upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-05-22 01:54:31 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

ipfilter: Fix ip_nat memory leak and use-after-free

Browse source 
Unfortunately the wrong elemet is freed, also resulting in use-after-free.

PR:		255859
Submitted by:	lylgood@foxmail.com
Reported by:	lylgood@foxmail.com

(cherry picked from commit 323a4e2c4e)
This commit is contained in:
Cy Schubert 2021-05-25 11:54:49 -07:00
parent 19cfc8e655
commit 2fb3779764
1 changed files with 1 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

2
sys/contrib/ipfilter/netinet/ip_nat.c
View file

@ -6243,7 +6243,7 @@ ipf_nat_rule_deref(softc, inp)
if (n->in_tqehead[0] != NULL) {
if (ipf_deletetimeoutqueue(n->in_tqehead[0]) == 0) {
ipf_freetimeoutqueue(softc, n->in_tqehead[1]);
ipf_freetimeoutqueue(softc, n->in_tqehead[0]);
}
}