diff options
| author | Stuart Henderson <sthen@cvs.openbsd.org> | 2011-06-02 22:03:31 +0000 |
|---|---|---|
| committer | Stuart Henderson <sthen@cvs.openbsd.org> | 2011-06-02 22:03:31 +0000 |
| commit | 782a7300cedfa5b9fbe695306bf6e9733e9ff3bb (patch) | |
| tree | 35e75f76f3a9fabe9d41ddb50aa33baf5139a8c5 | |
| parent | 2840a6297c747616b60e4a0895382a75e02fa40e (diff) | |
Don't destroy a non-persistent table if referenced by src_nodes. Fixes
a crash if max-src-* options are triggered both before and after a ruleset
reload, when the rules are overloading to a non-persistent table.
Discovered by and fix from Martin Pelikan.
| -rw-r--r-- | sys/net/pf_ioctl.c | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index effc6b586c4..4b1d4f3b9ca 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.239 2011/04/19 21:58:03 chl Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.240 2011/06/02 22:03:30 sthen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -263,7 +263,7 @@ void pf_rm_rule(struct pf_rulequeue *rulequeue, struct pf_rule *rule) { if (rulequeue != NULL) { - if (rule->states_cur <= 0) { + if (rule->states_cur <= 0 && rule->src_nodes <= 0) { /* * XXX - we need to remove the table *before* detaching * the rule to make sure the table code does not delete |