From daca7c3f8a5ecda401fb9d5a6c9a2efaa05873c8 Mon Sep 17 00:00:00 2001 From: Henning Brauer Date: Wed, 11 Jun 2008 03:28:11 +0000 Subject: after finding a state in the outbound path clear the statekey pointer in the header so it cannot get used again in case of somewhat weird reflection + mbuf-reuse-without-pkthdr-clearing cases. it looks like gif falls into the latter category. discussed with and ok theo --- sys/net/pf.c | 5 ++++- 1 file changed, 4 insertions(+), 1 deletion(-) diff --git a/sys/net/pf.c b/sys/net/pf.c index 8e6eed9e8f1..697cfdd986a 100644 --- a/sys/net/pf.c +++ b/sys/net/pf.c @@ -1,4 +1,4 @@ -/* $OpenBSD: pf.c,v 1.592 2008/06/11 03:26:03 henning Exp $ */ +/* $OpenBSD: pf.c,v 1.593 2008/06/11 03:28:10 henning Exp $ */ /* * Copyright (c) 2001 Daniel Hartmeier @@ -882,6 +882,9 @@ pf_find_state(struct pfi_kif *kif, struct pf_state_key_cmp *key, u_int dir, m->m_pkthdr.pf.statekey)->reverse = sk; } + if (dir == PF_OUT && m) + m->m_pkthdr.pf.statekey = NULL; + /* list is sorted, if-bound states before floating ones */ TAILQ_FOREACH(si, &sk->states, entry) if ((si->s->kif == pfi_all || si->s->kif == kif) && -- cgit v1.2.3