From c1dccc5c1195acc037a3d8816098b9bd47881d01 Mon Sep 17 00:00:00 2001 From: Dave Barach Date: Tue, 10 Jul 2018 20:22:43 -0400 Subject: VPP-1337: Dangling reference be gone! Freeing the prefix and address vectors after signalling them from dhcpv6_client_node_fn to either the pd or iana report processes is absolutely wrong. The code has appeared to work by luck. This took three full days' worth of expert effort to root cause - in the context of an unrelated patch - and about one minute to fix. Change-Id: Ie589ab1a70ae83441ab4e8b6618a6d405741f53f Signed-off-by: Dave Barach --- src/vnet/dhcp/dhcp6_client_common_dp.c | 4 ++++ src/vnet/dhcp/dhcp6_ia_na_client_dp.c | 1 + src/vnet/dhcp/dhcp6_pd_client_dp.c | 1 + 3 files changed, 6 insertions(+) (limited to 'src/vnet/dhcp') diff --git a/src/vnet/dhcp/dhcp6_client_common_dp.c b/src/vnet/dhcp/dhcp6_client_common_dp.c index 216bf5fa0e4..1a3c7bcb278 100644 --- a/src/vnet/dhcp/dhcp6_client_common_dp.c +++ b/src/vnet/dhcp/dhcp6_client_common_dp.c @@ -395,6 +395,8 @@ dhcpv6_client_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, r.n_addresses = vec_len (addresses); r.addresses = addresses; dhcp6_publish_report (&r); + /* We just gave addresses to another process! */ + addresses = 0; } else { @@ -403,6 +405,8 @@ dhcpv6_client_node_fn (vlib_main_t * vm, vlib_node_runtime_t * node, r.n_prefixes = vec_len (prefixes); r.prefixes = prefixes; dhcp6_pd_publish_report (&r); + /* We just gave prefixes to another process! */ + prefixes = 0; } } vec_free (addresses); diff --git a/src/vnet/dhcp/dhcp6_ia_na_client_dp.c b/src/vnet/dhcp/dhcp6_ia_na_client_dp.c index d5bd648502e..60641227700 100644 --- a/src/vnet/dhcp/dhcp6_ia_na_client_dp.c +++ b/src/vnet/dhcp/dhcp6_ia_na_client_dp.c @@ -540,6 +540,7 @@ dhcp6_reply_process (vlib_main_t * vm, vlib_node_runtime_t * rt, address->preferred_time = htonl (info->preferred_time); address++; } + vec_free (events[i].addresses); dhcp6_ia_na_client_public_main_t *dcpm = &dhcp6_ia_na_client_public_main; diff --git a/src/vnet/dhcp/dhcp6_pd_client_dp.c b/src/vnet/dhcp/dhcp6_pd_client_dp.c index 93311210944..009de4a4431 100644 --- a/src/vnet/dhcp/dhcp6_pd_client_dp.c +++ b/src/vnet/dhcp/dhcp6_pd_client_dp.c @@ -548,6 +548,7 @@ dhcp6_pd_reply_process (vlib_main_t * vm, vlib_node_runtime_t * rt, prefix->preferred_time = htonl (info->preferred_time); prefix++; } + vec_free (events[i].prefixes); dhcp6_pd_client_public_main_t *dpcpm = &dhcp6_pd_client_public_main; -- cgit 1.2.3-korg