tcp: improve mbuf handling when processing SYN segments

When the sysctl-variable net.inet.ip.accept_sourceroute is non-zero, an mbuf would be leaked when processing a SYN-segment containing an IPv4 strict or loose source routing option, when the on-stack syncache entry is used or there is an error related to processing TCP MD5 options. Fix this by freeing the mbuf whenever an error occurred or the on-stack syncache entry is used. Reviewed by: markj, rscheff MFC after: 1 week Sponsored by: Netflix, Inc. Differential Revision: https://reviews.freebsd.org/D46839
2024-11-27 08:00:11 +00:00 · 2024-09-30 20:00:04 +02:00 · 2024-09-30 20:00:04 +02:00 · 01eb635d12
commit 01eb635d12
parent a2e4f45480
1 changed files with 2 additions and 2 deletions
--- a/sys/netinet/tcp_syncache.c
+++ b/sys/netinet/tcp_syncache.c
@ -1604,8 +1604,6 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 				    ("%s: bucket unexpectedly unlocked",
 				    __func__));
 				SCH_UNLOCK(sch);
-				if (ipopts)
-					(void)m_free(ipopts);
 				goto done;
 			}
 		}
@ -1775,6 +1773,8 @@ syncache_add(struct in_conninfo *inc, struct tcpopt *to, struct tcphdr *th,
 #ifdef MAC
 		mac_syncache_destroy(&maclabel);
 #endif
+		if (ipopts)
+			(void)m_free(ipopts);
 	}
 	return (rv);
 }