summaryrefslogtreecommitdiff
path: root/sys
diff options
context:
space:
mode:
authorHenning Brauer <henning@cvs.openbsd.org>2009-07-28 11:22:34 +0000
committerHenning Brauer <henning@cvs.openbsd.org>2009-07-28 11:22:34 +0000
commitd0083d5d08ee69d17122efc81aa1e424566b7dec (patch)
tree0cd7645f09acd973544139c439eeb8745119d234 /sys
parentf3a43322fce8a1b629c19b71da3fb14204038161 (diff)
do not leak pf_rule_item_pl items in pf_test_rule() when
1) at least one match rule matched the packet and 2) we do not create state found by me while fixing the pool_get problem, ok dlg
Diffstat (limited to 'sys')
-rw-r--r--sys/net/pf.c10
1 files changed, 9 insertions, 1 deletions
diff --git a/sys/net/pf.c b/sys/net/pf.c
index b933420dfe0..be23e39d433 100644
--- a/sys/net/pf.c
+++ b/sys/net/pf.c
@@ -1,4 +1,4 @@
-/* $OpenBSD: pf.c,v 1.656 2009/07/28 11:20:09 henning Exp $ */
+/* $OpenBSD: pf.c,v 1.657 2009/07/28 11:22:33 henning Exp $ */
/*
* Copyright (c) 2001 Daniel Hartmeier
@@ -3070,6 +3070,10 @@ pf_test_rule(struct pf_rule **rm, struct pf_state **sm, int direction,
pool_put(&pf_state_key_pl, sk);
if (nk != NULL)
pool_put(&pf_state_key_pl, nk);
+ while ((ri = SLIST_FIRST(&rules))) {
+ SLIST_REMOVE_HEAD(&rules, entry);
+ pool_put(&pf_rule_item_pl, ri);
+ }
}
/* copy back packet headers if we performed NAT operations */
@@ -3097,6 +3101,10 @@ cleanup:
pool_put(&pf_state_key_pl, sk);
if (nk != NULL)
pool_put(&pf_state_key_pl, nk);
+ while ((ri = SLIST_FIRST(&rules))) {
+ SLIST_REMOVE_HEAD(&rules, entry);
+ pool_put(&pf_rule_item_pl, ri);
+ }
return (PF_DROP);
}