diff options
| author | David Krause <david@cvs.openbsd.org> | 2008-07-10 05:44:55 +0000 |
|---|---|---|
| committer | David Krause <david@cvs.openbsd.org> | 2008-07-10 05:44:55 +0000 |
| commit | 4ab0904d9a4d46030b5d651081155db15eddc27f (patch) | |
| tree | 94d0c48d43a3d6c6791b9f871cec762b758c908b /sys/net | |
| parent | a3adbba510bb615e50beb6ea4ef173d0a81ee8ce (diff) | |
In pf_state_insert(), if the first pf_state_key_attach() fails, the
state key is freed by pf_state_key_attach(). But in the case of NAT,
there are two state keys allocated, so we must free the second key
manually. Fixes a pf_state_key_pl leak seen in certain cases with
pfsync or with pf state-insert errors.
ok mcbride@ henning@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf.c | 15 |
1 files changed, 9 insertions, 6 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 80bc147fc08..985ca3640a0 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.607 2008/07/05 16:57:50 david Exp $ */ +/* $OpenBSD: pf.c,v 1.608 2008/07/10 05:44:54 david Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -802,12 +802,15 @@ pf_state_insert(struct pfi_kif *kif, struct pf_state_key *skw, { s->kif = kif; - if (pf_state_key_attach(skw, s, PF_SK_WIRE)) - return (-1); - - if (skw == sks) + if (skw == sks) { + if (pf_state_key_attach(skw, s, PF_SK_WIRE)) + return (-1); s->key[PF_SK_STACK] = s->key[PF_SK_WIRE]; - else { + } else { + if (pf_state_key_attach(skw, s, PF_SK_WIRE)) { + pool_put(&pf_state_key_pl, sks); + return (-1); + } if (pf_state_key_attach(sks, s, PF_SK_STACK)) { pf_state_key_detach(s, PF_SK_WIRE); return (-1); |