexander V. Chernikov <melif...@freebsd.org>
AuthorDate: 2023-05-17 09:06:04 +0000
Commit: Alexander V. Chernikov <melif...@freebsd.org>
CommitDate: 2023-05-17 09:06:04 +0000
routing: plug mbuf leak for the packets hitting IPv6 blackhole route
Reported by: Dmitriy Smirnov <f...@sage.su>
Tested by: Dmitriy Smirnov <f...@sage.su>
MFC after: 1 day
---
sys/netinet6/ip6_forward.c | 9 ++++++---
1 file changed, 6 insertions(+), 3 deletions(-)
diff --git a/sys/netinet6/ip6_forward.c b/sys/netinet6/ip6_forward.c
index c8f9079e0aa7..0f7260ccd067 100644
--- a/sys/netinet6/ip6_forward.c
+++ b/sys/netinet6/ip6_forward.c
@@ -198,9 +198,12 @@ again:
if (nh->nh_flags & (NHF_BLACKHOLE | NHF_REJECT)) {
IP6STAT_INC(ip6s_cantforward);
- if ((nh->nh_flags & NHF_REJECT) && (mcopy != NULL)) {
- icmp6_error(mcopy, ICMP6_DST_UNREACH,
- ICMP6_DST_UNREACH_REJECT, 0);
+ if (mcopy != NULL) {
+ if (nh->nh_flags & NHF_REJECT) {
+ icmp6_error(mcopy, ICMP6_DST_UNREACH,
+ ICMP6_DST_UNREACH_REJECT, 0);
+ } else
+ m_freem(mcopy);
}
goto bad;
}
