From nobody Thu Jun 02 18:18:10 2022 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id DCC921965E94; Thu, 2 Jun 2022 18:18:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R3" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4LDZ4y5xvzz3kBf; Thu, 2 Jun 2022 18:18:10 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654193890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4/OLeS5DoTcm+oAxJwZazpfq1oNC3A1+RN5rJ/wByXQ=; b=ICHiEuPH92REAfLFqhggLGsptJaATud+l5erLLIp33gK9douM3NAQPJsQhh8kif7yojfyx 4gsIbijtnnIg7CIQq5aB+qrTFxmDY0CwFaYe7SbULIYMSyZCG9a1bzhkt4K3R8G4vN2HbW gecjVTeDbSWpsxyXXwZAuzKFHXmD7iTgGRQc+5GbA4M0QwoRU8ntWl/5Hy5P/MJfub/fOc i6nYpGB3vYiqraGxv7oBQSCvNIYE8YmxJdwkHzsZoqYsFRoZEV6gZna85xV+OTZLC5znbP FOgNMjjrpCmhDUGo/uZuelgbJ6AO9OYsCQ+DOkdirpLI04Z/K1q6NvS/COSIag== Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256) (Client did not present a certificate) by mxrelay.nyi.freebsd.org (Postfix) with ESMTPS id AC4F319A0B; Thu, 2 Jun 2022 18:18:10 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from gitrepo.freebsd.org ([127.0.1.44]) by gitrepo.freebsd.org (8.16.1/8.16.1) with ESMTP id 252IIAPs087216; Thu, 2 Jun 2022 18:18:10 GMT (envelope-from git@gitrepo.freebsd.org) Received: (from git@localhost) by gitrepo.freebsd.org (8.16.1/8.16.1/Submit) id 252IIAdK087215; Thu, 2 Jun 2022 18:18:10 GMT (envelope-from git) Date: Thu, 2 Jun 2022 18:18:10 GMT Message-Id: <202206021818.252IIAdK087215@gitrepo.freebsd.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: a37e0e6de652 - main - pf: fix more syncookie memory leaks List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: Sender: owner-dev-commits-src-main@freebsd.org X-BeenThere: dev-commits-src-main@freebsd.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: a37e0e6de6527a7eaddea8e28f5e4b3427fba1a4 Auto-Submitted: auto-generated ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1654193890; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=4/OLeS5DoTcm+oAxJwZazpfq1oNC3A1+RN5rJ/wByXQ=; b=aJvdsoijwwLgpoEgWQ5VNr99Wt/jwVlZZlxUAHtahh9KiypwXnQkNSAUo9lhy+3DqqFM8f gpUjgW1fITEA/KqamTp7BEFtI81wBW0SGlnZhgsb2FQ6zzzoqos5ZrAuJizZHPaabvAoMb begqwslTVhIoj+h+WnMdYw/iCz/895BBBCqfsTUYW6xxIQ6qwO6I+LjLtL8+iboYbg0RMq vRtxiDuD1/lRK1Mvb0qwcW+7hXUPm0Ij8NzTUv9L4+JehFkdqkmZPy5FeMbJm0eDlorB59 8SJxgMfjKj7MRbiQDKn+MIlQF3cP8XTm2frfUKyC2AB3WAed/3aUFzP7xL8EDg== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1654193890; a=rsa-sha256; cv=none; b=OuftEHwzFLogMoeT/NPaQfpauRJTlClpfbxHqF3Aef33Lz1LGzdsGdQMy1lG94JdOpRoVG 9wCw4NIUxiqa7x4Tm2GRU9KqKV5K8+utdQRWIda2BILys9Cg2eQONB6TmV2VpaA77otsff yjho1yjS2hzeC1qywFPAa43wnxYF+0ZK5MKVMcpY+o/Wu/0gTPkOCyfIUHAzE80Mkjod7r TUg3hZILh7Q6sELHG0phitmobSQqUXEZBSgIz85byk5I7ytG0vYycpn0ylem86c8OaXO35 rJSeP46653i0So8otjy5FnJtsUxEq0fJD/hXaixf1GCe5DW3RPggjgQU6+slVg== ARC-Authentication-Results: i=1; mx1.freebsd.org; none X-ThisMailContainsUnwantedMimeParts: N The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=a37e0e6de6527a7eaddea8e28f5e4b3427fba1a4 commit a37e0e6de6527a7eaddea8e28f5e4b3427fba1a4 Author: Franco Fichtner AuthorDate: 2022-06-02 16:27:43 +0000 Commit: Kristof Provost CommitDate: 2022-06-02 18:17:25 +0000 pf: fix more syncookie memory leaks Allocate memory for packed nvlists in M_NVLIST, as nvlist_pack() does this as well, and we use the same variable interchangable with the memory we allocate. When we free it we can end up freeing from the wrong zone, leaking memory. Reviewed by: kp Differential Revision: https://reviews.freebsd.org/D35385 --- sys/netpfil/pf/pf_ioctl.c | 20 ++++++++++---------- sys/netpfil/pf/pf_syncookies.c | 6 +++--- 2 files changed, 13 insertions(+), 13 deletions(-) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 745b9b69060b..1ccbbd3814ac 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -2722,7 +2722,7 @@ DIOCGETETHRULES_error: if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -2763,7 +2763,7 @@ DIOCGETETHRULES_error: nvlist_destroy(nvl); nvl = NULL; - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlpacked = NULL; rule = TAILQ_FIRST(rs->active.rules); @@ -2803,7 +2803,7 @@ DIOCGETETHRULES_error: #undef ERROUT DIOCGETETHRULE_error: - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); nvlist_destroy(nvl); break; } @@ -2819,7 +2819,7 @@ DIOCGETETHRULE_error: #define ERROUT(x) ERROUT_IOCTL(DIOCADDETHRULE_error, x) - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -2922,7 +2922,7 @@ DIOCGETETHRULE_error: #undef ERROUT DIOCADDETHRULE_error: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); break; } @@ -3117,7 +3117,7 @@ DIOCGETETHRULESET_error: if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); error = copyin(nv->data, nvlpacked, nv->len); if (error) ERROUT(error); @@ -3156,13 +3156,13 @@ DIOCGETETHRULESET_error: anchor_call, td); nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); break; #undef ERROUT DIOCADDRULENV_error: pf_krule_free(rule); nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); break; } @@ -6018,7 +6018,7 @@ pf_keepcounters(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) ERROUT(ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) ERROUT(ENOMEM); @@ -6037,7 +6037,7 @@ pf_keepcounters(struct pfioc_nv *nv) on_error: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); } diff --git a/sys/netpfil/pf/pf_syncookies.c b/sys/netpfil/pf/pf_syncookies.c index 5230502be30c..6a375411d8ea 100644 --- a/sys/netpfil/pf/pf_syncookies.c +++ b/sys/netpfil/pf/pf_syncookies.c @@ -171,7 +171,7 @@ pf_get_syncookies(struct pfioc_nv *nv) #undef ERROUT errout: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); } @@ -191,7 +191,7 @@ pf_set_syncookies(struct pfioc_nv *nv) if (nv->len > pf_ioctl_maxcount) return (ENOMEM); - nvlpacked = malloc(nv->len, M_TEMP, M_WAITOK); + nvlpacked = malloc(nv->len, M_NVLIST, M_WAITOK); if (nvlpacked == NULL) return (ENOMEM); @@ -232,7 +232,7 @@ pf_set_syncookies(struct pfioc_nv *nv) #undef ERROUT errout: nvlist_destroy(nvl); - free(nvlpacked, M_TEMP); + free(nvlpacked, M_NVLIST); return (error); }