git: 03d11291d8ec - main - pf: fix potential memory leaks in pf_create_state()
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Thu, 19 Sep 2024 20:21:14 UTC
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=03d11291d8ec39a040205966a25144d6b33fbbd0 commit 03d11291d8ec39a040205966a25144d6b33fbbd0 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-08-29 11:31:54 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-09-19 20:20:12 +0000 pf: fix potential memory leaks in pf_create_state() If we fail to init TCP (or SCTP) initialization we have to remember to free state keys as well. They will not be freed for us when we free the state until we've inserted the state (i.e. pf_insert_state()). Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D46583 --- sys/netpfil/pf/pf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 1182c5dd0c30..0484a7ee5056 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5456,7 +5456,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, if (s->state_flags & PFSTATE_SCRUB_TCP && pf_normalize_tcp_init(m, off, pd, th, &s->src, &s->dst)) { REASON_SET(&reason, PFRES_MEMORY); - goto drop; + goto csfailed; } if (s->state_flags & PFSTATE_SCRUB_TCP && s->src.scrub && pf_normalize_tcp_stateful(m, off, pd, &reason, th, s, @@ -5465,13 +5465,13 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, DPFPRINTF(PF_DEBUG_URGENT, ("pf_normalize_tcp_stateful failed on first " "pkt\n")); - goto drop; + goto csfailed; } } else if (pd->proto == IPPROTO_SCTP) { if (pf_normalize_sctp_init(m, off, pd, &s->src, &s->dst)) - goto drop; + goto csfailed; if (! (pd->sctp_flags & (PFDESC_SCTP_INIT | PFDESC_SCTP_ADD_IP))) - goto drop; + goto csfailed; } s->direction = pd->dir;