git: a6246a50b634 - main - pf: fix double free if pf_ioctl_addrule() fails

From: Kristof Provost <kp_at_FreeBSD.org>
Date: Wed, 08 Nov 2023 21:56:13 UTC
The branch main has been updated by kp:

URL: https://cgit.FreeBSD.org/src/commit/?id=a6246a50b63450d0fe34e3429807bd5aba8cc2ac

commit a6246a50b63450d0fe34e3429807bd5aba8cc2ac
Author:     Kristof Provost <kp@FreeBSD.org>
AuthorDate: 2023-11-08 14:06:15 +0000
Commit:     Kristof Provost <kp@FreeBSD.org>
CommitDate: 2023-11-08 20:58:52 +0000

    pf: fix double free if pf_ioctl_addrule() fails
    
    If pf_ioctl_addrule() returns an error it will have freed the rule
    itself. There's no need for the caller to free it again.
    
    PR:             274915
    Reported by:    Dave Cottlehuber <dch@FreeBSD.org>
    MFC after:      1 week
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
---
 sys/netpfil/pf/pf_nl.c | 3 ---
 1 file changed, 3 deletions(-)

diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c
index bf3d23051c05..fe5ded0e86a4 100644
--- a/sys/netpfil/pf/pf_nl.c
+++ b/sys/netpfil/pf/pf_nl.c
@@ -632,9 +632,6 @@ pf_handle_addrule(struct nlmsghdr *hdr, struct nl_pstate *npt)
 	    attrs.anchor, attrs.anchor_call, nlp_get_cred(npt->nlp)->cr_uid,
 	    hdr->nlmsg_pid);
 
-	if (error != 0)
-		pf_krule_free(attrs.rule);
-
 	return (error);
 }