Fix memory leak. Fixes #701

dmiller-nmap · dmiller-nmap · commit 9c22739248b7 · 2023-10-18T15:11:59.000-07:00
diff --git a/packetWin7/npf/npf/Read.c b/packetWin7/npf/npf/Read.c
@@ -639,7 +639,7 @@ ULONG NPF_GetMetadata(
 
 //-------------------------------------------------------------------
 _When_(AtDispatchLevel != FALSE, _IRQL_requires_(DISPATCH_LEVEL))
-VOID
+BOOLEAN
 NPF_TapExForEachOpen(
 	_Inout_ POPEN_INSTANCE Open,
 	_Inout_ PNPF_CAP_DATA pCapData,
@@ -802,7 +802,11 @@ NPF_DoTap(
 				continue;
 			}
 		}
-		NPF_TapExForEachOpen(pCapData->pOpen, pCapData, AtDispatchLevel);
+		if (!NPF_TapExForEachOpen(pCapData->pOpen, pCapData, AtDispatchLevel))
+		{
+			// Didn't accept it. Clean up!
+			NPF_ReturnCapData(pCapData);
+		}
 	}
 
 	// Now release/return the copies
@@ -1007,7 +1011,7 @@ NPF_CopyFromNetBufferToNBCopy(
 }
 
 _Use_decl_annotations_
-VOID
+BOOLEAN
 NPF_TapExForEachOpen(
 	POPEN_INSTANCE Open,
 	PNPF_CAP_DATA pCapData,
@@ -1020,11 +1024,12 @@ NPF_TapExForEachOpen(
 	PNPF_NBL_COPY pNBLCopy = pNBCopy->pNBLCopy;
 	ULONG TotalPacketSize = pNBCopy->ulPacketSize;
 	ULONG fres = pCapData->ulCaplen;
+	BOOLEAN bEnqueued = FALSE;
 
 	// We have a packet to record. OpenDetached is the highest needed level here.
 	if (!NPF_StartUsingOpenInstance(Open, OpenDetached, AtDispatchLevel))
  	{
- 		return;
+		return FALSE;
  	}
 
 	NT_ASSERT((Open->TimestampMode == TIMESTAMPMODE_SINGLE_SYNCHRONIZATION && pNBLCopy->PerfCount.QuadPart > 0)
@@ -1119,6 +1124,7 @@ NPF_TapExForEachOpen(
 		}
 		ExInterlockedInsertTailList(&Open->PacketQueue, &pCapData->PacketQueueEntry, &Open->PacketQueueLock);
 		// We successfully put this into the queue
+		bEnqueued = TRUE;
 		lCapSize = 0;
 		NpfInterlockedIncrement(&(LONG)Open->Accepted);
 
@@ -1129,7 +1135,7 @@ NPF_TapExForEachOpen(
 		}
 
 	} while (0);
-	if (lCapSize > 0)
+	if (!bEnqueued && lCapSize > 0)
 	{
 		// something went wrong and we didn't enqueue this, so reverse it.
 		NpfInterlockedExchangeAdd(&Open->Free, lCapSize);
@@ -1140,5 +1146,6 @@ NPF_TapExForEachOpen(
 
 
 	NPF_StopUsingOpenInstance(Open, OpenDetached, AtDispatchLevel);
+	return bEnqueued;
 	//TRACE_EXIT();
 }

Original file line number	Diff line number	Diff line change
`@@ -639,7 +639,7 @@ ULONG NPF_GetMetadata(`
`639`	`639`
`640`	`640`	`//-------------------------------------------------------------------`
`641`	`641`	`_When_(AtDispatchLevel != FALSE, _IRQL_requires_(DISPATCH_LEVEL))`
`642`		`-VOID`
	`642`	`+BOOLEAN`
`643`	`643`	`NPF_TapExForEachOpen(`
`644`	`644`	`_Inout_ POPEN_INSTANCE Open,`
`645`	`645`	`_Inout_ PNPF_CAP_DATA pCapData,`
`@@ -802,7 +802,11 @@ NPF_DoTap(`
`802`	`802`	`continue;`
`803`	`803`	`}`
`804`	`804`	`}`
`805`		`- NPF_TapExForEachOpen(pCapData->pOpen, pCapData, AtDispatchLevel);`
	`805`	`+ if (!NPF_TapExForEachOpen(pCapData->pOpen, pCapData, AtDispatchLevel))`
	`806`	`+ {`
	`807`	`+ // Didn't accept it. Clean up!`
	`808`	`+ NPF_ReturnCapData(pCapData);`
	`809`	`+ }`
`806`	`810`	`}`
`807`	`811`
`808`	`812`	`// Now release/return the copies`
`@@ -1007,7 +1011,7 @@ NPF_CopyFromNetBufferToNBCopy(`
`1007`	`1011`	`}`
`1008`	`1012`
`1009`	`1013`	`_Use_decl_annotations_`
`1010`		`-VOID`
	`1014`	`+BOOLEAN`
`1011`	`1015`	`NPF_TapExForEachOpen(`
`1012`	`1016`	`POPEN_INSTANCE Open,`
`1013`	`1017`	`PNPF_CAP_DATA pCapData,`
`@@ -1020,11 +1024,12 @@ NPF_TapExForEachOpen(`
`1020`	`1024`	`PNPF_NBL_COPY pNBLCopy = pNBCopy->pNBLCopy;`
`1021`	`1025`	`ULONG TotalPacketSize = pNBCopy->ulPacketSize;`
`1022`	`1026`	`ULONG fres = pCapData->ulCaplen;`
	`1027`	`+ BOOLEAN bEnqueued = FALSE;`
`1023`	`1028`
`1024`	`1029`	`// We have a packet to record. OpenDetached is the highest needed level here.`
`1025`	`1030`	`if (!NPF_StartUsingOpenInstance(Open, OpenDetached, AtDispatchLevel))`
`1026`	`1031`	`{`
`1027`		`- return;`
	`1032`	`+ return FALSE;`
`1028`	`1033`	`}`
`1029`	`1034`
`1030`	`1035`	`NT_ASSERT((Open->TimestampMode == TIMESTAMPMODE_SINGLE_SYNCHRONIZATION && pNBLCopy->PerfCount.QuadPart > 0)`
`@@ -1119,6 +1124,7 @@ NPF_TapExForEachOpen(`
`1119`	`1124`	`}`
`1120`	`1125`	`ExInterlockedInsertTailList(&Open->PacketQueue, &pCapData->PacketQueueEntry, &Open->PacketQueueLock);`
`1121`	`1126`	`// We successfully put this into the queue`
	`1127`	`+ bEnqueued = TRUE;`
`1122`	`1128`	`lCapSize = 0;`
`1123`	`1129`	`NpfInterlockedIncrement(&(LONG)Open->Accepted);`
`1124`	`1130`
`@@ -1129,7 +1135,7 @@ NPF_TapExForEachOpen(`
`1129`	`1135`	`}`
`1130`	`1136`
`1131`	`1137`	`} while (0);`
`1132`		`- if (lCapSize > 0)`
	`1138`	`+ if (!bEnqueued && lCapSize > 0)`
`1133`	`1139`	`{`
`1134`	`1140`	`// something went wrong and we didn't enqueue this, so reverse it.`
`1135`	`1141`	`NpfInterlockedExchangeAdd(&Open->Free, lCapSize);`
`@@ -1140,5 +1146,6 @@ NPF_TapExForEachOpen(`
`1140`	`1146`
`1141`	`1147`
`1142`	`1148`	`NPF_StopUsingOpenInstance(Open, OpenDetached, AtDispatchLevel);`
	`1149`	`+ return bEnqueued;`
`1143`	`1150`	`//TRACE_EXIT();`
`1144`	`1151`	`}`