Date: Wed, 14 Jan 2026 08:06:15 +0000 From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 1ee4405a00d7 - main - pf: avoid a shadowed variable in the pf_create_state() source limiter handling Message-ID: <69674e77.b5cc.350cc295@gitrepo.freebsd.org>
index | next in thread | raw e-mail
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=1ee4405a00d7bcfa5545bba7a78b71cdd4cfdc20 commit 1ee4405a00d7bcfa5545bba7a78b71cdd4cfdc20 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2026-01-12 16:19:52 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2026-01-14 06:44:43 +0000 pf: avoid a shadowed variable in the pf_create_state() source limiter handling the code that unwinds state creation when something fails needed the pf_source variable at the function scope to be set, but this was masked by a declaration in the scope that sets up the source limiting. this results in a NULL deref in the unwind code when it needs to clean up the accounting for a source limiter. i found it funny that i left this comment for myself in the unwinding code: /* who needs KASSERTS when we have NULL derefs */ ok jmatthew@ Obtained from: OpenBSD, dlg <dlg@openbsd.org>, fc9311361f Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf.c | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 88b110d744ee..79948b218428 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6846,9 +6846,9 @@ pf_create_state(struct pf_krule *r, struct pf_test_ctx *ctx, srlim = ctx->sourcelim; if (srlim != NULL) { - struct pf_source *sr = ctx->source; unsigned int gen; + sr = ctx->source; if (sr == NULL) { sr = malloc(sizeof(*sr), M_PF_SOURCE_LIM, M_NOWAIT | M_ZERO); if (sr == NULL) {home | help
Want to link to this message? Use this
URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?69674e77.b5cc.350cc295>