[DPDK/other Bug 1893] Possible memory leak in ipv4_frag_reassemble

All of lore.kernel.org
 help / color / mirror / Atom feed

From: bugzilla@dpdk.org
To: dev@dpdk.org
Subject: [DPDK/other Bug 1893] Possible memory leak in ipv4_frag_reassemble
Date: Mon, 23 Feb 2026 05:42:04 +0000	[thread overview]
Message-ID: <bug-1893-3@http.bugs.dpdk.org/> (raw)

http://bugs.dpdk.org/show_bug.cgi?id=1893

            Bug ID: 1893
           Summary: Possible memory leak in ipv4_frag_reassemble
           Product: DPDK
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: critical
          Priority: Normal
         Component: other
          Assignee: dev@dpdk.org
          Reporter: albe19021990@gmail.com
  Target Milestone: ---

In current ipv4_frag_reassemble version in case of invalid data memory leak is
possibble.

On every success packet search we remove mbuf from fp

https://github.com/DPDK/dpdk/blob/main/lib/ip_frag/rte_ipv4_reassembly.c#L48

and link it to result mbuf.

https://github.com/DPDK/dpdk/blob/main/lib/ip_frag/rte_ipv4_reassembly.c#L45

If for some reason on some fail iteration there will be invalid offset in some
packet 

https://github.com/DPDK/dpdk/blob/main/lib/ip_frag/rte_ipv4_reassembly.c#L59

we will return NULL and all information chaned to m mbuf will be lost, as this
information was also deleted from fp.

So using fragmentation some client can create DDOS attack.

-- 
You are receiving this mail because:
You are the assignee for the bug.

                 reply	other threads:[~2026-02-23  5:42 UTC|newest]

Thread overview: [no followups] expand[flat|nested]  mbox.gz  Atom feed

Reply instructions:

You may reply publicly to this message via plain-text email
using any one of the following methods:

* Save the following mbox file, import it into your mail client,
  and reply-to-all from there: mbox

  Avoid top-posting and favor interleaved quoting:
  https://en.wikipedia.org/wiki/Posting_style#Interleaved_style

* Reply using the --to, --cc, and --in-reply-to
  switches of git-send-email(1):

  git send-email \
    --in-reply-to=bug-1893-3@http.bugs.dpdk.org/ \
    --to=bugzilla@dpdk.org \
    --cc=dev@dpdk.org \
    /path/to/YOUR_REPLY

  https://kernel.org/pub/software/scm/git/docs/git-send-email.html

* If your mail client supports setting the In-Reply-To header
  via mailto: links, try the mailto: link

Be sure your reply has a Subject: header at the top and a blank line before the message body.

This is an external index of several public inboxes,
see mirroring instructions on how to clone and mirror
all data and code used by this external index.