Plug an mbuf leak in the error path of tcp signature in tcp_output().

author bluhm <bluhm@openbsd.org>

Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)

committer bluhm <bluhm@openbsd.org>

Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)
author bluhm <bluhm@openbsd.org>
Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)
committer bluhm <bluhm@openbsd.org>
Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)
diff --git a/sys/netinet/tcp_output.c b/sys/netinet/tcp_output.c

index bf67b1b..77e2321 100644 (file)
--- a/sys/netinet/tcp_output.c
+++ b/sys/netinet/tcp_output.c
@@ -1,4 +1,4 @@
-/*     $OpenBSD: tcp_output.c,v 1.117 2016/06/13 21:24:43 bluhm Exp $  */
+/*     $OpenBSD: tcp_output.c,v 1.118 2016/07/19 21:28:43 bluhm Exp $  */
  /*     $NetBSD: tcp_output.c,v 1.16 1997/06/03 16:17:09 kml Exp $      */
  
  /*
@@ -931,12 +931,16 @@ send:
  
                 tdb = gettdbbysrcdst(rtable_l2(tp->t_inpcb->inp_rtableid),
                     0, &src, &dst, IPPROTO_TCP);
-               if (tdb == NULL)
+               if (tdb == NULL) {
+                       m_freem(m);
                         return (EPERM);
+               }
  
                 if (tcp_signature(tdb, tp->pf, m, th, iphlen, 0,
-                   mtod(m, caddr_t) + hdrlen - optlen + sigoff) < 0)
+                   mtod(m, caddr_t) + hdrlen - optlen + sigoff) < 0) {
+                       m_freem(m);
                         return (EINVAL);
+               }
         }
  #endif /* TCP_SIGNATURE */
author	bluhm <bluhm@openbsd.org>
	Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)
committer	bluhm <bluhm@openbsd.org>
	Tue, 19 Jul 2016 21:28:43 +0000 (21:28 +0000)