From 507eb50bcecdae44fba3f6d486aaef0de67f21f2 Mon Sep 17 00:00:00 2001 From: Alexander Bluhm Date: Wed, 8 May 2024 13:01:31 +0000 Subject: Fix route leak in ip input. In previous commit when refactoring the route cache, a rtfree() has been forgotten. For each forwarded packet the reference counter of the route entry was increased. This eventually leads to an integer overflow and triggers kassert. reported by and OK jan@ --- sys/netinet/ip_input.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) (limited to 'sys/netinet') diff --git a/sys/netinet/ip_input.c b/sys/netinet/ip_input.c index 1d1510470f3..ad0455b50f1 100644 --- a/sys/netinet/ip_input.c +++ b/sys/netinet/ip_input.c @@ -1,4 +1,4 @@ -/* $OpenBSD: ip_input.c,v 1.393 2024/04/16 12:56:39 bluhm Exp $ */ +/* $OpenBSD: ip_input.c,v 1.394 2024/05/08 13:01:30 bluhm Exp $ */ /* $NetBSD: ip_input.c,v 1.30 1996/03/16 23:53:58 christos Exp $ */ /* @@ -587,6 +587,7 @@ ip_input_if(struct mbuf **mp, int *offp, int nxt, int af, struct ifnet *ifp) ip_forward(m, ifp, &ro, pfrdr); *mp = NULL; + rtfree(ro.ro_rt); return IPPROTO_DONE; bad: nxt = IPPROTO_DONE; -- cgit v1.2.3