upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-08 08:12:27 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pf: Free pf_rule_items when state is not created

Browse source 
This addresses the issues of pf_rule_times leaking in case of stateless
rules and in case of state creation failures, like hitting the state
limit.

Reviewed by:	kp
MFC after:	1 week
Sponsored by:	InnoGames GmbH
Differential Revision:	https://reviews.freebsd.org/D42169
This commit is contained in:
Kajetan Staszkiewicz 2023-10-12 19:43:04 +02:00 committed by Kristof Provost
parent 43cd6bbba0
commit 4d19eceaef
1 changed files with 11 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

11
sys/netpfil/pf/pf.c
View file

@ -4731,6 +4731,11 @@ pf_test_rule(struct pf_krule **rm, struct pf_kstate **sm, struct pfi_kkif *kif,
return (action);
}
} else {
while ((ri = SLIST_FIRST(&match_rules))) {
SLIST_REMOVE_HEAD(&match_rules, entry);
free(ri, M_PF_RULE_ITEM);
}
uma_zfree(V_pf_state_key_z, sk);
uma_zfree(V_pf_state_key_z, nk);
}
@ -4776,6 +4781,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
struct tcphdr *th = &pd->hdr.tcp;
u_int16_t mss = V_tcp_mssdflt;
u_short reason, sn_reason;
struct pf_krule_item *ri;
/* check maximums */
if (r->max_states &&
@ -4986,6 +4992,11 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, struct pf_krule *a,
return (PF_PASS);
csfailed:
while ((ri = SLIST_FIRST(match_rules))) {
SLIST_REMOVE_HEAD(match_rules, entry);
free(ri, M_PF_RULE_ITEM);
}
uma_zfree(V_pf_state_key_z, sk);
uma_zfree(V_pf_state_key_z, nk);