DragonFly BSD
DragonFly bugs List (threaded) for 2005-07
[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]

Memory leak for EMSGSIZE errors when writing to a BPF device


From: Guy Harris <guy@xxxxxxxxxxxx>
Date: Fri, 08 Jul 2005 10:22:50 -0700

bpfwrite() does:

	error = bpf_movein(uio, (int)d->bd_bif->bif_dlt, &m, &dst, &datlen);
	if (error)
		return(error);

	if (datlen > ifp->if_mtu)
		return(EMSGSIZE);

The mbuf chain pointed to by m isn't freed in that case.

FreeBSD 5.x fixes this by passing the MTU as an argument to bpf_movein(), and has bpf_movein() return EMSGSIZE before copying anything if the data length is greater than the MTU.

Current CVS NetBSD and OpenBSD free the mbuf chain before returning EMSGSIZE.



[Date Prev][Date Next]  [Thread Prev][Thread Next]  [Date Index][Thread Index]