From nobody Thu Sep 14 08:57:12 2023 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RmWRF1YtCz4t06D; Thu, 14 Sep 2023 08:57:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RmWRF0ywCz4T0Y; Thu, 14 Sep 2023 08:57:13 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694681833; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YhhCmEFUz0qfmn0QxtYnDiDbafvaAp+U9bSLsLMiEFM=; b=EHuR6SqClkaLXX5LcLAaUdpto/bRiO/IPnGbgDFRG3lD8hhUWvbtTAW34BcGaDxPM7xYq+ Vs5BJL0U5cMSMdAWybSLvcpOzUwooshKcYPnATZSGVKDrQUTJILPnBCfwghFBswK6I1gVm xGxUFyk0c5dMEoPMSwpN/upVfWwekXRolKg2cI56FKWuovFvafzXhyc6NrUOd/jjcvqdG4 4vPrIOZ9dYU5NVMX5rzove/fAsQIcipyyMKrSsRn1x9jZsfa/3fop8GCIjv+hSYSSSEbSf txeI9quTPI/pDGaNb9UlOG1JPO0c9zpuRRTg9+O5rqN9CxBuYPMfYuhiflwHeQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694681833; a=rsa-sha256; cv=none; b=PqfWZgeYTRo+Alg7ziP7/MhMMfPBGeprHJufZDETnXQEz4e7VGqhvNTUVmA+D03H/tWoNw 56MqB+1ynXuBqXACBYC2Tb4F6iu8F+9eEzahmbzcUE7VqA2ap8wXp0NydJf3Lga0B7kXyT i0GIb2lqKec1/8Xaw/fb33aFHkAUC/uWUADn9N93wS+cM6TAyz29gZL/zG5aSqNyWyK5wh Fbfz1/vk8DztdBxn4OQeD1zuEmxLp1/NZNjR1LVHywxvRBhbcV2lc9ZQqhSiM5qMW1hDOk WL33qHZtN6ijztIt02UyGCxDmJSoF5Mm7szOgZnhFU0/aKHhj+27NhA4lv4i5g== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694681833; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=YhhCmEFUz0qfmn0QxtYnDiDbafvaAp+U9bSLsLMiEFM=; b=caSFjHjRAPW/+ohKWFOoETqfLrtj0HtEhyhgLQEsruJINjhTrnhfSWhLa5NSiuEMVuZlX3 0Kkit2RKHjOkxy9W9oPvwkZ8pKahEZYzfCivMLTJxzuC+vP3Xhnw2K9dea+Oc44ZT3o80+ bpoaJmJS9fDtrWQxLESNliqX5iz80D74WBoxlY/8kk9XNPbSrkStPQ2OGemZNSgeqolmpp phO3xf37w4BVfYWXk7YF4EAtGr0lNpq+tZlkID6zH+q2JKAoVYIiRIk+sY4mD+Jqc/gQIY SOmZ+TlhV2fnPo/C1tzMGjIc7U7aIf7T3DOTBNkCL6DF5rlnLBZTyD9cMwwdVQ== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RmWRF04fKzr0g; Thu, 14 Sep 2023 08:57:13 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38E8vCYs076927; Thu, 14 Sep 2023 08:57:12 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38E8vCAJ076924; Thu, 14 Sep 2023 08:57:12 GMT (envelope-from git) Date: Thu, 14 Sep 2023 08:57:12 GMT Message-Id: <202309140857.38E8vCAJ076924@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: f08b43610ea1 - releng/14.0 - pfsync: fix state leak List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-all@freebsd.org X-BeenThere: dev-commits-src-all@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/releng/14.0 X-Git-Reftype: branch X-Git-Commit: f08b43610ea1e7804fc5ddb1bd5f3c2b1fce18c3 Auto-Submitted: auto-generated The branch releng/14.0 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=f08b43610ea1e7804fc5ddb1bd5f3c2b1fce18c3 commit f08b43610ea1e7804fc5ddb1bd5f3c2b1fce18c3 Author: Kristof Provost AuthorDate: 2023-09-08 09:21:12 +0000 Commit: Kristof Provost CommitDate: 2023-09-14 08:56:49 +0000 pfsync: fix state leak If we receive a state with a route-to interface name set and we can't find the interface we do not insert the state. However, in that case we must still clean up the state (and state keys). Do so, so we do not leak states. Approved by: re (delphij) Reviewed by: Kajetan Staszkiewicz MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41779 (cherry picked from commit f415a5c1bd56933367e42312731e4ec553e256ed) (cherry picked from commit 1bd8fa1dd0ba562c6b60fe1a316cfcca637d14d6) --- sys/netpfil/pf/if_pfsync.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index db448c9bbc48..e29c00fcb879 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -685,8 +685,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) printf("%s: unknown route interface: %s\n", __func__, sp->pfs_1400.rt_ifname); if (flags & PFSYNC_SI_IOCTL) - return (EINVAL); - return (0); /* skip this state */ + error = EINVAL; + else + error = 0; + goto cleanup_keys; } break; default: @@ -734,6 +736,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) cleanup: error = ENOMEM; +cleanup_keys: if (skw == sks) sks = NULL; uma_zfree(V_pf_state_key_z, skw);