diff options
| author | Mike Frantzen <frantzen@cvs.openbsd.org> | 2003-05-14 01:39:52 +0000 |
|---|---|---|
| committer | Mike Frantzen <frantzen@cvs.openbsd.org> | 2003-05-14 01:39:52 +0000 |
| commit | 96808d4a7061fd75074f45cf9d306478e47bf92d (patch) | |
| tree | ef661294d57cbecf7a3ee0cef68dafae4919b14b /sys/net | |
| parent | b9c09d6d17a5134c85ea1fd00a65ce2829a6d254 (diff) | |
fix use after free race when purging the new PF tags
ok henning@
Diffstat (limited to 'sys/net')
| -rw-r--r-- | sys/net/pf_ioctl.c | 8 |
1 files changed, 5 insertions, 3 deletions
diff --git a/sys/net/pf_ioctl.c b/sys/net/pf_ioctl.c index 6ddee7d769d..d0fe22b00db 100644 --- a/sys/net/pf_ioctl.c +++ b/sys/net/pf_ioctl.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf_ioctl.c,v 1.64 2003/05/13 17:45:24 henning Exp $ */ +/* $OpenBSD: pf_ioctl.c,v 1.65 2003/05/14 01:39:51 frantzen Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -469,15 +469,17 @@ pf_tag_unref(u_int16_t tag) void pf_tag_purge(void) { - struct pf_tagname *p; + struct pf_tagname *p, *next; - TAILQ_FOREACH_REVERSE(p, &pf_tags, entries, pf_tagnames) + for (p = TAILQ_LAST(&pf_tags, pf_tags); p != NULL; p = next) { + next = TAILQ_PREV(p, pf_tags, entries); if (p->ref == 0) { if (p->tag == tagid) tagid--; TAILQ_REMOVE(&pf_tags, p, entries); free(p, M_TEMP); } + } } int |