git: 221d459fbc67 - main - pflow: handle unattached states
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 29 Apr 2024 16:15:58 UTC
The branch main has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=221d459fbc67e0c0565d6c6ea52fe8bbc5466fc7
commit 221d459fbc67e0c0565d6c6ea52fe8bbc5466fc7
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2024-04-29 09:51:17 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2024-04-29 16:13:19 +0000
pflow: handle unattached states
It's possible for states to be cleaned up (through pf_detach_state()) that
have not been fully attached. For example if there's an ID conflict during
pf_state_insert().
pflow exports states from pf_detach_state(), so it can get called on such
states, but did not account for this and could end up dereferencing a NULL
state key.
Check for this in export_pflow() and do not export unattached states.
See also: https://redmine.pfsense.org/issues/15446
Sponsored by: Rubicon Communications, LLC ("Netgate")
---
sys/netpfil/pf/pflow.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c
index f3dba7687d05..a437f0259af5 100644
--- a/sys/netpfil/pf/pflow.c
+++ b/sys/netpfil/pf/pflow.c
@@ -750,6 +750,10 @@ export_pflow(const struct pf_kstate *st)
NET_EPOCH_ASSERT();
+ /* e.g. if pf_state_key_attach() fails. */
+ if (st->key[PF_SK_STACK] == NULL || st->key[PF_SK_WIRE] == NULL)
+ return;
+
sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK];
CK_LIST_FOREACH(sc, &V_pflowif_list, sc_next) {