diff options
author | Henning Brauer <henning@cvs.openbsd.org> | 2009-07-28 11:22:34 +0000 |
---|---|---|
committer | Henning Brauer <henning@cvs.openbsd.org> | 2009-07-28 11:22:34 +0000 |
commit | d0083d5d08ee69d17122efc81aa1e424566b7dec (patch) | |
tree | 0cd7645f09acd973544139c439eeb8745119d234 /sys | |
parent | f3a43322fce8a1b629c19b71da3fb14204038161 (diff) |
do not leak pf_rule_item_pl items in pf_test_rule() when
1) at least one match rule matched the packet and
2) we do not create state
found by me while fixing the pool_get problem, ok dlg
Diffstat (limited to 'sys')
-rw-r--r-- | sys/net/pf.c | 10 |
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c index b933420dfe0..be23e39d433 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.656 2009/07/28 11:20:09 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.657 2009/07/28 11:22:33 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -3070,6 +3070,10 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction, pool_put(&pf_state_key_pl, sk); if (nk != NULL) pool_put(&pf_state_key_pl, nk); + while ((ri = SLIST_FIRST(&rules))) { + SLIST_REMOVE_HEAD(&rules, entry); + pool_put(&pf_rule_item_pl, ri); + } } /* copy back packet headers if we performed NAT operations */ @@ -3097,6 +3101,10 @@ cleanup: pool_put(&pf_state_key_pl, sk); if (nk != NULL) pool_put(&pf_state_key_pl, nk); + while ((ri = SLIST_FIRST(&rules))) { + SLIST_REMOVE_HEAD(&rules, entry); + pool_put(&pf_rule_item_pl, ri); + } return (PF_DROP); } |