Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 08 Jun 2026 20:47:35 +0000
From:      Ed Maste <emaste@FreeBSD.org>
To:        src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org
Subject:   git: b16c731b0191 - main - ipfw nat: Add assertion that mbuf is not a chain
Message-ID:  <6a272a67.4434b.4d38b685@gitrepo.freebsd.org>
index | next in thread | raw e-mail 

The branch main has been updated by emaste:

URL: https://cgit.FreeBSD.org/src/commit/?id=b16c731b0191d6c47de46a3c6057b0c5ec0dd420

commit b16c731b0191d6c47de46a3c6057b0c5ec0dd420
Author:     Ed Maste <emaste@FreeBSD.org>
AuthorDate: 2026-06-05 21:00:07 +0000
Commit:     Ed Maste <emaste@FreeBSD.org>
CommitDate: 2026-06-08 20:47:24 +0000

    ipfw nat: Add assertion that mbuf is not a chain
    
    Discarding m_free's return value will result in an mbuf leak if the mbuf
    was in a chain.
    
    In general we should use m_freem if the mbuf may be in a chain, or
    assert that the return was NULL.  There will not be a chain here due to
    m_megapullup, so add an assert.
    
    Reviewed by:    ae
    Sponsored by:   The FreeBSD Foundation
    Differential Revision: https://reviews.freebsd.org/D57479
---
 sys/netpfil/ipfw/ip_fw_nat.c | 5 +++--
 1 file changed, 3 insertions(+), 2 deletions(-)

diff --git a/sys/netpfil/ipfw/ip_fw_nat.c b/sys/netpfil/ipfw/ip_fw_nat.c
index e816c7bd95eb..6ebde03fe2e3 100644
--- a/sys/netpfil/ipfw/ip_fw_nat.c
+++ b/sys/netpfil/ipfw/ip_fw_nat.c
@@ -291,7 +291,7 @@ free_nat_instance(struct cfg_nat *ptr)
 static int
 ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
 {
-	struct mbuf *mcl;
+	struct mbuf *mcl, *mfree __diagused;
 	struct ip *ip;
 	/* XXX - libalias duct tape */
 	int ldt, retval, found;
@@ -396,7 +396,8 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
 	    (retval == PKT_ALIAS_IGNORED &&
 	    (t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
 		/* XXX - should i add some logging? */
-		m_free(mcl);
+		mfree = m_free(mcl);
+		MPASS(mfree == NULL);
 		args->m = NULL;
 		return (IP_FW_DENY);
 	}
home | help

Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?6a272a67.4434b.4d38b685>