From nobody Mon Jun 06 11:45:55 2022 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id B678E1BDDB16; Mon, 6 Jun 2022 11:45:57 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LGsBX5Z8zz3Cfm; Mon, 6 Jun 2022 11:45:56 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654515957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OuN0O7xMti58kwTFyl2TpryrLGjTJ5uwul5yPyzMMg8=; b=Aq623gFB3BmON2KQ430aovJJVKt/UX25aUZeMdBRZfOtAsUsIp6AJ+e3e3qQi57VwUvIzJ wX8vDmRdKC2NXxQURb97hTqEhDji0jbgJecZsmgJc6V3rDZMhIgN1TukqbmMyuVNKWlsQU +r4g+9rjGsHIQPeXKk4J9eW/jNyhpCFjbYEAaHOIkO1osz7Wv3LHPlE7Ww5nuX6YEU4C/G uolTrFVkKuDiEJg2CBUYAMhHzjx2OMYAqrrAVsOl4zHiIJSr7LY9oj0R0AxfuDbNtEZ+fB cYCKvT7O+A9iIa9S4OjfoWVJpZBjD3GsYP4upvhSQsMIuJ2bKSpv2keMpRwhEw== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 722912569F; Mon, 6 Jun 2022 11:45:56 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 256BjuqH054111; Mon, 6 Jun 2022 11:45:56 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 256BjtvR054110; Mon, 6 Jun 2022 11:45:55 GMT (envelope-from git) Date: Mon, 6 Jun 2022 11:45:55 GMT Message-Id: <202206061145.256BjtvR054110@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 4f9d5dcc4510 - stable/13 - pf: fix more syncookie memory leaks List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/13 X-Git-Reftype: branch X-Git-Commit: 4f9d5dcc451042d0cc03cdb20fba77eaa66097c8 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654515957; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=OuN0O7xMti58kwTFyl2TpryrLGjTJ5uwul5yPyzMMg8=; b=D89++XBeF3glxiFVMP2Kd9kgJPcsZx5D3TI2qQDV2zKxgp0rcjamyI5x9/qOwWydyvdCUG YMEsvDtVAHxro22uEGBmR/9D9Zqor+iMOVCu1w5mhUtAAbNwnsVVM29FKuuEj413z0RKsV dPEabJkxWDeBQXNF8j/Ao5SoQNkXCEY9Q3TWUrkFzgjkx5wTJjfrX4nMEwtjKEijKalvx3 f1QPexmzrJatZd2X4G29n4qGw1U2FyZ8BzioLP4oyxr3NVfnpSxunjBqfTNYdQ5VVJvmre 3cgGUX7i7b5XbPMv5sH45v7EhuwI2WZ7C1tKpyLwPFYMFBkKRvccQKwqPmFLPQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654515957; a=rsa-sha256; cv=none; b=bt+bnE4EBbH+Xzx//kbzfZVRLCZvNf2keyuzs90B5S5hKrDyNqTzB8ANR1V8e3fbDNX//O gjLl5N3D0KUFecDWSvEuGtd4f/9r3DrrJHID9rDPgR0OwOY7BrQIUaLXxnLt9GosSVTI+K yjn931YXlwh5tkXQbnGZIS7RYWtyJMaRfqIuQvIncq3auEXrSP383BtcE6dzRgsrnSBHJC 1FX55hqN9gdiPXXHBBzGTDWpPksFNs8linMWDJUCU5oi79cMK1L+/vTimknE2udBfrISI8 +zaglbSxvMJfEipUtn1/lY8LsPax7JHtU4G6Qla55C366P4uTF4lihUUuVlBDA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch stable/13 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=4f9d5dcc451042d0cc03cdb20fba77eaa66097c8 commit 4f9d5dcc451042d0cc03cdb20fba77eaa66097c8 Author: Franco Fichtner AuthorDate: 2022-06-02 16:27:43 +0000 Commit: Kristof Provost CommitDate: 2022-06-06 07:01:34 +0000 pf: fix more syncookie memory leaks Allocate memory for packed nvlists in M_NVLIST, as nvlist_pack() does this as well, and we use the same variable interchangable with the memory we allocate. When we free it we can end up freeing from the wrong zone, leaking memory. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D35385 (cherry picked from commit a37e0e6de6527a7eaddea8e28f5e4b3427fba1a4) --- sys/netpfil/pf/pf_ioctl.c | 10 +++++----- sys/netpfil/pf/pf_syncookies.c | 6 +++--- 2 files changed, 8 insertions(+), 8 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index fd0eb5b85299..6820d1f909e5 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2352,7 +2352,7 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); error = copyin(nv->data, nvlpacked, nv->len); if (error) ERROUT(error); @@ -2391,13 +2391,13 @@ pfioctl(struct cdev *dev, u_long cmd, caddr_t addr, int flags, struct thread *td anchor_call, td); nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); break; #undef ERROUT DIOCADDRULENV_error: pf_krule_free(rule); nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); break; } @@ -5172,7 +5172,7 @@ pf_keepcounters(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -5191,7 +5191,7 @@ pf_keepcounters(struct pfioc_nv *nv) on_error: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); } diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c index 5230502be30c..6a375411d8ea 100644 --- a/sys/netpfil/pf/pf_syncookies.c +++ b/sys/netpfil/pf/pf_syncookies.c @@ -171,7 +171,7 @@ pf_get_syncookies(struct pfioc_nv *nv) #undef ERROUT errout: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); } @@ -191,7 +191,7 @@ pf_set_syncookies(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) return (ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) return (ENOMEM); @@ -232,7 +232,7 @@ pf_set_syncookies(struct pfioc_nv *nv) #undef ERROUT errout: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); }