diff options
| author | Henning Brauer <henning@cvs.openbsd.org> | 2010-01-11 04:07:08 +0000 |
|---|---|---|
| committer | Henning Brauer <henning@cvs.openbsd.org> | 2010-01-11 04:07:08 +0000 |
| commit | 1087250c10f476d6aedd9c44ca4ba96ce45792f6 (patch) | |
| tree | acd1145d750cf2d921225804d1d5f11262ec89bd /sys | |
| parent | ab186973fcc156d80118bbb5f21b4eafcd11f879 (diff) | |
"final" leak in state creation: in pf_state_key_setup, if we actually
need two state keys (NAT case), and we succeed allocating the first one
but fail getting the second we'd leak the first one. obvious and thus ok'd
by dlg ryan and theo within seconds
Diffstat (limited to 'sys')
| -rw-r--r-- | sys/net/pf.c | 7 |
1 files changed, 4 insertions, 3 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b4c06a2ebe3..758d92d8385 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.681 2010/01/11 03:52:03 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.682 2010/01/11 04:07:07 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -849,9 +849,10 @@ pf_state_key_setup(struct pf_pdesc *pd, PF_ANEQ(*daddr, pd->dst, pd->af) || *sport != pd->osport || *dport != pd->odport || wrdom != pd->rdomain) { /* NAT */ - if ((sk2 = pf_alloc_state_key(PR_NOWAIT | PR_ZERO)) == NULL) + if ((sk2 = pf_alloc_state_key(PR_NOWAIT | PR_ZERO)) == NULL) { + pool_put(&pf_state_key_pl, sk1); return (ENOMEM); - + } PF_ACPY(&sk2->addr[pd->sidx], *saddr, pd->af); PF_ACPY(&sk2->addr[pd->didx], *daddr, pd->af); sk2->port[pd->sidx] = *sport; |