public inbox for dev@dpdk.org
 help / color / mirror / Atom feed
* [DPDK/other Bug 1893] Possible memory leak in ipv4_frag_reassemble
@ 2026-02-23  5:42 bugzilla
  0 siblings, 0 replies; only message in thread
From: bugzilla @ 2026-02-23  5:42 UTC (permalink / raw)
  To: dev

http://bugs.dpdk.org/show_bug.cgi?id=1893

            Bug ID: 1893
           Summary: Possible memory leak in ipv4_frag_reassemble
           Product: DPDK
           Version: unspecified
          Hardware: All
                OS: All
            Status: UNCONFIRMED
          Severity: critical
          Priority: Normal
         Component: other
          Assignee: dev@dpdk.org
          Reporter: albe19021990@gmail.com
  Target Milestone: ---

In current ipv4_frag_reassemble version in case of invalid data memory leak is
possibble.

On every success packet search we remove mbuf from fp

https://github.com/DPDK/dpdk/blob/main/lib/ip_frag/rte_ipv4_reassembly.c#L48

and link it to result mbuf.

https://github.com/DPDK/dpdk/blob/main/lib/ip_frag/rte_ipv4_reassembly.c#L45

If for some reason on some fail iteration there will be invalid offset in some
packet 

https://github.com/DPDK/dpdk/blob/main/lib/ip_frag/rte_ipv4_reassembly.c#L59

we will return NULL and all information chaned to m mbuf will be lost, as this
information was also deleted from fp.

So using fragmentation some client can create DDOS attack.

-- 
You are receiving this mail because:
You are the assignee for the bug.

^ permalink raw reply	[flat|nested] only message in thread
only message in thread, other threads:[~2026-02-23  5:42 UTC | newest]

Thread overview: (only message) (download: mbox.gz follow: Atom feed
-- links below jump to the message on this page --
2026-02-23  5:42 [DPDK/other Bug 1893] Possible memory leak in ipv4_frag_reassemble bugzilla

This is a public inbox, see mirroring instructions
for how to clone and mirror all data and code used for this inbox