From nobody Thu Sep 19 20:21:14 2024 X-Original-To: dev-commits-src-all@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4X8n3G3mjfz5XLF3; Thu, 19 Sep 2024 20:21:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R11" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4X8n3G3J8Nz4Wsc; Thu, 19 Sep 2024 20:21:14 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726777274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yIsZgk8s9TuRSJ0hg5oXK0xE8ULHxnUn8tU2h9Y6MbI=; b=qD6vIzRfLLNQbPAOLIhgnYPAR/1hx8vSj0fmMMF2cB/e4USnF0o3KzS+MLIXXAN0xmH+5V 65S1uNo7uTyc2SFsFEIRCKBaYPlV8SLN7gPeAQr1s8slxhnFriPRaE/z48mSPw00Y07Cyv tlKdnZTwzaCeclNUD3Sk8LcpHG33ndLyrVpTq29s019lb6QZDINmQuAsg4t2o2mVExfju8 2UTTB58OeRwwYgbqNFAqhyJkQxOJGxjL6OCa+k/THCK1qb6cxUO21Om5pCsK/lU9IkFkNU FJ0w/coL3Jo3YjI3YAyiJ4QXBvvUIIeFfYLIfGvgLlnB69QfroduRLks6Ual9g== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1726777274; a=rsa-sha256; cv=none; b=m2M1LnV1RMWFGPMkvKgt151+mnDGRtCrqtYaHT91nt22M+cj4fRPqioWVGiDIAXrcjsWug iFbrIivhK9R1kr4eom3aUunD17XHkBMc9/m6H3ol2KgHXNDQjezAzo4C14AQEqOlCwNynS 06SFKTfF+mdp7DkgFTMdlYlE/xx/rp7csXfAtOZwHSEukO8FOsCEhTwMqd7LMMiRmaZ40t 3NLSWhmIdZttdTi0MPOPJvoqB7FAaX1tE9QmMlBxlxd2/ox7Er8Lk1Akb4Xq727Xac0jlp FjuiUpZkCnh1ZG15URG0533BTXioCYSpdKPkijsESvEB29FTckvmx7CAqezA5w== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1726777274; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=yIsZgk8s9TuRSJ0hg5oXK0xE8ULHxnUn8tU2h9Y6MbI=; b=xEh7ZvQofrw9jcvhiM6qh793FUVizwNUdTUz3rXWuLMY9uce6WSAaclMb27g21Y8usvOFt kJ9jD+8KZpiulLULWto+5mTw49RRppVKt1IlvYiRC1xxpLmJ8MBKoMlIMFBJZt1GZpkAD+ DAXVH8IgsYBRti7qZDXs9Qp+Pkbd6Q4Gk//c9zsHk2OCkJBJefouLWckMC80kZfPQAkKNI 6AUzg2mo2gqy8bBAvOSp4puNFKaD0EGw2AKx4+KlNYphg98A2VfR+XA3Ma+nXTWIcmAEQD w22r8vdWf8SowyYrIPDxHwplxa4l4oy/8Lq67oxyIWAqeQbBp6vEZvtJ/Kk5sA== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4X8n3G2vP7zKTQ; Thu, 19 Sep 2024 20:21:14 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.18.1/8.18.1) with ESMTP id 48JKLEM9046220; Thu, 19 Sep 2024 20:21:14 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.18.1/8.18.1/Submit) id 48JKLEkn046217; Thu, 19 Sep 2024 20:21:14 GMT (envelope-from git) Date: Thu, 19 Sep 2024 20:21:14 GMT Message-Id: <202409192021.48JKLEkn046217@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 03d11291d8ec - main - pf: fix potential memory leaks in pf_create_state() List-Id: Commit messages for all branches of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-all List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-all@freebsd.org Sender: owner-dev-commits-src-all@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 03d11291d8ec39a040205966a25144d6b33fbbd0 Auto-Submitted: auto-generated The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=03d11291d8ec39a040205966a25144d6b33fbbd0 commit 03d11291d8ec39a040205966a25144d6b33fbbd0 Author: Kristof Provost AuthorDate: 2024-08-29 11:31:54 +0000 Commit: Kristof Provost CommitDate: 2024-09-19 20:20:12 +0000 pf: fix potential memory leaks in pf_create_state() If we fail to init TCP (or SCTP) initialization we have to remember to free state keys as well. They will not be freed for us when we free the state until we've inserted the state (i.e. pf_insert_state()). Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D46583 --- sys/netpfil/pf/pf.c | 8 ++++---- 1 file changed, 4 insertions(+), 4 deletions(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 1182c5dd0c30..0484a7ee5056 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -5456,7 +5456,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, if (s->state_flags & PFSTATE_SCRUB_TCP && pf_normalize_tcp_init(m, off, pd, th, &s->src, &s->dst)) { REASON_SET(&reason, PFRES_MEMORY); - goto drop; + goto csfailed; } if (s->state_flags & PFSTATE_SCRUB_TCP && s->src.scrub && pf_normalize_tcp_stateful(m, off, pd, &reason, th, s, @@ -5465,13 +5465,13 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, DPFPRINTF(PF_DEBUG_URGENT, ("pf_normalize_tcp_stateful failed on first " "pkt\n")); - goto drop; + goto csfailed; } } else if (pd->proto == IPPROTO_SCTP) { if (pf_normalize_sctp_init(m, off, pd, &s->src, &s->dst)) - goto drop; + goto csfailed; if (! (pd->sctp_flags & (PFDESC_SCTP_INIT | PFDESC_SCTP_ADD_IP))) - goto drop; + goto csfailed; } s->direction = pd->dir;