From nobody Tue Dec 24 16:35:42 2024 Delivered-To: importer@patchew.org Authentication-Results: mx.zohomail.com; dkim=fail; spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) smtp.mailfrom=edk2-devel-bounces@lists.01.org Return-Path: Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com with SMTPS id 1512613349754311.90587260774464; Wed, 6 Dec 2017 18:22:29 -0800 (PST) Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id CD1972218E936; Wed, 6 Dec 2017 18:17:55 -0800 (PST) Received: from mail-pf0-x244.google.com (mail-pf0-x244.google.com [IPv6:2607:f8b0:400e:c00::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 92D6A2218E921 for ; Wed, 6 Dec 2017 18:17:54 -0800 (PST) Received: by mail-pf0-x244.google.com with SMTP id j124so3533152pfc.2 for ; Wed, 06 Dec 2017 18:22:27 -0800 (PST) Received: from localhost.localdomain ([45.56.155.36]) by smtp.gmail.com with ESMTPSA id o5sm5225139pgv.49.2017.12.06.18.22.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 06 Dec 2017 18:22:26 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain of lists.01.org) client-ip=198.145.21.10; envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org; Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:400e:c00::244; helo=mail-pf0-x244.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=7jEp8Vsr4Rc1f0PrxKRG9zYjhsAoF4wcxQOPqsr2pFU=; b=OGYNWcUC5JYzfLPmfQ09moEbcpBy+v1Q7fTDni78UpsYfnvc8DMFz67HQ6kfGgvimG 1m30xd1NWfHzWzCP62V1QKFYRWzLVTIsgbk5y1HluP61M9nDyvQgCBPEy1moZJ0uEGXf 2JrRvfu4ly+Y3s5mXDhdepgsEBw6NaLb/6qmE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7jEp8Vsr4Rc1f0PrxKRG9zYjhsAoF4wcxQOPqsr2pFU=; b=YM+HgaatS00k6FPkwgXrDs/rNvX7ZLnwrSi0bUS8Bzy4yeNy+xshaHtcS+Zpug7JK2 7YTFbA+St8kbFp/w6Tqo1ymy9+NPiRDZ256DAWZN0KXIw0RH1LjxvThJ2abxLW7+6onz 8e9yb9msKvYaUXACUbPzgtMtLZ2DaXENtEEf3x41dc7H2DsfAmuFM3aj0p0nsZbirb4a A6aKLttD7qadliEsd7Kyvj5Ln0YujFPuqnTBXEBCa5DkbuF79uH4dV8VlKWYAr8YDYOL BlKxXyNhkmov9aHsPmPgb5oIZ7aHYLctgAt5IP09CpRMw2FSTWJLfi0fHokF/h1mU6YW oGlg== X-Gm-Message-State: AKGB3mIw+KaW8SlX3AA+LFYsnQZ7uEcvfu65pDclQrlebstSFprCQWfq EAgJaRoDUYJVA8PW+y53cbFYitojU1E= X-Google-Smtp-Source: AGs4zMb9/0j/0X0/JwYVzUYJPqGpcXKBFDSamYFBVnlFQ8YDePsfYqdakrvi4cmSY/NEkKHUkEe3sA== X-Received: by 10.101.86.197 with SMTP id w5mr4838115pgs.190.1512613346686; Wed, 06 Dec 2017 18:22:26 -0800 (PST) From: Heyi Guo To: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Date: Thu, 7 Dec 2017 10:21:47 +0800 Message-Id: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Junbiao Hong , Eric Dong , Heyi Guo , Jiaxin Wu , Siyuan Fu , Star Zeng MIME-Version: 1.0 Content-Transfer-Encoding: quoted-printable Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" X-ZohoMail-DKIM: fail (Header signature does not verify) X-ZohoMail: RDKM_2 RSF_4 Z_629925259 SPT_0 Content-Type: text/plain; charset="utf-8" When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho function, and then call Ip4Output. However, if Ip4Output gets some error and exits early, e.g. fails to find the route entry, memory buffer of "Data" gets no chance to be freed and memory leak will be caused. If there is such an attacker in the network, we will see UEFI runs out of memory and system hangs. Network stack code is so complicated that this is just a RFC to fix this issue. Please provide your comments about this. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Junbiao Hong Signed-off-by: Heyi Guo Cc: Star Zeng Cc: Eric Dong Cc: Ruiyu Ni Cc: Siyuan Fu Cc: Jiaxin Wu Reviewed-by: Fu Siyuan Reviewed-by: Jiaxin Wu --- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++ 1 file changed, 3 insertions(+) diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg= /Universal/Network/Ip4Dxe/Ip4Icmp.c index b4b0864..ed6bdbe 100644 --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho ( Ip4SysPacketSent, NULL ); + if (EFI_ERROR (Status)) { + NetbufFree (Data); + } =20 ON_EXIT: NetbufFree (Packet); --=20 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel