From nobody Sun Apr 28 03:50:46 2024
Delivered-To: importer@patchew.org
Authentication-Results: mx.zohomail.com;
	dkim=fail;
	spf=none (zoho.com: 198.145.21.10 is neither permitted nor denied by domain
 of lists.01.org)  smtp.mailfrom=edk2-devel-bounces@lists.01.org
Return-Path: <edk2-devel-bounces@lists.01.org>
Received: from ml01.01.org (ml01.01.org [198.145.21.10]) by mx.zohomail.com
	with SMTPS id 1512990719697524.7848326876369;
 Mon, 11 Dec 2017 03:11:59 -0800 (PST)
Received: from [127.0.0.1] (localhost [IPv6:::1])
	by ml01.01.org (Postfix) with ESMTP id 193C02218E95F;
	Mon, 11 Dec 2017 03:07:21 -0800 (PST)
Received: from mail-pg0-x243.google.com (mail-pg0-x243.google.com
 [IPv6:2607:f8b0:400e:c05::243])
 (using TLSv1.2 with cipher ECDHE-RSA-AES128-GCM-SHA256 (128/128 bits))
 (No client certificate requested)
 by ml01.01.org (Postfix) with ESMTPS id EA6912217CE2A
 for <edk2-devel@lists.01.org>; Mon, 11 Dec 2017 03:07:19 -0800 (PST)
Received: by mail-pg0-x243.google.com with SMTP id g7so10697794pgs.0
 for <edk2-devel@lists.01.org>; Mon, 11 Dec 2017 03:11:57 -0800 (PST)
Received: from localhost.localdomain ([45.56.152.71])
 by smtp.gmail.com with ESMTPSA id t4sm28850887pfj.56.2017.12.11.03.11.54
 (version=TLS1_2 cipher=ECDHE-RSA-AES128-SHA bits=128/128);
 Mon, 11 Dec 2017 03:11:56 -0800 (PST)
X-Original-To: edk2-devel@lists.01.org
Received-SPF: none (zoho.com: 198.145.21.10 is neither permitted nor denied by
 domain of lists.01.org) client-ip=198.145.21.10;
 envelope-from=edk2-devel-bounces@lists.01.org; helo=ml01.01.org;
Received-SPF: Pass (sender SPF authorized) identity=mailfrom;
 client-ip=2607:f8b0:400e:c05::243; helo=mail-pg0-x243.google.com;
 envelope-from=heyi.guo@linaro.org; receiver=edk2-devel@lists.01.org
DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=linaro.org; s=google;
 h=from:to:cc:subject:date:message-id;
 bh=MjdP9Q1Byq/Wk9x3CmcmgR3XqykFmAqZG6Vh1RcEK0Q=;
 b=kuEHZKpSrKmzJKsPJ0JEcP8fwEUit60YIbF2RYGA6Qapea3EK1Wg0G2CQ8e07lSxCs
 jptUdq4My0/E7vSaotzbNDPqXIT1ghxHmHWgA647q+AIpm4V4E0SHP+ctlEBGWY5SWxP
 tarUaa+gX34TN4LJSCIfslocn22ndNmxoEfeU=
X-Google-DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed;
 d=1e100.net; s=20161025;
 h=x-gm-message-state:from:to:cc:subject:date:message-id;
 bh=MjdP9Q1Byq/Wk9x3CmcmgR3XqykFmAqZG6Vh1RcEK0Q=;
 b=M2SxMhzpYzfSUfMJz+m524E3hiMZ934nUbBkL8vA3bfweaFZyPtSrw7pWCB6qk4eU3
 8yuL4eHmFhRfOZG7IYKm4H2telBSM9C4u0LIfeIkPUJA3CcmdMdQYOJWin+AJi4iUU9E
 rF6hGC2KKV6CkQg7VEYJyAKv9PGb8uBoacnZCMUbOrQEF/Cx8S9G0y7u5ITwtB9Wutna
 3O67EGGWbmBGrb4dsiG9B2KHhIoMuDLiPqvHr8MEd+vv2ANn7QzevOHQfqtVzyZbYufE
 CT/iYua3Cxt92Qw78NwU0jDGQCSoH8VaMKANz67asiFnpSii5vtEl/MUBQe2rVhjREF2
 r7zA==
X-Gm-Message-State: AJaThX7+wS2kZJbu4y6dE2Z00boxtAoNXvYwpeVv/1shg83O2k7XUM0F
 b7moheotls3QAr7nUJFYWd5s4w==
X-Google-Smtp-Source: 
 AGs4zMbu8O0dD5/pZhMyslF1YYH23IOvz7fwBeWAZ2RBRaodW9q9bGcwmTbVXVXXoN0FIFzLdgA0GA==
X-Received: by 10.99.132.72 with SMTP id k69mr38469270pgd.437.1512990716956;
 Mon, 11 Dec 2017 03:11:56 -0800 (PST)
From: Heyi Guo <heyi.guo@linaro.org>
To: linaro-uefi@lists.linaro.org,
	edk2-devel@lists.01.org
Date: Mon, 11 Dec 2017 19:11:48 +0800
Message-Id: <1512990708-87399-1-git-send-email-heyi.guo@linaro.org>
X-Mailer: git-send-email 2.7.4
Subject: [edk2] [PATCH] MdeModulePkg/Ip4Dxe: fix ICMP echo reply memory leak
X-BeenThere: edk2-devel@lists.01.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: EDK II Development  <edk2-devel.lists.01.org>
List-Unsubscribe: <https://lists.01.org/mailman/options/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=unsubscribe>
List-Archive: <http://lists.01.org/pipermail/edk2-devel/>
List-Post: <mailto:edk2-devel@lists.01.org>
List-Help: <mailto:edk2-devel-request@lists.01.org?subject=help>
List-Subscribe: <https://lists.01.org/mailman/listinfo/edk2-devel>,
 <mailto:edk2-devel-request@lists.01.org?subject=subscribe>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>, Junbiao Hong <hongjunbiao@huawei.com>,
 Eric Dong <eric.dong@intel.com>, Heyi Guo <heyi.guo@linaro.org>,
 Jiaxin Wu <jiaxin.wu@intel.com>, Siyuan Fu <siyuan.fu@intel.com>,
 Star Zeng <star.zeng@intel.com>
MIME-Version: 1.0
Content-Transfer-Encoding: quoted-printable
Errors-To: edk2-devel-bounces@lists.01.org
Sender: "edk2-devel" <edk2-devel-bounces@lists.01.org>
X-ZohoMail-DKIM: fail (Header signature does not verify)
X-ZohoMail: RDKM_2  RSF_4  Z_629925259 SPT_0
Content-Type: text/plain; charset="utf-8"

When UEFI receives IPMP echo packets it will enter Ip4IcmpReplyEcho
function, and then call Ip4Output. However, if Ip4Output gets some
error and exits early, e.g. fails to find the route entry, memory
buffer of "Data" gets no chance to be freed and memory leak will be
caused. If there is such an attacker in the network, we will see UEFI
runs out of memory and system hangs.

So we explicitly free the memory when error status is returned.

Contributed-under: TianoCore Contribution Agreement 1.1
Signed-off-by: Junbiao Hong <hongjunbiao@huawei.com>
Signed-off-by: Heyi Guo <heyi.guo@linaro.org>
Reviewed-by: Siyuan Fu <siyuan.fu@intel.com>
Reviewed-by: Jiaxin Wu <jiaxin.wu@intel.com>
Cc: Star Zeng <star.zeng@intel.com>
Cc: Eric Dong <eric.dong@intel.com>
Cc: Ruiyu Ni <ruiyu.ni@intel.com>
Cc: Siyuan Fu <siyuan.fu@intel.com>
Cc: Jiaxin Wu <jiaxin.wu@intel.com>
---
 MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c | 3 +++
 1 file changed, 3 insertions(+)

diff --git a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c b/MdeModulePkg=
/Universal/Network/Ip4Dxe/Ip4Icmp.c
index b4b0864..ed6bdbe 100644
--- a/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
+++ b/MdeModulePkg/Universal/Network/Ip4Dxe/Ip4Icmp.c
@@ -267,6 +267,9 @@ Ip4IcmpReplyEcho (
              Ip4SysPacketSent,
              NULL
              );
+  if (EFI_ERROR (Status)) {
+    NetbufFree (Data);
+  }
=20
 ON_EXIT:
   NetbufFree (Packet);
--=20
2.7.4

_______________________________________________
edk2-devel mailing list
edk2-devel@lists.01.org
https://lists.01.org/mailman/listinfo/edk2-devel