diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2008-07-04 00:56:49 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2008-07-04 00:56:49 +0000 |
| commit | 4a3279308d365a0c004fecee6d7375c53e8b66ba (patch) | |
| tree | dca7bc929a29855dd4a1398a446a086cef588022 | |
| parent | d791140be61340861c02aa72527aa7f0175be23c (diff) | |
in pf_state_key_attach(), when we find that there already is a state key
that we can attach the state to, make sure to not overwrite the state key
pointer in the state that was just set to the existing state key with the
state key that was supplied with the state and just free'd (well, pool_put'd).
by the time we clean up the state and try to follow it to RB_REMOVE etc
we'd follow that garbage pointer to either an unrelated state key or the old
state key still sitting unused in the pool.
should fix the RB_REMOVE panics some people have been seeing.
"clearly ok, please commit" ryan
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 3 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index ff2fc84c724..aec095b1ab8 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.605 2008/07/04 00:09:31 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.606 2008/07/04 00:56:48 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -685,8 +685,8 @@ pf_state_key_attach(struct pf_state_key *sk, struct pf_state *s, int idx) } pool_put(&pf_state_key_pl, sk); s->key[idx] = cur; - } - s->key[idx] = sk; + } else + s->key[idx] = sk; if ((si = pool_get(&pf_state_item_pl, PR_NOWAIT)) == NULL) { pf_state_key_detach(s, idx); |