pf: avoid a shadowed variable in the pf_create_state() source limiter handling
the code that unwinds state creation when something fails needed
the pf_source variable at the function scope to be set, but this
was masked by a declaration in the scope that sets up the source
limiting. this results in a NULL deref in the unwind code when it
needs to clean up the accounting for a source limiter.
i found it funny that i left this comment for myself in the unwinding
code:
/* who needs KASSERTS when we have NULL derefs */
ok jmatthew@
Obtained from: OpenBSD, dlg <dlg@openbsd.org>, fc9311361f
Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
+1
-1
@@ -6846,9 +6846,9 @@ pf_create_state(struct pf_krule *r, struct pf_test_ctx *ctx,
|
||||
|
||||
srlim = ctx->sourcelim;
|
||||
if (srlim != NULL) {
|
||||
struct pf_source *sr = ctx->source;
|
||||
unsigned int gen;
|
||||
|
||||
sr = ctx->source;
|
||||
if (sr == NULL) {
|
||||
sr = malloc(sizeof(*sr), M_PF_SOURCE_LIM, M_NOWAIT | M_ZERO);
|
||||
if (sr == NULL) {
|
||||
|
||||
Reference in New Issue
Block a user