diff options
| author | Heyi Guo <heyi.guo@linaro.org> | 2017-12-11 19:11:48 +0800 |
|---|---|---|
| committer | Jiaxin Wu <jiaxin.wu@intel.com> | 2017-12-12 19:12:41 +0800 |
| commit | 764c9d95513fe4bf88719262ccf72bd9986a82fd (patch) | |
| tree | 80d83c491a941cf97e610fd0de8e9977719f9edb /MdeModulePkg | |
| parent | 0c6108b6524483d0e20f8d91caedb15daf75765a (diff) | |
| download | edk2-764c9d95513fe4bf88719262ccf72bd9986a82fd.zip edk2-764c9d95513fe4bf88719262ccf72bd9986a82fd.tar.gz edk2-764c9d95513fe4bf88719262ccf72bd9986a82fd.tar.bz2 | |
MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
When UEFI receives ICMP echo packets it will enter Ip4IcmpReplyEcho
function, and then call Ip4Output. However, if Ip4Output gets some
error and exits early, e.g. fails to find the route entry, memory
buffer of "Data" gets no chance to be freed and memory leak will be
caused. If there is such an attacker in the network, we will see UEFI
runs out of memory and system hangs.
So we explicitly free the memory when error status is returned.
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Diffstat (limited to 'MdeModulePkg')
| -rw-r--r-- | MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 |
1 files changed, 3 insertions, 0 deletions
diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c index b4b0864..ed6bdbe 100644 --- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c +++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c @@ -267,6 +267,9 @@ Ip4IcmpReplyEcho ( Ip4SysPacketSent,
NULL
);
+ if (EFI_ERROR (Status)) {
+ NetbufFree (Data);
+ }
ON_EXIT:
NetbufFree (Packet);
|