Aren
/
NetBSD
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix mbuf leaks. pointed out and suggested by kre@n.o, thanks.

This commit is contained in:
knakahara 2017-12-18 03:21:44 +00:00
parent 5a6bcc75c1
commit decfa6a54a
2 changed files with 14 additions and 18 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

16
sys/netinet/in_l2tp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: in_l2tp.c,v 1.8 2017/12/18 03:20:12 knakahara Exp $ */
/* $NetBSD: in_l2tp.c,v 1.9 2017/12/18 03:21:44 knakahara Exp $ */
/*
* Copyright (c) 2017 Internet Initiative Japan Inc.
@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in_l2tp.c,v 1.8 2017/12/18 03:20:12 knakahara Exp $");
__KERNEL_RCSID(0, "$NetBSD: in_l2tp.c,v 1.9 2017/12/18 03:21:44 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_l2tp.h"
@ -368,13 +368,11 @@ in_l2tp_match(struct mbuf *m, int off, int proto, void *arg)
KASSERT(proto == IPPROTO_L2TP);
if (m->m_len < off + sizeof(uint32_t)) {
m = m_pullup(m, off + sizeof(uint32_t));
if (!m) {
/* if payload length < 4 octets */
return 0;
}
}
/*
* If the packet contains no session ID it cannot match
*/
if (m_length(m) < off + sizeof(uint32_t))
return 0;
/* get L2TP session ID */
m_copydata(m, off, sizeof(uint32_t), (void *)&sess_id);

16
sys/netinet6/in6_l2tp.c
View File

@ -1,4 +1,4 @@
/* $NetBSD: in6_l2tp.c,v 1.11 2017/12/18 03:20:13 knakahara Exp $ */
/* $NetBSD: in6_l2tp.c,v 1.12 2017/12/18 03:21:44 knakahara Exp $ */
/*
* Copyright (c) 2017 Internet Initiative Japan Inc.
@ -27,7 +27,7 @@
*/
#include <sys/cdefs.h>
__KERNEL_RCSID(0, "$NetBSD: in6_l2tp.c,v 1.11 2017/12/18 03:20:13 knakahara Exp $");
__KERNEL_RCSID(0, "$NetBSD: in6_l2tp.c,v 1.12 2017/12/18 03:21:44 knakahara Exp $");
#ifdef _KERNEL_OPT
#include "opt_l2tp.h"
@ -360,13 +360,11 @@ in6_l2tp_match(struct mbuf *m, int off, int proto, void *arg)
KASSERT(proto == IPPROTO_L2TP);
if (m->m_len < off + sizeof(uint32_t)) {
m = m_pullup(m, off + sizeof(uint32_t));
if (!m) {
/* if payload length < 4 octets */
return 0;
}
}
/*
* If the packet contains no session ID it cannot match
*/
if (m_length(m) < off + sizeof(uint32_t))
return 0;
/* get L2TP session ID */
m_copydata(m, off, sizeof(uint32_t), (void *)&sess_id);