From owner-svn-src-all@freebsd.org Mon Mar 6 23:01:40 2017 Return-Path: Delivered-To: svn-src-all@mailman.ysv.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:1900:2254:206a::19:1]) by mailman.ysv.freebsd.org (Postfix) with ESMTP id AE2BECFB7E8; Mon, 6 Mar 2017 23:01:40 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (glebi.us [96.95.210.25]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (Client CN "cell.glebi.us", Issuer "cell.glebi.us" (not verified)) by mx1.freebsd.org (Postfix) with ESMTPS id 95470181F; Mon, 6 Mar 2017 23:01:40 +0000 (UTC) (envelope-from glebius@FreeBSD.org) Received: from cell.glebi.us (localhost [127.0.0.1]) by cell.glebi.us (8.15.2/8.15.2) with ESMTPS id v26N1cWK081937 (version=TLSv1.2 cipher=DHE-RSA-AES256-GCM-SHA384 bits=256 verify=NO); Mon, 6 Mar 2017 15:01:38 -0800 (PST) (envelope-from glebius@FreeBSD.org) Received: (from glebius@localhost) by cell.glebi.us (8.15.2/8.15.2/Submit) id v26N1caE081936; Mon, 6 Mar 2017 15:01:38 -0800 (PST) (envelope-from glebius@FreeBSD.org) X-Authentication-Warning: cell.glebi.us: glebius set sender to glebius@FreeBSD.org using -f Date: Mon, 6 Mar 2017 15:01:38 -0800 From: Gleb Smirnoff To: Kristof Provost Cc: src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org Subject: Re: svn commit: r314702 - stable/11/sys/netpfil/pf Message-ID: <20170306230138.GD1044@FreeBSD.org> References: <201703051314.v25DEIj6076074@repo.freebsd.org> MIME-Version: 1.0 Content-Type: text/plain; charset=us-ascii Content-Disposition: inline In-Reply-To: <201703051314.v25DEIj6076074@repo.freebsd.org> User-Agent: Mutt/1.7.2 (2016-11-26) X-BeenThere: svn-src-all@freebsd.org X-Mailman-Version: 2.1.23 Precedence: list List-Id: "SVN commit messages for the entire src tree \(except for " user" and " projects" \)" List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Mon, 06 Mar 2017 23:01:40 -0000 Kristof, this seems accidentially committed to stable branch. Please add it to head. And thanks a lot for the fix. Very likely this is my mistake back from 2012. On Sun, Mar 05, 2017 at 01:14:18PM +0000, Kristof Provost wrote: K> Author: kp K> Date: Sun Mar 5 13:14:18 2017 K> New Revision: 314702 K> URL: https://svnweb.freebsd.org/changeset/base/314702 K> K> Log: K> pf: Fix a crash in low-memory situations K> K> If the call to pf_state_key_clone() in pf_get_translation() fails (i.e. there's K> no more memory for it) it frees skp. This is wrong, because skp is a K> pf_state_key **, so we need to free *skp, as is done later in the function. K> Getting it wrong means we try to free a stack variable of the calling K> pf_test_rule() function, and we panic. K> K> Modified: K> stable/11/sys/netpfil/pf/pf_lb.c K> K> Modified: stable/11/sys/netpfil/pf/pf_lb.c K> ============================================================================== K> --- stable/11/sys/netpfil/pf/pf_lb.c Sun Mar 5 12:06:45 2017 (r314701) K> +++ stable/11/sys/netpfil/pf/pf_lb.c Sun Mar 5 13:14:18 2017 (r314702) K> @@ -553,7 +553,7 @@ pf_get_translation(struct pf_pdesc *pd, K> return (NULL); K> *nkp = pf_state_key_clone(*skp); K> if (*nkp == NULL) { K> - uma_zfree(V_pf_state_key_z, skp); K> + uma_zfree(V_pf_state_key_z, *skp); K> *skp = NULL; K> return (NULL); K> } K> _______________________________________________ K> svn-src-all@freebsd.org mailing list K> https://lists.freebsd.org/mailman/listinfo/svn-src-all K> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org" -- Totus tuus, Glebius.