diff options
| author | Mark Johnston <markj@FreeBSD.org> | 2022-06-30 14:19:23 +0000 |
|---|---|---|
| committer | Ed Maste <emaste@FreeBSD.org> | 2022-08-29 13:06:03 +0000 |
| commit | 86bd7f67c31f30169e77235e329d72ee98a87a29 (patch) | |
| tree | ff5c334f0298821383e2301b46369b1bad7a0064 | |
| parent | 4149598b7a9296d0efbbc52b758d8d2d52b12e48 (diff) | |
| download | src-86bd7f67c31f30169e77235e329d72ee98a87a29.tar.gz src-86bd7f67c31f30169e77235e329d72ee98a87a29.zip | |
pf: Make sure that pfi_update_status() always zeros counters
pfi_update_status() can return early if the status interface doesn't
exist. But in this case pf_getstatus() was copying uninitialized stack
memory into the output nvlist.
Reported by: Jenkins (KMSAN job)
Reviewed by: kp
MFC after: 2 weeks
Sponsored by: The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D35659
(cherry picked from commit 333670372ffe2f1c562e1088a7779eb709006ba2)
| -rw-r--r-- | sys/netpfil/pf/pf_if.c | 9 |
1 files changed, 5 insertions, 4 deletions
diff --git a/sys/netpfil/pf/pf_if.c b/sys/netpfil/pf/pf_if.c index 806718863f34..54ac84365180 100644 --- a/sys/netpfil/pf/pf_if.c +++ b/sys/netpfil/pf/pf_if.c @@ -789,6 +789,11 @@ pfi_update_status(const char *name, struct pf_status *pfs) CK_STAILQ_HEAD(, ifg_member) ifg_members; int i, j, k; + if (pfs) { + bzero(pfs->pcounters, sizeof(pfs->pcounters)); + bzero(pfs->bcounters, sizeof(pfs->bcounters)); + } + strlcpy(key.pfik_name, name, sizeof(key.pfik_name)); p = RB_FIND(pfi_ifhead, &V_pfi_ifs, (struct pfi_kkif *)&key); if (p == NULL) @@ -804,10 +809,6 @@ pfi_update_status(const char *name, struct pf_status *pfs) CK_STAILQ_INIT(&ifg_members); CK_STAILQ_INSERT_TAIL(&ifg_members, &p_member, ifgm_next); } - if (pfs) { - bzero(pfs->pcounters, sizeof(pfs->pcounters)); - bzero(pfs->bcounters, sizeof(pfs->bcounters)); - } CK_STAILQ_FOREACH(ifgm, &ifg_members, ifgm_next) { if (ifgm->ifgm_ifp == NULL || ifgm->ifgm_ifp->if_pf_kif == NULL) continue; |