pflow: handle unattached states
It's possible for states to be cleaned up (through pf_detach_state()) that have not been fully attached. For example if there's an ID conflict during pf_state_insert(). pflow exports states from pf_detach_state(), so it can get called on such states, but did not account for this and could end up dereferencing a NULL state key. Check for this in export_pflow() and do not export unattached states. See also: https://redmine.pfsense.org/issues/15446 Sponsored by: Rubicon Communications, LLC ("Netgate")
This commit is contained in:
@@ -750,6 +750,10 @@ export_pflow(const struct pf_kstate *st)
|
||||
|
||||
NET_EPOCH_ASSERT();
|
||||
|
||||
/* e.g. if pf_state_key_attach() fails. */
|
||||
if (st->key[PF_SK_STACK] == NULL || st->key[PF_SK_WIRE] == NULL)
|
||||
return;
|
||||
|
||||
sk = st->key[st->direction == PF_IN ? PF_SK_WIRE : PF_SK_STACK];
|
||||
|
||||
CK_LIST_FOREACH(sc, &V_pflowif_list, sc_next) {
|
||||
|
||||
Reference in New Issue
Block a user