Paul Forgey
2009-11-29 08:53:05 UTC
In the NetBSD Current sources downloaded Nov 20, I noticed a potential mbuf leak in the tap driver if the character device is closed with unread packets.
$ diff -u if_tap.c~ if_tap.c
--- if_tap.c~ 2009-11-25 23:18:34.000000000 -0800
+++ if_tap.c 2009-11-25 23:21:47.000000000 -0800
@@ -839,6 +839,7 @@
{
struct ifnet *ifp;
int s;
+ struct mbuf *m;
s = splnet();
/* Let tap_start handle packets again */
@@ -846,20 +847,17 @@
ifp->if_flags &= ~IFF_OACTIVE;
/* Purge output queue */
- if (!(IFQ_IS_EMPTY(&ifp->if_snd))) {
- struct mbuf *m;
-
- for (;;) {
- IFQ_DEQUEUE(&ifp->if_snd, m);
- if (m == NULL)
- break;
+ for (;;) {
+ IFQ_DEQUEUE(&ifp->if_snd, m);
+ if (m == NULL)
+ break;
- ifp->if_opackets++;
+ ifp->if_opackets++;
#if NBPFILTER > 0
- if (ifp->if_bpf)
- bpf_mtap(ifp->if_bpf, m);
+ if (ifp->if_bpf)
+ bpf_mtap(ifp->if_bpf, m);
#endif
- }
+ m_free (m);
}
splx(s);
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de
$ diff -u if_tap.c~ if_tap.c
--- if_tap.c~ 2009-11-25 23:18:34.000000000 -0800
+++ if_tap.c 2009-11-25 23:21:47.000000000 -0800
@@ -839,6 +839,7 @@
{
struct ifnet *ifp;
int s;
+ struct mbuf *m;
s = splnet();
/* Let tap_start handle packets again */
@@ -846,20 +847,17 @@
ifp->if_flags &= ~IFF_OACTIVE;
/* Purge output queue */
- if (!(IFQ_IS_EMPTY(&ifp->if_snd))) {
- struct mbuf *m;
-
- for (;;) {
- IFQ_DEQUEUE(&ifp->if_snd, m);
- if (m == NULL)
- break;
+ for (;;) {
+ IFQ_DEQUEUE(&ifp->if_snd, m);
+ if (m == NULL)
+ break;
- ifp->if_opackets++;
+ ifp->if_opackets++;
#if NBPFILTER > 0
- if (ifp->if_bpf)
- bpf_mtap(ifp->if_bpf, m);
+ if (ifp->if_bpf)
+ bpf_mtap(ifp->if_bpf, m);
#endif
- }
+ m_free (m);
}
splx(s);
--
Posted automagically by a mail2news gateway at muc.de e.V.
Please direct questions, flames, donations, etc. to news-***@muc.de