diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2023-09-06 07:58:07 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2023-09-25 12:27:05 +0000 |
| commit | ddca690373e565a6e86ac1c0e025563ded0a686c (patch) | |
| tree | 0b976eb9eee1d0179dc861459eb51ae7f9a5fd46 | |
| parent | 4df1447f2c76d0db988197f3a05d48e15f976c7c (diff) | |
| download | src-ddca690373e565a6e86ac1c0e025563ded0a686c.tar.gz src-ddca690373e565a6e86ac1c0e025563ded0a686c.zip | |
pf: fix state leak
If we hit the csfailed case in pf_create_state() we may have allocated
a state, so we must also free it. While here reduce the amount of
duplicated cleanup code.
MFC after: 2 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D41772
(cherry picked from commit b6ce41118bb11d3db86eae8fbebc8c198e8b330d)
| -rw-r--r-- | sys/netpfil/pf/pf.c | 18 |
1 files changed, 9 insertions, 9 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 99fca2d6fabf..51f81172bad2 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -4317,10 +4317,6 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, if (r->rt) { if (pf_map_addr(pd->af, r, pd->src, &s->rt_addr, NULL, &sn)) { REASON_SET(&reason, PFRES_MAPFAILED); - pf_src_tree_remove_state(s); - s->timeout = PFTM_UNLINKED; - STATE_DEC_COUNTERS(s); - pf_free_state(s); goto csfailed; } s->rt_kif = r->rpool.cur->kif; @@ -4381,11 +4377,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a, (pd->dir == PF_IN) ? sk : nk, (pd->dir == PF_IN) ? nk : sk, s)) { REASON_SET(&reason, PFRES_STATEINS); - pf_src_tree_remove_state(s); - s->timeout = PFTM_UNLINKED; - STATE_DEC_COUNTERS(s); - pf_free_state(s); - return (PF_DROP); + goto drop; } else *sm = s; @@ -4461,6 +4453,14 @@ csfailed: PF_HASHROW_UNLOCK(sh); } +drop: + if (s != NULL) { + pf_src_tree_remove_state(s); + s->timeout = PFTM_UNLINKED; + STATE_DEC_COUNTERS(s); + pf_free_state(s); + } + return (PF_DROP); } |