diff options
| author | rwatson <rwatson@FreeBSD.org> | 2007-12-17 17:20:57 +0000 |
|---|---|---|
| committer | rwatson <rwatson@FreeBSD.org> | 2007-12-17 17:20:57 +0000 |
| commit | 4a0d85f1d46c99289fe053772a2145c69a511a40 (patch) | |
| tree | 8167a68df2f0e9d9b61ee41462c3ef8425d440bb | |
| parent | 9d2bf43707db1e05e2754eb9fec419c55b009c43 (diff) | |
| download | FreeBSD-src-4a0d85f1d46c99289fe053772a2145c69a511a40.zip FreeBSD-src-4a0d85f1d46c99289fe053772a2145c69a511a40.tar.gz | |
Fix leaking MAC labels for IPv6 inpcbs by adding missing MAC label
destroy call; this transpired because the inpcb alloc path for IPv4/IPv6
is the same code, but IPv6 has a separate free path. The results was
that as new IPv6 TCP connections were created, kernel memory would
gradually leak.
MFC after: 3 days
Reported by: tanyong <tanyong at ercist dot iscas dot ac dot cn>,
zhouzhouyi
| -rw-r--r-- | sys/netinet6/in6_pcb.c | 6 |
1 files changed, 6 insertions, 0 deletions
diff --git a/sys/netinet6/in6_pcb.c b/sys/netinet6/in6_pcb.c index db9a666..cbb27d8 100644 --- a/sys/netinet6/in6_pcb.c +++ b/sys/netinet6/in6_pcb.c @@ -66,6 +66,7 @@ __FBSDID("$FreeBSD$"); #include "opt_inet.h" #include "opt_inet6.h" #include "opt_ipsec.h" +#include "opt_mac.h" #include <sys/param.h> #include <sys/systm.h> @@ -106,6 +107,8 @@ __FBSDID("$FreeBSD$"); #include <netipsec/key.h> #endif /* IPSEC */ +#include <security/mac/mac_framework.h> + struct in6_addr zeroin6_addr; int @@ -434,6 +437,9 @@ in6_pcbfree(struct inpcb *inp) if (inp->inp_moptions != NULL) inp_freemoptions(inp->inp_moptions); inp->inp_vflag = 0; +#ifdef MAC + mac_inpcb_destroy(inp); +#endif INP_UNLOCK(inp); uma_zfree(ipi->ipi_zone, inp); } |
