ipfw nat: Add assertion that mbuf is not a chain
Discarding m_free's return value will result in an mbuf leak if the mbuf was in a chain. In general we should use m_freem if the mbuf may be in a chain, or assert that the return was NULL. There will not be a chain here due to m_megapullup, so add an assert. Reviewed by: ae Sponsored by: The FreeBSD Foundation Differential Revision: https://reviews.freebsd.org/D57479
This commit is contained in:
@@ -291,7 +291,7 @@ free_nat_instance(struct cfg_nat *ptr)
|
||||
static int
|
||||
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
|
||||
{
|
||||
struct mbuf *mcl;
|
||||
struct mbuf *mcl, *mfree __diagused;
|
||||
struct ip *ip;
|
||||
/* XXX - libalias duct tape */
|
||||
int ldt, retval, found;
|
||||
@@ -396,7 +396,8 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
|
||||
(retval == PKT_ALIAS_IGNORED &&
|
||||
(t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
|
||||
/* XXX - should i add some logging? */
|
||||
m_free(mcl);
|
||||
mfree = m_free(mcl);
|
||||
MPASS(mfree == NULL);
|
||||
args->m = NULL;
|
||||
return (IP_FW_DENY);
|
||||
}
|
||||
|
||||
Reference in New Issue
Block a user