From nobody Thu Jan 8 12:27:25 2026 X-Original-To: dev-commits-src-main@mlmmj.nyi.freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2610:1c1:1:606c::19:1]) by mlmmj.nyi.freebsd.org (Postfix) with ESMTP id 4dn40s4q95z6B0pv for ; Thu, 08 Jan 2026 12:27:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from mxrelay.nyi.freebsd.org (mxrelay.nyi.freebsd.org [IPv6:2610:1c1:1:606c::19:3]) (using TLSv1.3 with cipher TLS_AES_256_GCM_SHA384 (256/256 bits) key-exchange X25519 server-signature RSA-PSS (4096 bits) server-digest SHA256 client-signature RSA-PSS (4096 bits) client-digest SHA256) (Client CN "mxrelay.nyi.freebsd.org", Issuer "R13" (verified OK)) by mx1.freebsd.org (Postfix) with ESMTPS id 4dn40s1D5xz47xB for ; Thu, 08 Jan 2026 12:27:25 +0000 (UTC) (envelope-from git@FreeBSD.org) DKIM-Signature: v=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767875245; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7h0xrt0Yo8XFeDRIz0gzXask9zx0D5BgmPfRaLFw8tE=; b=YARn8qK/Afg0TBneodK3se6LFm6yddAP0NZQpce+BoA74iAoSHiivK4oQQmn2Lsn+vS0eq gEDjXkOpnAZqCj/dRzxlpmhxutsasB5orCS7t1tbkyHkHSQ5ursLNYBDLpSSZW2TGVpuyP CZZflb9mFHKww735fDfqOADtvTFLLZhJrsMjwAQ+qo/0A77ETueiRbX6fk/rpu0cnnKl7N 9gZvXrmDc3Lt/m5c7r1/xuyvtsoomrYc7jQImYDezxCLyzRQkbOTRWrAFniLasH+MK9k9y FFL3si6KO8fc8eVTF8TrmZpR+pcq9G0uLBFnGA55onWoQql2Xy80cbQ3RR1e0A== ARC-Message-Signature: i=1; a=rsa-sha256; c=relaxed/relaxed; d=freebsd.org; s=dkim; t=1767875245; h=from:from:reply-to:subject:subject:date:date:message-id:message-id: to:to:cc:mime-version:mime-version:content-type:content-type: content-transfer-encoding:content-transfer-encoding; bh=7h0xrt0Yo8XFeDRIz0gzXask9zx0D5BgmPfRaLFw8tE=; b=dn+c4VoPtn3mh2/O2PJCtqZpoUJZbYEeAQ9AgUQUiAnx59GStc79Kldtmx2tsvd1p2T53p H5Vkk/9Ww7s91g9+l2pV3SvPUHZ9EQYQsNSb9lTBjRtlg8ONLAg1NobFbnxupGdArGdw/I aMdgZ5tjZs4TjFjdcZ7vYjyVSshNrZ7ZMW3JWOJOkoRubIBC/8vak0q9ciK8pa2+dSvMxD KdAvrx6NzWs3yKxUL5CjMj+DkJ7ye17idDTcqYRCNJ4DlvPp1Zu/C//kh26bZ5+O4ayzhV wqokn79nhrHa6KMJj07ksz3xNqSNYp04qkRuk+Ppef+PA8JdPoxozMtg+QneyQ== ARC-Seal: i=1; s=dkim; d=freebsd.org; t=1767875245; a=rsa-sha256; cv=none; b=rJwfAJjoVy5ODz/qTO0djzdl5ygkt+B2eVK8/oBvUrKWPvfd9ZPdv+XRecwXj6PDmXYVop plRM9m4gcm8RmTyXL+RVwRgc/LAerVzENYZ4ucqJK4D1wXchro9JOh99rQxnVhrTfrTGVK 3nSH1rpe+LtlvH/6DWOZQtnFTQ6XE/ICrYWRFby9Qwnmqw/Ev1WyedrvHBUUrujdIc6JNA 7nMLpRPthvDPFCsqmi3C/du1bNIolwyHJghoVupqDjwih3k+NTdUQ9ocZ+oTohqeKEcJ+3 BJjLbfC3nF8mrTMIWpUu2Q7sHZv5GFn6T7vVdBcAmAUBkEddbmBmAU78owXtzQ== ARC-Authentication-Results: i=1; mx1.freebsd.org; none Received: from gitrepo.freebsd.org (gitrepo.freebsd.org [IPv6:2610:1c1:1:6068::e6a:5]) by mxrelay.nyi.freebsd.org (Postfix) with ESMTP id 4dn40s0j7RzfST for ; Thu, 08 Jan 2026 12:27:25 +0000 (UTC) (envelope-from git@FreeBSD.org) Received: from git (uid 1279) (envelope-from git@FreeBSD.org) id 3bf0f by gitrepo.freebsd.org (DragonFly Mail Agent v0.13+ on gitrepo.freebsd.org); Thu, 08 Jan 2026 12:27:25 +0000 To: src-committers@FreeBSD.org, dev-commits-src-all@FreeBSD.org, dev-commits-src-main@FreeBSD.org From: Kristof Provost Subject: git: 0df9054bc116 - main - pf: handle nlattr_add_nested() failure List-Id: Commit messages for the main branch of the src repository List-Archive: https://lists.freebsd.org/archives/dev-commits-src-main List-Help: List-Post: List-Subscribe: List-Unsubscribe: X-BeenThere: dev-commits-src-main@freebsd.org Sender: owner-dev-commits-src-main@FreeBSD.org MIME-Version: 1.0 Content-Type: text/plain; charset=utf-8 Content-Transfer-Encoding: 8bit X-Git-Committer: kp X-Git-Repository: src X-Git-Refname: refs/heads/main X-Git-Reftype: branch X-Git-Commit: 0df9054bc11633e2a4414e783be74906c743a64d Auto-Submitted: auto-generated Date: Thu, 08 Jan 2026 12:27:25 +0000 Message-Id: <695fa2ad.3bf0f.2de4002e@gitrepo.freebsd.org> The branch main has been updated by kp: URL: https://cgit.FreeBSD.org/src/commit/?id=0df9054bc11633e2a4414e783be74906c743a64d commit 0df9054bc11633e2a4414e783be74906c743a64d Author: Kristof Provost AuthorDate: 2026-01-06 22:01:21 +0000 Commit: Kristof Provost CommitDate: 2026-01-08 12:25:25 +0000 pf: handle nlattr_add_nested() failure Sponsored by: Rubicon Communications, LLC ("Netgate") --- sys/netpfil/pf/pf_nl.c | 45 +++++++++++++++++++++++++++++++++++++++++++++ 1 file changed, 45 insertions(+) diff --git a/sys/netpfil/pf/pf_nl.c b/sys/netpfil/pf/pf_nl.c index 4845342563ce..1c8a1f95b650 100644 --- a/sys/netpfil/pf/pf_nl.c +++ b/sys/netpfil/pf/pf_nl.c @@ -100,6 +100,7 @@ static bool dump_state_peer(struct nl_writer *nw, int attr, const struct pf_state_peer *peer) { int off = nlattr_add_nested(nw, attr); + if (off == 0) return (false); @@ -129,6 +130,7 @@ static bool dump_state_key(struct nl_writer *nw, int attr, const struct pf_state_key *key) { int off = nlattr_add_nested(nw, attr); + if (off == 0) return (false); @@ -430,6 +432,9 @@ nlattr_add_addr_wrap(struct nl_writer *nw, int attrtype, struct pf_addr_wrap *a) { int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + nlattr_add_in6_addr(nw, PF_AT_ADDR, &a->v.a.addr.v6); nlattr_add_in6_addr(nw, PF_AT_MASK, &a->v.a.mask.v6); nlattr_add_u8(nw, PF_AT_TYPE, a->type); @@ -465,6 +470,9 @@ nlattr_add_rule_addr(struct nl_writer *nw, int attrtype, struct pf_rule_addr *r) struct pf_addr_wrap aw = {0}; int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + bcopy(&(r->addr), &aw, sizeof(struct pf_addr_wrap)); pf_addr_copyout(&aw); @@ -493,6 +501,9 @@ nlattr_add_mape_portset(struct nl_writer *nw, int attrtype, const struct pf_mape { int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + nlattr_add_u8(nw, PF_MET_OFFSET, m->offset); nlattr_add_u8(nw, PF_MET_PSID_LEN, m->psidlen); nlattr_add_u16(nw, PF_MET_PSID, m->psid); @@ -555,6 +566,9 @@ nlattr_add_labels(struct nl_writer *nw, int attrtype, const struct pf_krule *r) int off = nlattr_add_nested(nw, attrtype); int i = 0; + if (off == 0) + return (false); + while (r->label[i][0] != 0 && i < PF_RULE_MAX_LABEL_COUNT) { nlattr_add_string(nw, PF_LT_LABEL, r->label[i]); @@ -584,6 +598,9 @@ nlattr_add_pool(struct nl_writer *nw, int attrtype, const struct pf_kpool *pool) { int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + nlattr_add(nw, PF_PT_KEY, sizeof(struct pf_poolhashkey), &pool->key); nlattr_add_in6_addr(nw, PF_PT_COUNTER, (const struct in6_addr *)&pool->counter); nlattr_add_u32(nw, PF_PT_TBLIDX, pool->tblidx); @@ -611,6 +628,9 @@ nlattr_add_rule_uid(struct nl_writer *nw, int attrtype, const struct pf_rule_uid { int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + nlattr_add_u32(nw, PF_RUT_UID_LOW, u->uid[0]); nlattr_add_u32(nw, PF_RUT_UID_HIGH, u->uid[1]); nlattr_add_u8(nw, PF_RUT_OP, u->op); @@ -671,6 +691,9 @@ nlattr_add_timeout(struct nl_writer *nw, int attrtype, uint32_t *timeout) { int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + for (int i = 0; i < PFTM_MAX; i++) nlattr_add_u32(nw, PF_RT_TIMEOUT, timeout[i]); @@ -1144,6 +1167,10 @@ nlattr_add_counters(struct nl_writer *nw, int attr, size_t number, char **names, { for (int i = 0; i < number; i++) { int off = nlattr_add_nested(nw, attr); + + if (off == 0) + return (false); + nlattr_add_u32(nw, PF_C_ID, i); nlattr_add_string(nw, PF_C_NAME, names[i]); nlattr_add_u64(nw, PF_C_COUNTER, counter_u64_fetch(counters[i])); @@ -1159,6 +1186,10 @@ nlattr_add_fcounters(struct nl_writer *nw, int attr, size_t number, char **names { for (int i = 0; i < number; i++) { int off = nlattr_add_nested(nw, attr); + + if (off == 0) + return (false); + nlattr_add_u32(nw, PF_C_ID, i); nlattr_add_string(nw, PF_C_NAME, names[i]); nlattr_add_u64(nw, PF_C_COUNTER, pf_counter_u64_fetch(&counters[i])); @@ -1173,6 +1204,9 @@ nlattr_add_u64_array(struct nl_writer *nw, int attr, size_t number, const uint64 { int off = nlattr_add_nested(nw, attr); + if (off == 0) + return (false); + for (size_t i = 0; i < number; i++) nlattr_add_u64(nw, 0, array[i]); @@ -1482,6 +1516,9 @@ nlattr_add_pool_addr(struct nl_writer *nw, int attrtype, struct pf_pooladdr *a) off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + nlattr_add_addr_wrap(nw, PF_PA_ADDR, &a->addr); nlattr_add_string(nw, PF_PA_IFNAME, a->ifname); @@ -1689,6 +1726,9 @@ nlattr_add_pf_threshold(struct nl_writer *nw, int attrtype, int off = nlattr_add_nested(nw, attrtype); int conn_rate_count = 0; + if (off == 0) + return (false); + /* Adjust the connection rate estimate. */ if (t->cr != NULL) conn_rate_count = counter_rate_get(t->cr); @@ -1889,6 +1929,9 @@ nlattr_add_pfr_table(struct nl_writer *nw, int attrtype, { int off = nlattr_add_nested(nw, attrtype); + if (off == 0) + return (false); + nlattr_add_string(nw, PF_T_ANCHOR, t->pfrt_anchor); nlattr_add_string(nw, PF_T_NAME, t->pfrt_name); nlattr_add_u32(nw, PF_T_TABLE_FLAGS, t->pfrt_flags); @@ -2212,6 +2255,7 @@ static int nlattr_add_pfr_addr(struct nl_writer *nw, int attr, const struct pfr_addr *a) { int off = nlattr_add_nested(nw, attr); + if (off == 0) return (false); @@ -2291,6 +2335,7 @@ static int nlattr_add_pfr_astats(struct nl_writer *nw, int attr, const struct pfr_astats *a) { int off = nlattr_add_nested(nw, attr); + if (off == 0) return (false);