summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2008-06-11 03:28:11 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2008-06-11 03:28:11 +0000
commitdaca7c3f8a5ecda401fb9d5a6c9a2efaa05873c8 (patch)
tree86690518a86ae4c756c645bf6ad938434e535b42
parented08e986b5dc6d502fe0baf7faaeaa99b79cc82b (diff)
after finding a state in the outbound path clear the statekey pointer
in the header so it cannot get used again in case of somewhat weird reflection + mbuf-reuse-without-pkthdr-clearing cases. it looks like gif falls into the latter category. discussed with and ok theo
-rw-r--r--sys/net/pf.c5
1 files changed, 4 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index 8e6eed9e8f1..697cfdd986a 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.592 2008/06/11 03:26:03 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.593 2008/06/11 03:28:10 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -882,6 +882,9 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir,
m->m_pkthdr.pf.statekey)->reverse = sk;
}
+ if (dir == PF_OUT && m)
+ m->m_pkthdr.pf.statekey = NULL;
+
/* list is sorted, if-bound states before floating ones */
TAILQ_FOREACH(si, &sk->states, entry)
if ((si->s->kif == pfi_all || si->s->kif == kif) &&