diff options
| author | Kristof Provost <kp@FreeBSD.org> | 2018-12-01 09:58:21 +0000 |
|---|---|---|
| committer | Kristof Provost <kp@FreeBSD.org> | 2018-12-01 09:58:21 +0000 |
| commit | b2e0b24f76066fc52abe4330772c41996eca8bf8 (patch) | |
| tree | 574d95d973fde267a71e610e6ebfa9e7ff75a173 /sys/netpfil/pf | |
| parent | db785060cbc99d52fdbf8d986878f3b4effc6b54 (diff) | |
| download | src-b2e0b24f76066fc52abe4330772c41996eca8bf8.tar.gz src-b2e0b24f76066fc52abe4330772c41996eca8bf8.zip | |
pf: Fix panic on overlapping interface names
In rare situations[*] it's possible for two different interfaces to have
the same name. This confuses pf, because kifs are indexed by name (which
is assumed to be unique). As a result we can end up trying to
if_rele(NULL), which panics.
Explicitly checking the ifp pointer before if_rele() prevents the panic.
Note pf will likely behave in unexpected ways on the the overlapping
interfaces.
[*] Insert an interface in a vnet jail. Rename it to an interface which
exists on the host. Remove the jail. There are now two interfaces with
the same name in the host.
Notes
Notes:
svn path=/head/; revision=341359
Diffstat (limited to 'sys/netpfil/pf')
| -rw-r--r-- | sys/netpfil/pf/pf_if.c | 3 |
1 files changed, 2 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf_if.c b/sys/netpfil/pf/pf_if.c index 76b8d4abd5af..37203e04add6 100644 --- a/sys/netpfil/pf/pf_if.c +++ b/sys/netpfil/pf/pf_if.c @@ -853,7 +853,8 @@ pfi_detach_ifnet_event(void *arg __unused, struct ifnet *ifp) V_pfi_update++; pfi_kif_update(kif); - if_rele(kif->pfik_ifp); + if (kif->pfik_ifp) + if_rele(kif->pfik_ifp); kif->pfik_ifp = NULL; ifp->if_pf_kif = NULL; |