Date: Wed, 11 Mar 2015 12:50:23 +0300 From: "Andrey V. Elsukov" <bu7cher@yandex.ru> To: Kristof Provost <kristof@sigsegv.be>, freebsd-net@FreeBSD.org Cc: freebsd-pf@FreeBSD.org Subject: Re: [PATCH] Fix panic with pf fastroute Message-ID: <55000FDF.10007@yandex.ru> In-Reply-To: <20150311083916.GQ1975@vega.codepro.be> References: <1426064691-1238-1-git-send-email-kristof@sigsegv.be> <20150311083916.GQ1975@vega.codepro.be>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 4880 and 3156) --b1wKiEvkW8XJSfeC9L6BIOf9LHC7irkac Content-Type: text/plain; charset=windows-1252 Content-Transfer-Encoding: quoted-printable On 11.03.2015 11:39, Kristof Provost wrote: > The pf code in pf_route6() neglected to set the mbuf pointer to NULL > after the call to ip6_output(). As a result we end up trying to continu= e > processing on an mbuf which has already been freed. > --- > sys/netpfil/pf/pf.c | 1 + > 1 file changed, 1 insertion(+) >=20 > diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c > index b32288b..7c3ddb8 100644 > --- a/sys/netpfil/pf/pf.c > +++ b/sys/netpfil/pf/pf.c > @@ -5470,6 +5470,7 @@ pf_route6(struct mbuf **m, struct pf_rule *r, int= dir, struct ifnet *oifp, > PF_STATE_UNLOCK(s); > m0->m_flags |=3D M_SKIP_FIREWALL; > ip6_output(m0, NULL, NULL, 0, NULL, NULL, NULL); > + *m =3D NULL; > return; > } It looks like there are some code paths that do a copy of original mbuf. Are you sure this doesn't introduce mbuf leak? --=20 WBR, Andrey V. Elsukov --b1wKiEvkW8XJSfeC9L6BIOf9LHC7irkac Content-Type: application/pgp-signature; name="signature.asc" Content-Description: OpenPGP digital signature Content-Disposition: attachment; filename="signature.asc" -----BEGIN PGP SIGNATURE----- Version: GnuPG v2 Comment: Using GnuPG with Thunderbird - http://www.enigmail.net/ iQEcBAEBCAAGBQJVAA/fAAoJEAHF6gQQyKF6k+wH/3IVNGOcDTE1yMQBB7IB+Dac i0uxybhQLncftcifJQaya6ytzXny96x+B727Rmlo8Jnscsmn3IwYYpnA+9dduWPX xE3/cSM0h5Qg0JB/h4XHvcZdAsqqZYfDOCF48uul68ZwuyKS8rYWs7C/WsydeRlk WKETd1+7M0A+g9HtDGLRUiFTD2XcZkP9cWhlw92za3HuQkz+Y+5N0H5i+I+YyTf7 hw3SISURf6bRc6owvVyUHiECebnBuJk2FKvioVFs8uXo5IJjZ33AZJw/U76GhJB4 an6qzGkgO4Qt/IjTUjtdBgmhs44oQ4tnAOsdr5OeF7TkjSPPbgfeEJiEH2E5jYs= =qZb3 -----END PGP SIGNATURE----- --b1wKiEvkW8XJSfeC9L6BIOf9LHC7irkac--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?55000FDF.10007>