Skip site navigation (1)Skip section navigation (2) 
Date:      Mon, 6 Mar 2017 15:01:38 -0800
From:      Gleb Smirnoff <glebius@FreeBSD.org>
To:        Kristof Provost <kp@FreeBSD.org>
Cc:        src-committers@freebsd.org, svn-src-all@freebsd.org, svn-src-stable@freebsd.org, svn-src-stable-11@freebsd.org
Subject:   Re: svn commit: r314702 - stable/11/sys/netpfil/pf
Message-ID:  <20170306230138.GD1044@FreeBSD.org>
In-Reply-To: <201703051314.v25DEIj6076074@repo.freebsd.org>
References:  <201703051314.v25DEIj6076074@repo.freebsd.org>
next in thread | previous in thread | raw e-mail | index | archive | help 
  Kristof,

  this seems accidentially committed to stable branch. Please add it
to head.

And thanks a lot for the fix. Very likely this is my mistake back from 2012.

On Sun, Mar 05, 2017 at 01:14:18PM +0000, Kristof Provost wrote:
K> Author: kp
K> Date: Sun Mar  5 13:14:18 2017
K> New Revision: 314702
K> URL: https://svnweb.freebsd.org/changeset/base/314702
K> 
K> Log:
K>   pf: Fix a crash in low-memory situations
K>   
K>   If the call to pf_state_key_clone() in pf_get_translation() fails (i.e. there's
K>   no more memory for it) it frees skp. This is wrong, because skp is a
K>   pf_state_key **, so we need to free *skp, as is done later in the function.
K>   Getting it wrong means we try to free a stack variable of the calling
K>   pf_test_rule() function, and we panic.
K> 
K> Modified:
K>   stable/11/sys/netpfil/pf/pf_lb.c
K> 
K> Modified: stable/11/sys/netpfil/pf/pf_lb.c
K> ==============================================================================
K> --- stable/11/sys/netpfil/pf/pf_lb.c	Sun Mar  5 12:06:45 2017	(r314701)
K> +++ stable/11/sys/netpfil/pf/pf_lb.c	Sun Mar  5 13:14:18 2017	(r314702)
K> @@ -553,7 +553,7 @@ pf_get_translation(struct pf_pdesc *pd, 
K>  		return (NULL);
K>  	*nkp = pf_state_key_clone(*skp);
K>  	if (*nkp == NULL) {
K> -		uma_zfree(V_pf_state_key_z, skp);
K> +		uma_zfree(V_pf_state_key_z, *skp);
K>  		*skp = NULL;
K>  		return (NULL);
K>  	}
K> _______________________________________________
K> svn-src-all@freebsd.org mailing list
K> https://lists.freebsd.org/mailman/listinfo/svn-src-all
K> To unsubscribe, send any mail to "svn-src-all-unsubscribe@freebsd.org"

-- 
Totus tuus, Glebius.

Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?20170306230138.GD1044>