From patchwork Mon Dec 11 11:11:48 2017 Content-Type: text/plain; charset="utf-8" MIME-Version: 1.0 Content-Transfer-Encoding: 7bit X-Patchwork-Submitter: gary guo X-Patchwork-Id: 121368 Delivered-To: patch@linaro.org Received: by 10.140.22.227 with SMTP id 90csp2652545qgn; Mon, 11 Dec 2017 03:11:59 -0800 (PST) X-Google-Smtp-Source: ACJfBouay5k0FspUdUll36mhImNLmbeQFShnOWf3/FBslyAP2QiHDkvi2v+FqE/xu5ZblaTFpQQo X-Received: by 10.99.168.67 with SMTP id i3mr26795pgp.330.1512990719566; Mon, 11 Dec 2017 03:11:59 -0800 (PST) ARC-Seal: i=1; a=rsa-sha256; t=1512990719; cv=none; d=google.com; s=arc-20160816; b=fkKRhIL7LzPXYjCZv5OK4KlVUPoa66SCFDTH79mK+wQ3sNWY5GTuiq/hhH3w9lBFWM cbJdfC7tUC2iUChiZ5e1hiD5nIcSQF+WTUM8ZfpLd23xuA1gh9l46G5B0AOeocYGDnEg 6yn6Mpigjw0Abqxro4EALelbu25R8z1UfMjPYS7ak1/Pxjp7Lm281g2UN9lH2KIhFu6W zoVNTpoOQJgfbH0TkK/zcGif+H/47jNg0Qe9ree8rWPbqckanCUVZRFJKN2JnQp6HLIY mtGG65P1SyIstFw2DDXZp9oEsBtp9czabtbsAt64PDxlgRD14qPOmaPSrPWeP7peKOr4 fAkg== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=google.com; s=arc-20160816; h=sender:errors-to:content-transfer-encoding:mime-version:cc :list-subscribe:list-help:list-post:list-archive:list-unsubscribe :list-id:precedence:subject:message-id:date:to:from:dkim-signature :delivered-to:arc-authentication-results; bh=78yZL5/FXZoHC7aJsVzXG8xLnWf4ohE02kqVCJl7bMA=; b=MHdkLO3kew7fjZ+TQPYkBDMuTByvpRJYlnenQRFMpk7jtJz++56vRtEFqJkLfnR/oU x7dEbhmD5qZODeXWQAWqqDT2PUko5fi49ndJiWW/xHiajttzEtESZV6hXvg2TTc2kLbD PrgRDiX8cbHcWptfgj0pmppwYYsAPs06L1siLtm2LpCMRWBO6C1Nao8ZYUXL0Pht2k/k tbMUIm9317gpWSar1jHycUwNVeCfNyzDPIu9yiWUs+DWrvTyBjLz+lLFsuSAxIwupzyh M20sAwQsbxB6+kTKPl5J9X07WHFicRBWhRHGJLr724UkGJitRha+ivlHu87jLRUHXqvL L0+A== ARC-Authentication-Results: i=1; mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=kuEHZKpS; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Return-Path: Received: from ml01.01.org (ml01.01.org. [198.145.21.10]) by mx.google.com with ESMTPS id u199si9653897pgb.745.2017.12.11.03.11.58 (version=TLS1_2 cipher=ECDHE-RSA-AES128-GCM-SHA256 bits=128/128); Mon, 11 Dec 2017 03:11:59 -0800 (PST) Received-SPF: pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) client-ip=198.145.21.10; Authentication-Results: mx.google.com; dkim=neutral (body hash did not verify) header.i=@linaro.org header.s=google header.b=kuEHZKpS; spf=pass (google.com: best guess record for domain of edk2-devel-bounces@lists.01.org designates 198.145.21.10 as permitted sender) smtp.mailfrom=edk2-devel-bounces@lists.01.org; dmarc=fail (p=NONE sp=NONE dis=NONE) header.from=linaro.org Received: from [127.0.0.1] (localhost [IPv6:::1]) by ml01.01.org (Postfix) with ESMTP id 193C02218E95F; Mon, 11 Dec 2017 03:07:21 -0800 (PST) X-Original-To: edk2-devel@lists.01.org Delivered-To: edk2-devel@lists.01.org Received-SPF: Pass (sender SPF authorized) identity=mailfrom; client-ip=2607:f8b0:400e:c05::243; helo=mail-pg0-x243.google.com; envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org Received: from mail-pg0-x243.google.com (mail-pg0-x243.google.com [IPv6:2607:f8b0:400e:c05::243]) (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits)) (No client certificate requested) by ml01.01.org (Postfix) with ESMTPS id EA6912217CE2A for ; Mon, 11 Dec 2017 03:07:19 -0800 (PST) Received: by mail-pg0-x243.google.com with SMTP id g7so10697794pgs.0 for ; Mon, 11 Dec 2017 03:11:57 -0800 (PST) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google; h=from:to:cc:subject:date:message-id; bh=MjdP9Q1Byq/Wk9x3CmcmgR3XqykFmAqZG6Vh1RcEK0Q=; b=kuEHZKpSrKmzJKsPJ0JEcP8fwEUit60YIbF2RYGA6Qapea3EK1Wg0G2CQ8e07lSxCs jptUdq4My0/E7vSaotzbNDPqXIT1ghxHmHWgA647q+AIpm4V4E0SHP+ctlEBGWY5SWxP tarUaa+gX34TN4LJSCIfslocn22ndNmxoEfeU= X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=1e100.net; s=20161025; h=x-gm-message-state:from:to:cc:subject:date:message-id; bh=MjdP9Q1Byq/Wk9x3CmcmgR3XqykFmAqZG6Vh1RcEK0Q=; b=M2SxMhzpYzfSUfMJz+m524E3hiMZ934nUbBkL8vA3bfweaFZyPtSrw7pWCB6qk4eU3 8yuL4eHmFhRfOZG7IYKm4H2telBSM9C4u0LIfeIkPUJA3CcmdMdQYOJWin+AJi4iUU9E rF6hGC2KKV6CkQg7VEYJyAKv9PGb8uBoacnZCMUbOrQEF/Cx8S9G0y7u5ITwtB9Wutna 3O67EGGWbmBGrb4dsiG9B2KHhIoMuDLiPqvHr8MEd+vv2ANn7QzevOHQfqtVzyZbYufE CT/iYua3Cxt92Qw78NwU0jDGQCSoH8VaMKANz67asiFnpSii5vtEl/MUBQe2rVhjREF2 r7zA== X-Gm-Message-State: AJaThX7+wS2kZJbu4y6dE2Z00boxtAoNXvYwpeVv/1shg83O2k7XUM0F b7moheotls3QAr7nUJFYWd5s4w== X-Received: by 10.99.132.72 with SMTP id k69mr38469270pgd.437.1512990716956; Mon, 11 Dec 2017 03:11:56 -0800 (PST) Received: from localhost.localdomain ([45.56.152.71]) by smtp.gmail.com with ESMTPSA id t4sm28850887pfj.56.2017.12.11.03.11.54 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128); Mon, 11 Dec 2017 03:11:56 -0800 (PST) From: Heyi Guo To: linaro-uefi@lists.linaro.org, edk2-devel@lists.01.org Date: Mon, 11 Dec 2017 19:11:48 +0800 Message-Id: <1512990708-87399-1-git-send-email-heyi.guo@linaro.org> X-Mailer: git-send-email 2.7.4 Subject: [edk2] [PATCH] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak X-BeenThere: edk2-devel@lists.01.org X-Mailman-Version: 2.1.22 Precedence: list List-Id: EDK II Development List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , Cc: Ruiyu Ni , Junbiao Hong , Eric Dong , Heyi Guo , Jiaxin Wu , Siyuan Fu , Star Zeng MIME-Version: 1.0 Errors-To: edk2-devel-bounces@lists.01.org Sender: "edk2-devel" When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho function, and then call Ip4Output. However, if Ip4Output gets some error and exits early, e.g. fails to find the route entry, memory buffer of "Data" gets no chance to be freed and memory leak will be caused. If there is such an attacker in the network, we will see UEFI runs out of memory and system hangs. So we explicitly free the memory when error status is returned. Contributed-under: TianoCore Contribution Agreement 1.1 Signed-off-by: Junbiao Hong Signed-off-by: Heyi Guo Reviewed-by: Siyuan Fu Reviewed-by: Jiaxin Wu Cc: Star Zeng Cc: Eric Dong Cc: Ruiyu Ni Cc: Siyuan Fu Cc: Jiaxin Wu --- MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++ 1 file changed, 3 insertions(+) -- 2.7.4 _______________________________________________ edk2-devel mailing list edk2-devel@lists.01.org https://lists.01.org/mailman/listinfo/edk2-devel diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c index b4b0864..ed6bdbe 100644 --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho ( Ip4SysPacketSent, NULL ); + if (EFI_ERROR (Status)) { + NetbufFree (Data); + } ON_EXIT: NetbufFree (Packet);