Module Name: src
Committed By: christos
Date: Wed May 26 14:48:02 UTC 2021
Modified Files:
src/sys/external/bsd/ipf/netinet: ip_nat.c
Log Message:
Fix ip_nat memory leak and use-after-free, wrong element freed (Cy Schubert)
https://cgit.freebsd.org/src/commit/?id=323a4e2c4e285e6f8eee8db3fe2cb74
To generate a diff of this commit:
cvs rdiff -u -r1.23 -r1.24 src/sys/external/bsd/ipf/netinet/ip_nat.c
Please note that diffs are not public domain; they are subject to the
copyright notices on the relevant files.
Modified files:
Index: src/sys/external/bsd/ipf/netinet/ip_nat.c
diff -u src/sys/external/bsd/ipf/netinet/ip_nat.c:1.23 src/sys/external/bsd/ipf/netinet/ip_nat.c:1.24
--- src/sys/external/bsd/ipf/netinet/ip_nat.c:1.23 Sat Aug 1 02:50:42 2020
+++ src/sys/external/bsd/ipf/netinet/ip_nat.c Wed May 26 10:48:02 2021
@@ -1,4 +1,4 @@
-/* $NetBSD: ip_nat.c,v 1.23 2020/08/01 06:50:42 maxv Exp $ */
+/* $NetBSD: ip_nat.c,v 1.24 2021/05/26 14:48:02 christos Exp $ */
/*
* Copyright (C) 2012 by Darren Reed.
@@ -112,7 +112,7 @@ extern struct ifnet vpnif;
#if !defined(lint)
#if defined(__NetBSD__)
#include <sys/cdefs.h>
-__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.23 2020/08/01 06:50:42 maxv Exp $");
+__KERNEL_RCSID(0, "$NetBSD: ip_nat.c,v 1.24 2021/05/26 14:48:02 christos Exp $");
#else
static const char sccsid[] = "@(#)ip_nat.c 1.11 6/5/96 (C) 1995 Darren Reed";
static const char rcsid[] = "@(#)Id: ip_nat.c,v 1.1.1.2 2012/07/22 13:45:27 darrenr Exp";
@@ -6178,7 +6178,7 @@ ipf_nat_rule_deref(ipf_main_softc_t *sof
if (n->in_tqehead[0] != NULL) {
if (ipf_deletetimeoutqueue(n->in_tqehead[0]) == 0) {
- ipf_freetimeoutqueue(softc, n->in_tqehead[1]);
+ ipf_freetimeoutqueue(softc, n->in_tqehead[0]);
}
}
