pf: Fix error handling in pf_handle_get_tstats()

- pfr_table_count() can return an error.
- We must check for failure from mallocarray(M_NOWAIT).

Fixes:		9e8d2962aa ("pf: convert DIOCRGETTSTATS to netlink")
Reported by:	Kevin Day <kevin@your.org>
Reviewed by:	kp
MFC after:	1 week
Differential Revision:	https://reviews.freebsd.org/D54094
This commit is contained in:
Mark Johnston
2025-12-08 14:09:02 +00:00
parent 73586fcea6
commit 0f0662c6b4
+10
View File
@@ -1954,8 +1954,18 @@ pf_handle_get_tstats(struct nlmsghdr *hdr, struct nl_pstate *npt)
PF_RULES_RLOCK();
n = pfr_table_count(&attrs.pfrio_table, attrs.pfrio_flags);
if (n < 0) {
PF_RULES_RUNLOCK();
PF_TABLE_STATS_UNLOCK();
return (EINVAL);
}
pfrtstats = mallocarray(n,
sizeof(struct pfr_tstats), M_PF, M_NOWAIT | M_ZERO);
if (pfrtstats == NULL) {
PF_RULES_RUNLOCK();
PF_TABLE_STATS_UNLOCK();
return (ENOMEM);
}
error = pfr_get_tstats(&attrs.pfrio_table, pfrtstats,
&n, attrs.pfrio_flags | PFR_FLAG_USERIOCTL);