The branch main has been updated by kp:
URL:
https://cgit.FreeBSD.org/src/commit/?id=592418343348bcf4355c249f53cff89ed90ea1f5
commit 592418343348bcf4355c249f53cff89ed90ea1f5
Author: Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-03-27 14:37:59 +0000
Commit: Kristof Provost <k...@freebsd.org>
CommitDate: 2025-03-31 12:56:43 +0000
pf: explicitly NULL state key pointers
After the pf_state_insert() call we may not use these pointers again.
Explicitly NULL them to ensure we don't.
Also NULL them out if we free the keys directly.
Reviewed by: glebius, markj
MFC after: 3 weeks
Sponsored by: Rubicon Communications, LLC ("Netgate")
Differential Revision: https://reviews.freebsd.org/D49553
---
sys/netpfil/pf/pf.c | 4 ++++
1 file changed, 4 insertions(+)
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index c75737f688b0..d60b30057cbb 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1835,6 +1835,7 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif
*orig_kif,
/* Returns with ID locked on success. */
if ((error = pf_state_key_attach(skw, sks, s)) != 0)
return (error);
+ skw = sks = NULL;
ih = &V_pf_idhash[PF_IDHASH(s)];
PF_HASHROW_ASSERT(ih);
@@ -5969,6 +5970,7 @@ nextrule:
action = pf_create_state(r, nr, a, pd, nk, sk,
&rewrite, sm, tag, bproto_sum, bip_sum,
&match_rules, udp_mapping);
+ sk = nk = NULL;
if (action != PF_PASS) {
pf_udp_mapping_release(udp_mapping);
pd->act.log |= PF_LOG_FORCE;
@@ -6017,6 +6019,7 @@ nextrule:
uma_zfree(V_pf_state_key_z, sk);
uma_zfree(V_pf_state_key_z, nk);
+ sk = nk = NULL;
pf_udp_mapping_release(udp_mapping);
}
@@ -6234,6 +6237,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr,
struct pf_krule *a,
goto drop;
} else
*sm = s;
+ sk = nk = NULL;
STATE_INC_COUNTERS(s);
