From patchwork Thu Dec 7 02:21:47 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: gary guo X-Patchwork-Id: 120916 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp7809919qgn; Wed, 6 Dec 2017 18:22:29 -0800 (PST) X-Google-Smtp-Source: AGs4zMb09JUfsXJx7JDHg5VTUkBq+yxcZQuhM8CpRNIguCc35OWjZRBJE5FppUeDSMQf7H55TgR1 X-Received: by 10.84.247.150 with SMTP id o22mr11483227pll.139.1512613349505; Wed, 06 Dec 2017 18:22:29 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512613349; cv=none; d=google.com; s=arc-20160816; b=bKVFaC+RvfK4ZBz6oTrHzHzjKwk7Djip9NBSIYu122ZARqDfJaFPEv/rlJlf/bfXc1 oIY4XGGMfwvd6hrmFeTu5ZnZOT9xZJgzOZnylaTE9A/rIFnuzDxfz5lj8HSQT9ShuhpZ +zsucPRWXmCvkT6Y6hbH7gf+EXX98gGbHnzjBRvJyb2lEO31o/OzAlapmWQC3LGK0x8M R+ajPrmS+Y6o3rLrNDeC+48YyeJhcj58bEnXTwttIJnp2V4NTqb0tXUGSJItrDraAxGa lJTLrmLhX4xR3gfh68gG1femaJm4nI6roDtgZ4xS5aQhB75EIE0ZDGu1mwvx6mnk8Wy0 JvyQ== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=CPSnUJ0WqdR0VEQFgAfoAz2tvS1gMi5F+cCQb9uFwKI=; b=wALEbWXx9TsFHYcOkNTUKRqqq7NQ0+6UMgt2no4nvpQHDb7Sw1NRG+kXHuFKWA1VIF UQJG6xU/6Ry1rjsgmsgSGH+v2Wt4jlEXSLkdM6i31BZiW50sQWXyGLPqYAKG2OP1kgyw foEddn9Ri9STrHNPeTtzeP+Vc3s2fMvuVbMzMlTQn6N7tan4RM/LWwjxCg1qjG/zoR1g IxEgXpsPsCP5b5chI0FawUdTeqdGXA7kddLBvlhvayILx6RUwoiPNAjDXKBzEaCZbcOc HaWZ+xZ6NPRHop5+wQMGgh3Sl3jZxuyP+6X0CwzghEW2Jz3x2VV2jV97Cl1+VInWWtxJ ameg== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=OGYNWcUC; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [2001:19d0:306:5::1]) by mx.google.com with ESMTPS id g129si2864169pgc.586.2017.12.06.18.22.28 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Wed, 06 Dec 2017 18:22:29 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) client-ip=2001:19d0:306:5::1; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=OGYNWcUC; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 2001:19d0:306:5::1 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id CD1972218E936; Wed, 6 Dec 2017 18:17:55 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:400e:c00::244; helo=mail-pf0-x244.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pf0-x244.google.com (mail-pf0-x244.google.com [IPv6:2607:f8b0:400e:c00::244]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id 92D6A2218E921 for ; Wed, 6 Dec 2017 18:17:54 -0800 (PST) Received: by mail-pf0-x244.google.com with SMTP id j124so3533152pfc.2 for ; Wed, 06 Dec 2017 18:22:27 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=7jEp8Vsr4Rc1f0PrxKRG9zYjhsAoF4wcxQOPqsr2pFU=; b=OGYNWcUC5JYzfLPmfQ09moEbcpBy+v1Q7fTDni78UpsYfnvc8DMFz67HQ6kfGgvimG 1m30xd1NWfHzWzCP62V1QKFYRWzLVTIsgbk5y1HluP61M9nDyvQgCBPEy1moZJ0uEGXf 2JrRvfu4ly+Y3s5mXDhdepgsEBw6NaLb/6qmE= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=7jEp8Vsr4Rc1f0PrxKRG9zYjhsAoF4wcxQOPqsr2pFU=; b=YM+HgaatS00k6FPkwgXrDs/rNvX7ZLnwrSi0bUS8Bzy4yeNy+xshaHtcS+Zpug7JK2 7YTFbA+St8kbFp/w6Tqo1ymy9+NPiRDZ256DAWZN0KXIw0RH1LjxvThJ2abxLW7+6onz 8e9yb9msKvYaUXACUbPzgtMtLZ2DaXENtEEf3x41dc7H2DsfAmuFM3aj0p0nsZbirb4a A6aKLttD7qadliEsd7Kyvj5Ln0YujFPuqnTBXEBCa5DkbuF79uH4dV8VlKWYAr8YDYOL BlKxXyNhkmov9aHsPmPgb5oIZ7aHYLctgAt5IP09CpRMw2FSTWJLfi0fHokF/h1mU6YW oGlg== X-Gm-Message-State: AKGB3mIw+KaW8SlX3AA+LFYsnQZ7uEcvfu65pDclQrlebstSFprCQWfq EAgJaRoDUYJVA8PW+y53cbFYitojU1E= X-Received: by 10.101.86.197 with SMTP id w5mr4838115pgs.190.1512613346686; Wed, 06 Dec 2017 18:22:26 -0800 (PST) Received: from localhost.localdomain ([45.56.155.36]) by smtp.gmail.com with ESMTPSA id o5sm5225139pgv.49.2017.12.06.18.22.21 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Wed, 06 Dec 2017 18:22:26 -0800 (PST) From: Heyi Guo To: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Date: Thu, 7 Dec 2017 10:21:47 +0800 Message-Id: <1512613307-62879-1-git-send-email-heyi.guo@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [RFC] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Junbiao Hong , Eric Dong , Heyi Guo , Jiaxin Wu , Siyuan Fu , Star Zeng MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho function, and then call Ip4Output. However, if Ip4Output gets some error and exits early, e.g. fails to find the route entry, memory buffer of "Data" gets no chance to be freed and memory leak will be caused. If there is such an attacker in the network, we will see UEFI runs out of memory and system hangs. Network stack code is so complicated that this is just a RFC to fix this issue. Please provide your comments about this. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Junbiao Hong Signed-off-by: Heyi Guo Cc: Star Zeng Cc: Eric Dong Cc: Ruiyu Ni Cc: Siyuan Fu Cc: Jiaxin Wu --- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel Reviewed-by: Fu Siyuan Reviewed-by: Jiaxin Wu diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c index b4b0864..ed6bdbe 100644 --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho ( Ip4SysPacketSent, NULL ); + if (EFI_ERROR (Status)) { + NetbufFree (Data); + } ON_EXIT: NetbufFree (Packet);