diff mbox series

[edk2] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak

Message ID 1512990708-87399-1-git-send-email-heyi.guo@linaro.org
State Accepted
Commit 764c9d95513fe4bf88719262ccf72bd9986a82fd
Headers show
Series [edk2] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak | expand

Commit Message

gary guo Dec. 11, 2017, 11:11 a.m. UTC 
When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
function, and then call Ip4Output. However, if Ip4Output gets some
error and exits early, e.g. fails to find the route entry, memory
buffer of "Data" gets no chance to be freed and memory leak will be
caused. If there is such an attacker in the network, we will see UEFI
runs out of memory and system hangs.

So we explicitly free the memory when error status is returned.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>

Signed-off-by: Heyi Guo <heyi.guo@linaro.org>

Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>

Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>

Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
---
 MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
 1 file changed, 3 insertions(+)

-- 
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel
diff mbox series

Patch

diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
index b4b0864..ed6bdbe 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
@@ -267,6 +267,9 @@  Ip4IcmpReplyEcho (
              Ip4SysPacketSent,
              NULL
              );
+  if (EFI_ERROR (Status)) {
+    NetbufFree (Data);
+  }
 
 ON_EXIT:
   NetbufFree (Packet);