possible mbuf leak in tap_dev_close()

To: tech-net%netbsd.org@localhost
Subject: possible mbuf leak in tap_dev_close()
From: Paul Forgey <paulf%tessier-ashpool.net@localhost>
Date: Sun, 29 Nov 2009 00:53:05 -0800

In the NetBSD Current sources downloaded Nov 20, I noticed a potential mbuf 
leak in the tap driver if the character device is closed with unread packets.

$ diff -u if_tap.c~ if_tap.c
--- if_tap.c~   2009-11-25 23:18:34.000000000 -0800
+++ if_tap.c    2009-11-25 23:21:47.000000000 -0800
@@ -839,6 +839,7 @@
 {
        struct ifnet *ifp;
        int s;
+       struct mbuf *m;
 
        s = splnet();
        /* Let tap_start handle packets again */
@@ -846,20 +847,17 @@
        ifp->if_flags &= ~IFF_OACTIVE;
 
        /* Purge output queue */
-       if (!(IFQ_IS_EMPTY(&ifp->if_snd))) {
-               struct mbuf *m;
-
-               for (;;) {
-                       IFQ_DEQUEUE(&ifp->if_snd, m);
-                       if (m == NULL)
-                               break;
+       for (;;) {
+               IFQ_DEQUEUE(&ifp->if_snd, m);
+               if (m == NULL)
+                       break;
 
-                       ifp->if_opackets++;
+               ifp->if_opackets++;
 #if NBPFILTER > 0
-                       if (ifp->if_bpf)
-                               bpf_mtap(ifp->if_bpf, m);
+               if (ifp->if_bpf)
+                       bpf_mtap(ifp->if_bpf, m);
 #endif
-               }
+               m_free (m);
        }
        splx(s);

Follow-Ups:
- Re: possible mbuf leak in tap_dev_close()
  - From: Iain Hibbert

Prev by Date: Re: [ignatios%cs.uni-bonn.de@localhost: Intel I55 chipset supported?]
Next by Date: Re: possible mbuf leak in tap_dev_close()
Previous by Thread: [ignatios%cs.uni-bonn.de@localhost: Intel I55 chipset supported?]
Next by Thread: Re: possible mbuf leak in tap_dev_close()
Indexes:

Home | Main Index | Thread Index | Old Index