ipfw nat: Add assertion that mbuf is not a chain

Discarding m_free's return value will result in an mbuf leak if the mbuf
was in a chain.

In general we should use m_freem if the mbuf may be in a chain, or
assert that the return was NULL.  There will not be a chain here due to
m_megapullup, so add an assert.

Reviewed by:	ae
Sponsored by:	The FreeBSD Foundation
Differential Revision: https://reviews.freebsd.org/D57479
This commit is contained in:
Ed Maste
2026-06-05 17:00:07 -04:00
parent a2cfe53577
commit b16c731b01
+3 -2
View File
@@ -291,7 +291,7 @@ free_nat_instance(struct cfg_nat *ptr)
static int
ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
{
struct mbuf *mcl;
struct mbuf *mcl, *mfree __diagused;
struct ip *ip;
/* XXX - libalias duct tape */
int ldt, retval, found;
@@ -396,7 +396,8 @@ ipfw_nat(struct ip_fw_args *args, struct cfg_nat *t, struct mbuf *m)
(retval == PKT_ALIAS_IGNORED &&
(t->mode & PKT_ALIAS_DENY_INCOMING) != 0)))) {
/* XXX - should i add some logging? */
m_free(mcl);
mfree = m_free(mcl);
MPASS(mfree == NULL);
args->m = NULL;
return (IP_FW_DENY);
}