diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2025-08-29 14:27:52 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2025-09-02 21:10:21 +0000 |
| commit | ea15fe2e8cbc3a5d3f62a9d22e0e4bef63f611eb (patch) | |
| tree | 47e1a82ecfe538d7afdf753b742ed93006ee3d99 | |
| parent | aa790af10a9a2ce36ca0b2bc445a01431b8bc0c4 (diff) | |
pf: fix memory leak in legacy getstate calls
If we fail to copy the data out we didn't free the temporary allocation.
Sponsored by: Rubicon Communications, LLC ("Netgate")
| -rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 8 |
1 files changed, 6 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 7a14c0946dfc..9ca7c6759e27 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -4125,8 +4125,10 @@ DIOCGETSTATES_retry: PF_HASHROW_UNLOCK(ih); error = copyout(pstore, out, sizeof(struct pfsync_state_1301) * count); - if (error) + if (error) { + free(pstore, M_PF); goto fail; + } out = ps->ps_states + nr; } DIOCGETSTATES_full: @@ -4203,8 +4205,10 @@ DIOCGETSTATESV2_retry: PF_HASHROW_UNLOCK(ih); error = copyout(pstore, out, sizeof(struct pf_state_export) * count); - if (error) + if (error) { + free(pstore, M_PF); goto fail; + } out = ps->ps_states + nr; } DIOCGETSTATESV2_full: |