When storing a state file ("pfctl -S statefile"), pfctl_state_store()
returns without freeing the inbuf pointer.
And if the state table is empty, it doesn't close the file before
returning.
This diff fixes both bugs. OK?
Index: pfctl.c
===================================================================
RCS file: /cvs/src/sbin/pfctl/pfctl.c,v
retrieving revision 1.317
diff -u -p -U4 -r1.317 pfctl.c
--- pfctl.c 12 Aug 2013 17:42:08 -0000 1.317
+++ pfctl.c 7 Oct 2013 21:16:10 -0000
@@ -1857,20 +1857,22 @@ pfctl_state_store(int dev, const char *f
if (ps.ps_len + sizeof(struct pfioc_states) < len)
break;
if (len == 0 && ps.ps_len == 0)
- return;
+ goto done;
if (len == 0 && ps.ps_len != 0)
len = ps.ps_len;
if (ps.ps_len == 0)
- return; /* no states */
+ goto done; /* no states */
len *= 2;
}
n = ps.ps_len / sizeof(struct pfsync_state);
if (fwrite(inbuf, sizeof(struct pfsync_state), n, f) < n)
err(1, "fwrite");
+done:
+ free(inbuf);
fclose(f);
}
void
