upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 08:43:19 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pfsync: fix state leak

Browse source 
If we receive a state with a route-to interface name set and we can't
find the interface we do not insert the state. However, in that case we
must still clean up the state (and state keys).
Do so, so we do not leak states.

Reviewed by:	Kajetan Staszkiewicz <vegeta@tuxpowered.net>
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D41779

(cherry picked from commit f415a5c1bd)
This commit is contained in:
Kristof Provost 2023-09-08 11:21:12 +02:00
parent c265e62179
commit 1bd8fa1dd0
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sys/netpfil/pf/if_pfsync.c
View file

@ -685,8 +685,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
printf("%s: unknown route interface: %s\n",
__func__, sp->pfs_1400.rt_ifname);
if (flags & PFSYNC_SI_IOCTL)
return (EINVAL);
return (0); /* skip this state */
error = EINVAL;
else
error = 0;
goto cleanup_keys;
}
break;
default:
@ -734,6 +736,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
cleanup:
error = ENOMEM;
cleanup_keys:
if (skw == sks)
sks = NULL;
uma_zfree(V_pf_state_key_z, skw);