Date: Mon, 29 Apr 2024 16:15:58 GMT From: Kristof Provost <kp@FreeBSD.org> To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org Subject: git: 221d459fbc67 - main - pflow: handle unattached states Message-ID: <202404291615.43TGFwqe050256@gitrepo.freebsd.org>
next in thread | raw e-mail | index | archive | help
The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=221d459fbc67e0c0565d6c6ea52fe8bbc5466fc7 commit 221d459fbc67e0c0565d6c6ea52fe8bbc5466fc7 Author: Kristof Provost <kp@FreeBSD.org> AuthorDate: 2024-04-29 09:51:17 +0000 Commit: Kristof Provost <kp@FreeBSD.org> CommitDate: 2024-04-29 16:13:19 +0000 pflow: handle unattached states It's possible for states to be cleaned up (through pf_detach_state()) that have not been fully attached. For example if there's an ID conflict during pf_state_insert(). pflow exports states from pf_detach_state(), so it can get called on such states, but did not account for this and could end up dereferencing a NULL state key. Check for this in export_pflow() and do not export unattached states. See also: https://redmine.pfsense.org/issues/15446 Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pflow.c | 4 ++++ 1 file changed, 4 insertions(+) diff --git a/sys/netpfil/pf/pflow.c b/sys/netpfil/pf/pflow.c index f3dba7687d05..a437f0259af5 100644 --- a/sys/netpfil/pf/pflow.c +++ b/sys/netpfil/pf/pflow.c @@ -750,6 +750,10 @@ export_pflow(const struct pf_kstate *st) NET_EPOCH_ASSERT(); + /* e.g. if pf_state_key_attach() fails. */ + if (st->key[PF_SK_STACK] == NULL || st->key[PF_SK_WIRE] == NULL) + return; + sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK]; CK_LIST_FOREACH(sc, &V_pflowif_list, sc_next) {
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?202404291615.43TGFwqe050256>