git: 4df4b69530c3 - stable/13 - pf: explicitly NULL state key pointers
- Go to: [ bottom of page ] [ top of archives ] [ this month ]
Date: Mon, 21 Apr 2025 21:15:46 UTC
The branch stable/13 has been updated by kp:
URL: https://cgit.FreeBSD.org/src/commit/?id=4df4b69530c34122775ce77945002c745f395651
commit 4df4b69530c34122775ce77945002c745f395651
Author: Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2025-03-27 14:37:59 +0000
Commit: Kristof Provost <kp@FreeBSD.org>
CommitDate: 2025-04-21 21:14:16 +0000
pf: explicitly NULL state key pointers
After the pf_state_insert() call we may not use these pointers again.
Explicitly NULL them to ensure we don't.
Also NULL them out if we free the keys directly.
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49553
(cherry picked from commit 592418343348bcf4355c249f53cff89ed90ea1f5)
---
sys/netpfil/pf/pf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index 8306b400b1d9..1cf8d9b8e920 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1567,6 +1567,7 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif *orig_kif,
/* Returns with ID locked on success. */
if ((error = pf_state_key_attach(skw, sks, s)) != 0)
return (error);
+ skw = sks = NULL;
ih = &V_pf_idhash[PF_IDHASH(s)];
PF_HASHROW_ASSERT(ih);
@@ -4473,6 +4474,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction,
action = pf_create_state(r, nr, a, pd, nsn, nk, sk, m, off,
sport, dport, &rewrite, kif, sm, tag, bproto_sum, bip_sum,
hdrlen);
+ sk = nk = NULL;
if (action != PF_PASS) {
if (action == PF_DROP &&
(r->rule_flag & PFRULE_RETURN))
@@ -4485,6 +4487,7 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, int direction,
uma_zfree(V_pf_state_key_z, sk);
if (nk != NULL)
uma_zfree(V_pf_state_key_z, nk);
+ sk = nk = NULL;
}
/* copy back packet headers if we performed NAT operations */
@@ -4686,6 +4689,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
goto drop;
} else
*sm = s;
+ sk = nk = NULL;
if (tag > 0)
s->tag = tag;