From nobody Wed Sep 13 11:16:35 2023 X-Original-To: dev-commits-src-branches@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4RlyZZ2h9Sz4src6; Wed, 13 Sep 2023 11:16:38 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4RlyZX1YY5z4rt7; Wed, 13 Sep 2023 11:16:36 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694603796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X6ug1KKTSE/o6UHgkAjN2n01hArIUdlY+eoEFSaMI3s=; b=Mex6mlwghDYEmvAnLOItmVu8qQ84eLsZuIY2sMp517OCG16uPag5b/Q/vKMjRSCQ+NNjOZ BCoB5sgur/XFFFl/H65Xk/z8HnHDAGZQWvqG12PH2iFRUjFA8phHTEaqJRKJLdnOUPr15q cFgZvW0rYzdqKVqmGG1X4qn/PAGyqkoEYUB5J2YCgkcExG1KxjNd4trbozWCp4102w8v9/ 66PKVnifRma+R6m0VejOnSpsl2nJtUpn40NAaXkjyr4vc8Ja8toH/EIGMs3WTAJGWQsgV+ UwZong+ohCMOPdJIqxeg3rWSPwM9bgPEzpiHGbEho8UD776G2s98TMf4C4FWkg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1694603796; a=rsa-sha256; cv=none; b=wtyVb4Yd8lEPvd433DkJgIwJHJm/LI6hHNeYis37GdkWemwv+26OtHHzm5IvbNnzn9BBu+ sH+VQUVu3AuTXRFBWNOpd9DtOuGymp37WAoIbn5FjGM2hWyARyxXnv0Rl9+vWHgHH1wKCK skljYjMcwUBeTANz/o9PsQGE+xC3zWOxvhoGLztzzajJ0yBI0lZ9sVPatwP8cU8yBgxjSM FFag63YYUo4djHuQpkzYAhVHcNgGX5sWt0755AlzwGX8wBbEjgsTlRXqjiVp7dlXLzxyV6 FH7WjfDxKv8TPNzWdCKmsj4+4+LxzG4JjtEZmU7QXnflGWIyTuUtuxEHCVDuCA== ARC-Authentication-Results: i=1; mx1.freebsd.org; none ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1694603796; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=X6ug1KKTSE/o6UHgkAjN2n01hArIUdlY+eoEFSaMI3s=; b=qWGZroqHIbf+OxwtR+xF1+Nx6RxCs8NtNFfwy0BIxU3qaZ7cb/VTNsN65+uuSb0vPrRWKj yGPY54zsUwzXcd2gUe0/hnxL1E6ijSV8xDYhNng07lGh12fQtgRlIvd7eXNm3WKp4IKeAe Kf+80lg1PR6/NqNnyK0fyLEREjlWKrn5mP9fNNHjZoc+6yj3a0G5l4XwGWY6lvijQYRg2a 7FS/60yrTbNKkpyWCvekGJcaTQ5DXhoGiHnZoSA104B2uVjNbfwlZaZTiILB2NVN1mS9GX qBHliKwf3w5rb+MyS35wlDk1DpnR9vVA9HyOj3OhkYTzFmNSW47A7CXR5f5kQg== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id 4RlyZX0bpMz1BNY; Wed, 13 Sep 2023 11:16:36 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.17.1/8.17.1) with ESMTP id 38DBGZgX017234; Wed, 13 Sep 2023 11:16:35 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.17.1/8.17.1/Submit) id 38DBGZaC017231; Wed, 13 Sep 2023 11:16:35 GMT (envelope-from git) Date: Wed, 13 Sep 2023 11:16:35 GMT Message-Id: <202309131116.38DBGZaC017231@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-branches@FreeBSD.org From: Kristof Provost Subject: git: 1bd8fa1dd0ba - stable/14 - pfsync: fix state leak List-Id: Commits to the stable branches of the FreeBSD src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-branches List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-branches@freebsd.org X-BeenThere: dev-commits-src-branches@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/stable/14 X-Git-Reftype: branch X-Git-Commit: 1bd8fa1dd0ba562c6b60fe1a316cfcca637d14d6 Auto-Submitted: auto-generated The branch stable/14 has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1bd8fa1dd0ba562c6b60fe1a316cfcca637d14d6 commit 1bd8fa1dd0ba562c6b60fe1a316cfcca637d14d6 Author: Kristof Provost AuthorDate: 2023-09-08 09:21:12 +0000 Commit: Kristof Provost CommitDate: 2023-09-13 10:18:38 +0000 pfsync: fix state leak If we receive a state with a route-to interface name set and we can't find the interface we do not insert the state. However, in that case we must still clean up the state (and state keys). Do so, so we do not leak states. Reviewed by: Kajetan Staszkiewicz MFC after: 3 days Sponsored by: Rubicon Communications, LLC ("Netgate") Differential Revision: https://reviews.freebsd.org/D41779 (cherry picked from commit f415a5c1bd56933367e42312731e4ec553e256ed) --- sys/netpfil/pf/if_pfsync.c | 7 +++++-- 1 file changed, 5 insertions(+), 2 deletions(-) diff --git a/sys/netpfil/pf/if_pfsync.c b/sys/netpfil/pf/if_pfsync.c index db448c9bbc48..e29c00fcb879 100644 --- a/sys/netpfil/pf/if_pfsync.c +++ b/sys/netpfil/pf/if_pfsync.c @@ -685,8 +685,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) printf("%s: unknown route interface: %s\n", __func__, sp->pfs_1400.rt_ifname); if (flags & PFSYNC_SI_IOCTL) - return (EINVAL); - return (0); /* skip this state */ + error = EINVAL; + else + error = 0; + goto cleanup_keys; } break; default: @@ -734,6 +736,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version) cleanup: error = ENOMEM; +cleanup_keys: if (skw == sks) sks = NULL; uma_zfree(V_pf_state_key_z, skw);