The branch main has been updated by kp:

URL: 
https://cgit.FreeBSD.org/src/commit/?id=592418343348bcf4355c249f53cff89ed90ea1f5

commit 592418343348bcf4355c249f53cff89ed90ea1f5
Author:     Kristof Provost <k...@freebsd.org>
AuthorDate: 2025-03-27 14:37:59 +0000
Commit:     Kristof Provost <k...@freebsd.org>
CommitDate: 2025-03-31 12:56:43 +0000

    pf: explicitly NULL state key pointers
    
    After the pf_state_insert() call we may not use these pointers again.
    Explicitly NULL them to ensure we don't.
    Also NULL them out if we free the keys directly.
    
    Reviewed by:    glebius, markj
    MFC after:      3 weeks
    Sponsored by:   Rubicon Communications, LLC ("Netgate")
    Differential Revision:  https://reviews.freebsd.org/D49553
---
 sys/netpfil/pf/pf.c | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c
index c75737f688b0..d60b30057cbb 100644
--- a/sys/netpfil/pf/pf.c
+++ b/sys/netpfil/pf/pf.c
@@ -1835,6 +1835,7 @@ pf_state_insert(struct pfi_kkif *kif, struct pfi_kkif 
*orig_kif,
        /* Returns with ID locked on success. */
        if ((error = pf_state_key_attach(skw, sks, s)) != 0)
                return (error);
+       skw = sks = NULL;
 
        ih = &V_pf_idhash[PF_IDHASH(s)];
        PF_HASHROW_ASSERT(ih);
@@ -5969,6 +5970,7 @@ nextrule:
                action = pf_create_state(r, nr, a, pd, nk, sk,
                    &rewrite, sm, tag, bproto_sum, bip_sum,
                    &match_rules, udp_mapping);
+               sk = nk = NULL;
                if (action != PF_PASS) {
                        pf_udp_mapping_release(udp_mapping);
                        pd->act.log |= PF_LOG_FORCE;
@@ -6017,6 +6019,7 @@ nextrule:
 
                uma_zfree(V_pf_state_key_z, sk);
                uma_zfree(V_pf_state_key_z, nk);
+               sk = nk = NULL;
                pf_udp_mapping_release(udp_mapping);
        }
 
@@ -6234,6 +6237,7 @@ pf_create_state(struct pf_krule *r, struct pf_krule *nr, 
struct pf_krule *a,
                goto drop;
        } else
                *sm = s;
+       sk = nk = NULL;
 
        STATE_INC_COUNTERS(s);
 

Reply via email to