Skip to content

Commit

Permalink
pf: fix potential state key leak
Browse files Browse the repository at this point in the history 
If we fail to attach the new state keys in pf_state_key_attach() we are
expected to free both keys. Do so.
Note that in some scenarios
  • Loading branch information
@laffer1
laffer1 committed Dec 1, 2024
1 parent e6fc4d5 commit 7b4f818
Showing 1 changed file with 3 additions and 1 deletion.
4 changes: 3 additions & 1 deletion sys/netpfil/pf/pf.c
View file
Original file line number Diff line number Diff line change
Expand Up @@ -1302,7 +1302,9 @@ pf_state_key_attach(struct pf_state_key *skw, struct pf_state_key *sks,
s->timeout = PFTM_UNLINKED;
PF_HASHROW_UNLOCK(ih);
KEYS_UNLOCK();
uma_zfree(V_pf_state_key_z, sk);
uma_zfree(V_pf_state_key_z, skw);
if (skw != sks)
uma_zfree(V_pf_state_key_z, sks);
if (idx == PF_SK_STACK)
pf_detach_state(s);
return (EEXIST); /* collision! */
Expand Down

0 comments on commit 7b4f818

Please sign in to comment.