Module Name: src
Committed By: riastradh
Date: Tue Mar 15 13:00:44 UTC 2022
Modified Files:
src/sys/net: bpf.c
Log Message:
bpf(4): Handle null bf_insn on free.
This is not guaranteed by bpf_setf to be nonnull.
Reported-by: syzbot+de1ec9471dfc2f283...@syzkaller.appspotmail.com
To generate a diff of this commit:
cvs rdiff -u -r1.245 -r1.246 src/sys/net/bpf.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/net/bpf.c
diff -u src/sys/net/bpf.c:1.245 src/sys/net/bpf.c:1.246
--- src/sys/net/bpf.c:1.245 Sat Mar 12 17:23:32 2022
+++ src/sys/net/bpf.c Tue Mar 15 13:00:44 2022
@@ -1,4 +1,4 @@
-/* $NetBSD: bpf.c,v 1.245 2022/03/12 17:23:32 riastradh Exp $ */
+/* $NetBSD: bpf.c,v 1.246 2022/03/15 13:00:44 riastradh Exp $ */
/*
* Copyright (c) 1990, 1991, 1993
@@ -39,7 +39,7 @@
*/
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.245 2022/03/12 17:23:32 riastradh Exp $");
+__KERNEL_RCSID(0, "$NetBSD: bpf.c,v 1.246 2022/03/15 13:00:44 riastradh Exp $");
#if defined(_KERNEL_OPT)
#include "opt_bpf.h"
@@ -2089,9 +2089,9 @@ bpf_free_filter(struct bpf_filter *filte
{
KASSERT(filter != NULL);
- KASSERT(filter->bf_insn != NULL);
- kmem_free(filter->bf_insn, filter->bf_size);
+ if (filter->bf_insn != NULL)
+ kmem_free(filter->bf_insn, filter->bf_size);
if (filter->bf_jitcode != NULL)
bpf_jit_freecode(filter->bf_jitcode);
kmem_free(filter, sizeof(*filter));
