git: f415a5c1bd56 - main - pfsync: fix state leak

The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=f415a5c1bd56933367e42312731e4ec553e256ed

commit f415a5c1bd56933367e42312731e4ec553e256ed
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-09-08 09:21:12 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-09-10 13:12:51 +0000

    pfsync: fix state leak
    
    If we receive a state with a route-to interface name set and we can't
    find the interface we do not insert the state. However, in that case we
    must still clean up the state (and state keys).
    Do so, so we do not leak states.
    
    Reviewed by:    Kajetan Staszkiewicz <vegeta@tuxpowered.net>
    MFC after:      3 days
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D41779
---
 sys/netpfil/pf/if_pfsync.c | 7 +++++--
 1 file changed, 5 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c
index db448c9bbc48..e29c00fcb879 100644
--- a/sys/netpfil/pf/if_pfsync.c
+++ b/sys/netpfil/pf/if_pfsync.c
@@ -685,8 +685,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
 					printf("%s: unknown route interface: %s\n",
 					    __func__, sp->pfs_1400.rt_ifname);
 				if (flags & PFSYNC_SI_IOCTL)
-					return (EINVAL);
-				return (0);	/* skip this state */
+					error = EINVAL;
+				else
+					error = 0;
+				goto cleanup_keys;
 			}
 			break;
 		default:
@@ -734,6 +736,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
 
 cleanup:
 	error = ENOMEM;
+cleanup_keys:
 	if (skw == sks)
 		sks = NULL;
 	uma_zfree(V_pf_state_key_z, skw);