From fa96701c8abbc29aad7f8f8d6b823bd7f89c6c15 Mon Sep 17 00:00:00 2001 From: Kristof Provost Date: Mon, 5 Jul 2021 14:21:03 +0200 Subject: [PATCH] pf: Handle errors returned by pf_killstates() Happily this wasn't a real bug, because pf_killstates() never fails, but we should check the return value anyway, in case it does ever start returning errors. Reported by: clang --analyze MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_ioctl.c | 2 ++ 1 file changed, 2 insertions(+) diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 19b92e93205..fece41e917e 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -4887,6 +4887,8 @@ pf_killstates_nv(struct pfioc_nv *nv) ERROUT(error); error = pf_killstates(&kill, &killed); + if (error) + ERROUT(error); free(nvlpacked, M_NVLIST); nvlpacked = NULL;