upstream/opnsense-src
1
0
Fork 0
mirror of https://github.com/opnsense/src.git synced 2026-06-09 00:32:25 -04:00
Code Issues Projects Releases Packages Wiki Activity Actions

pfsync: fix state leak

Browse source 
If we receive a state with a route-to interface name set and we can't
find the interface we do not insert the state. However, in that case we
must still clean up the state (and state keys).
Do so, so we do not leak states.

Reviewed by:	Kajetan Staszkiewicz <vegeta@tuxpowered.net>
MFC after:	3 days
Sponsored by:	Rubicon Communications, LLC ("Netgate")
Differential Revision:	https://reviews.freebsd.org/D41779
This commit is contained in:
Kristof Provost 2023-09-08 11:21:12 +02:00
parent b2618b651b
commit f415a5c1bd
1 changed files with 5 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

7
sys/netpfil/pf/if_pfsync.c
View file

@ -685,8 +685,10 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
printf("%s: unknown route interface: %s\n",
__func__, sp->pfs_1400.rt_ifname);
if (flags & PFSYNC_SI_IOCTL)
return (EINVAL);
return (0); /* skip this state */
error = EINVAL;
else
error = 0;
goto cleanup_keys;
}
break;
default:
@ -734,6 +736,7 @@ pfsync_state_import(union pfsync_state_union *sp, int flags, int msg_version)
cleanup:
error = ENOMEM;
cleanup_keys:
if (skw == sks)
sks = NULL;
uma_zfree(V_pf_state_key_z, skw);