diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2015-05-11 12:22:15 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2015-05-11 12:22:15 +0000 |
| commit | 61687e5e427615bb452ad5099d9330dfd228d0c5 (patch) | |
| tree | 24b57e11a3dd979e79193b3eebcc8ab5c54cd27d /sys | |
| parent | 1ebbf531bf75b4515a66adcd69de3944468a93a5 (diff) | |
fix a potential use-after-free in pf_state_rm_src_node
found by jsg; ok jsg mikeb
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 6 |
1 files changed, 4 insertions, 2 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index 402c01c4f0d..5bd5864a9ec 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.912 2015/04/17 11:04:01 mikeb Exp $ */ +/* $OpenBSD: pf.c,v 1.913 2015/05/11 12:22:14 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -611,9 +611,11 @@ pf_state_rm_src_node(struct pf_state *s, struct pf_src_node *sn) else SLIST_REMOVE_HEAD(&s->src_nodes, next); pool_put(&pf_sn_item_pl, sni); + sni = NULL; sn->states--; } - snip = sni; + if (sni != NULL) + snip = sni; } } |