hardenedbsd/HardenedBSD
1
0
Fork 0
mirror of https://git.hardenedbsd.org/hardenedbsd/HardenedBSD.git synced 2024-11-25 01:55:19 +01:00
Code Issues Actions Packages Projects Releases Wiki Activity

pf: fix potential memory leaks in pf_create_state()

Browse Source 
If we fail to init TCP (or SCTP) initialization we have to remember to free
state keys as well. They will not be freed for us when we free the state until
we've inserted the state (i.e. pf_insert_state()).

Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D46583
This commit is contained in:
Kristof Provost 2024-08-29 13:31:54 +02:00
parent 4a5fa10861
commit 03d11291d8
1 changed files with 4 additions and 4 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
sys/netpfil/pf/pf.c
View File

@ -5456,7 +5456,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
if (s->state_flags & PFSTATE_SCRUB_TCP &&
pf_normalize_tcp_init(m, off, pd, th, &s->src, &s->dst)) {
REASON_SET(&reason, PFRES_MEMORY);
goto drop;
goto csfailed;
}
if (s->state_flags & PFSTATE_SCRUB_TCP && s->src.scrub &&
pf_normalize_tcp_stateful(m, off, pd, &reason, th, s,
@ -5465,13 +5465,13 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
DPFPRINTF(PF_DEBUG_URGENT,
("pf_normalize_tcp_stateful failed on first "
"pkt\n"));
goto drop;
goto csfailed;
}
} else if (pd->proto == IPPROTO_SCTP) {
if (pf_normalize_sctp_init(m, off, pd, &s->src, &s->dst))
goto drop;
goto csfailed;
if (! (pd->sctp_flags & (PFDESC_SCTP_INIT | PFDESC_SCTP_ADD_IP)))
goto drop;
goto csfailed;
}
s->direction = pd->dir;