The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=efc64d02a62f3254ecc0b22fcbcb8f73a079669f
commit efc64d02a62f3254ecc0b22fcbcb8f73a079669f Author: Kristof Provost <[email protected]> AuthorDate: 2022-04-21 12:53:05 +0000 Commit: Kristof Provost <[email protected]> CommitDate: 2022-04-21 15:59:45 +0000 pf: counter argument to pfr_pool_get() may never be NULL Coverity points out that if counter was NULL when passed to pfr_pool_get() we could potentially end up dereferencing it. Happily all users of the function pass a non-NULL pointer. Enforce this by assertion and remove the pointless NULL check. Reported by: Coverity (CID 273309) MFC after: 1 week Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_table.c | 3 ++- 1 file changed, 2 insertions(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf_table.c b/sys/netpfil/pf/pf_table.c index 9b048d899810..ea37b077c651 100644 --- a/sys/netpfil/pf/pf_table.c +++ b/sys/netpfil/pf/pf_table.c @@ -2249,6 +2249,7 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter, int idx = -1, use_counter = 0; MPASS(pidx != NULL); + MPASS(counter != NULL); switch (af) { case AF_INET: @@ -2268,7 +2269,7 @@ pfr_pool_get(struct pfr_ktable *kt, int *pidx, struct pf_addr *counter, return (-1); idx = *pidx; - if (counter != NULL && idx >= 0) + if (idx >= 0) use_counter = 1; if (idx < 0) idx = 0;
