diff options
author | glebius <glebius@FreeBSD.org> | 2014-04-25 11:36:11 +0000 |
---|---|---|
committer | glebius <glebius@FreeBSD.org> | 2014-04-25 11:36:11 +0000 |
commit | 597bcfe53d79bb09ac213ce0e51129ffb17bafc7 (patch) | |
tree | 0add36ffd0b4f7b595a773adad33697151993cc4 /sys/netpfil | |
parent | 867becd902a4f76bba138253388eaba2b57225e1 (diff) | |
download | FreeBSD-src-597bcfe53d79bb09ac213ce0e51129ffb17bafc7.zip FreeBSD-src-597bcfe53d79bb09ac213ce0e51129ffb17bafc7.tar.gz |
The current API for adding rules with pool addresses is the following:
- DIOCADDADDR adds addresses and puts them into V_pf_pabuf
- DIOCADDRULE takes all addresses from V_pf_pabuf and links
them into rule.
The ugly part is that if address is a table, then it is initialized
in DIOCADDRULE, because we need ruleset, and DIOCADDADDR doesn't
supply ruleset. But if address is a dynaddr, we need address family,
and address family could be different for different addresses in one
rule, so dynaddr is initialized in DIOCADDADDR.
This leads to the entangled state of addresses on V_pf_pabuf. Some are
initialized, and some not. That's why running pf_empty_pool(&V_pf_pabuf)
can lead to a panic on a NULL table address.
Since proper fix requires API/ABI change, for now simply plug the panic
in pf_empty_pool().
Reported by: danger
Diffstat (limited to 'sys/netpfil')
-rw-r--r-- | sys/netpfil/pf/pf_ioctl.c | 4 |
1 files changed, 3 insertions, 1 deletions
diff --git a/sys/netpfil/pf/pf_ioctl.c b/sys/netpfil/pf/pf_ioctl.c index 9d28d04..9a5dfcf 100644 --- a/sys/netpfil/pf/pf_ioctl.c +++ b/sys/netpfil/pf/pf_ioctl.c @@ -343,7 +343,9 @@ pf_empty_pool(struct pf_palist *poola) pfi_dynaddr_remove(pa->addr.p.dyn); break; case PF_ADDR_TABLE: - pfr_detach_table(pa->addr.p.tbl); + /* XXX: this could be unfinished pooladdr on pabuf */ + if (pa->addr.p.tbl != NULL) + pfr_detach_table(pa->addr.p.tbl); break; } if (pa->kif) |