From fef5fd231531bd66a8b09083b1f387c93f43d39a Mon Sep 17 00:00:00 2001
From: Bosko Milekic <bmilekic@FreeBSD.org>
Date: Sun, 11 Mar 2001 05:31:45 +0000
Subject: [PATCH] Plug several mbuf leaks in error cases (in nd6)

Submitted by: jhay
---
 sys/net/if_ethersubr.c |  3 +--
 sys/net/if_fddisubr.c  |  3 +--
 sys/netinet6/nd6.c     | 15 ++++++++++++---
 3 files changed, 14 insertions(+), 7 deletions(-)

diff --git a/sys/net/if_ethersubr.c b/sys/net/if_ethersubr.c
index 57baa2107d40..97beae9599cd 100644
--- a/sys/net/if_ethersubr.c
+++ b/sys/net/if_ethersubr.c
@@ -184,8 +184,7 @@ ether_output(ifp, m, dst, rt0)
 #ifdef INET6
 	case AF_INET6:
 		if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, (u_char *)edst)) {
-			/* this must be impossible, so we bark */
-			printf("nd6_storelladdr failed\n");
+			/* Something bad happened */
 			return(0);
 		}
 		off = m->m_pkthdr.len - m->m_len;
diff --git a/sys/net/if_fddisubr.c b/sys/net/if_fddisubr.c
index bc7136d016ff..734eeec7c141 100644
--- a/sys/net/if_fddisubr.c
+++ b/sys/net/if_fddisubr.c
@@ -180,8 +180,7 @@ fddi_output(ifp, m, dst, rt0)
 #ifdef INET6
 	case AF_INET6:
 		if (!nd6_storelladdr(&ac->ac_if, rt, m, dst, (u_char *)edst)) {
-			/* this must be impossible, so we bark */
-			printf("nd6_storelladdr failed\n");
+			/* Something bad happened */
 			return(0);
 		}
 		type = htons(ETHERTYPE_IPV6);
diff --git a/sys/netinet6/nd6.c b/sys/netinet6/nd6.c
index a4ddfa116fd3..833e90262bc9 100644
--- a/sys/netinet6/nd6.c
+++ b/sys/netinet6/nd6.c
@@ -970,6 +970,7 @@ nd6_resolve(ifp, rt, m, dst, desten)
 			return(1);
 			break;
 		default:
+			m_freem(m);
 			return(0);
 		}
 	}
@@ -1026,6 +1027,7 @@ nd6_resolve(ifp, rt, m, dst, desten)
 				ln, 0);
 		}
 	}
+	/* Do not free mbuf chain here as it is queued in llinfo_nd6 */
 	return(0);
 }
 #endif /* OLDIP6OUTPUT */
@@ -1981,19 +1983,26 @@ nd6_storelladdr(ifp, rt, m, dst, desten)
 			*desten = 0;
 			return(1);
 		default:
+			m_freem(m);
 			return(0);
 		}
 	}
 
-	if (rt == NULL ||
-	    rt->rt_gateway->sa_family != AF_LINK) {
-		printf("nd6_storelladdr: something odd happens\n");
+	if (rt == NULL) {
+		/* This could happen if we could not allocate memory */
+		m_freem(m);
+		return(0);
+	}
+	if (rt->rt_gateway->sa_family != AF_LINK) {
+		printf("nd6_storelladdr: something odd happened\n");
+		m_freem(m);
 		return(0);
 	}
 	sdl = SDL(rt->rt_gateway);
 	if (sdl->sdl_alen == 0) {
 		/* this should be impossible, but we bark here for debugging */
 		printf("nd6_storelladdr: sdl_alen == 0\n");
+		m_freem(m);
 		return(0);
 	}