Re: [edk2] [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak

Wed, 06 Dec 2017 18:48:07 -0800 

Reviewed-by: Fu Siyuan <siyuan...@intel.com>

> -----Original Message-----
> From: Heyi Guo [mailto:heyi....@linaro.org]
> Sent: Thursday, December 7, 2017 10:22 AM
> To: linaro-u...@lists.linaro.org; edk2-devel@lists.01.org
> Cc: Heyi Guo <heyi....@linaro.org>; Junbiao Hong <hongjunb...@huawei.com>;
> Zeng, Star <star.z...@intel.com>; Dong, Eric <eric.d...@intel.com>; Ni,
> Ruiyu <ruiyu...@intel.com>; Fu, Siyuan <siyuan...@intel.com>; Wu, Jiaxin
> <jiaxin...@intel.com>
> Subject: [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
> 
> When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
> function, and then call Ip4Output. However, if Ip4Output gets some
> error and exits early, e.g. fails to find the route entry, memory
> buffer of "Data" gets no chance to be freed and memory leak will be
> caused. If there is such an attacker in the network, we will see UEFI
> runs out of memory and system hangs.
> 
> Network stack code is so complicated that this is just a RFC to fix
> this issue. Please provide your comments about this.
> 
> Contributed-under: TianoCore Contribution Agreement 1.1
> Signed-off-by: Junbiao Hong <hongjunb...@huawei.com>
> Signed-off-by: Heyi Guo <heyi....@linaro.org>
> Cc: Star Zeng <star.z...@intel.com>
> Cc: Eric Dong <eric.d...@intel.com>
> Cc: Ruiyu Ni <ruiyu...@intel.com>
> Cc: Siyuan Fu <siyuan...@intel.com>
> Cc: Jiaxin Wu <jiaxin...@intel.com>
> ---
>  MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
>  1 file changed, 3 insertions(+)
> 
> diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> index b4b0864..ed6bdbe 100644
> --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
> @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
>               Ip4SysPacketSent,
>               NULL
>               );
> +  if (EFI_ERROR (Status)) {
> +    NetbufFree (Data);
> +  }
> 
>  ON_EXIT:
>    NetbufFree (Packet);
> --
> 2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel

Reply via email to