diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2008-06-11 03:28:11 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2008-06-11 03:28:11 +0000 |
commit | daca7c3f8a5ecda401fb9d5a6c9a2efaa05873c8 (patch) | |
tree | 86690518a86ae4c756c645bf6ad938434e535b42 | |
parent | ed08e986b5dc6d502fe0baf7faaeaa99b79cc82b (diff) |
after finding a state in the outbound path clear the statekey pointer
in the header so it cannot get used again in case of somewhat weird
reflection + mbuf-reuse-without-pkthdr-clearing cases. it looks like
gif falls into the latter category.
discussed with and ok theo
-rw-r--r-- | sys/net/pf.c | 5 |
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 8e6eed9e8f1..697cfdd986a 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.592 2008/06/11 03:26:03 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.593 2008/06/11 03:28:10 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -882,6 +882,9 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir, m->m_pkthdr.pf.statekey)->reverse = sk; } + if (dir == PF_OUT && m) + m->m_pkthdr.pf.statekey = NULL; + /* list is sorted, if-bound states before floating ones */ TAILQ_FOREACH(si, &sk->states, entry) if ((si->s->kif == pfi_all || si->s->kif == kif) && |