diff options
-rw-r--r-- | sys/netpfil/pf/pf.c | 18 |
1 files changed, 16 insertions, 2 deletions
diff --git a/sys/netpfil/pf/pf.c b/sys/netpfil/pf/pf.c index 0fcb0d7..5932dd5 100644 --- a/sys/netpfil/pf/pf.c +++ b/sys/netpfil/pf/pf.c @@ -6161,7 +6161,14 @@ pf_test(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) if (m->m_flags & M_SKIP_FIREWALL) return (PF_PASS); - pd.pf_mtag = pf_find_mtag(m); + pd.pf_mtag = pf_get_mtag(m); + if (pd.pf_mtag == NULL) { + REASON_SET(&reason, PFRES_MEMORY); + log = 1; + DPFPRINTF(PF_DEBUG_MISC, + ("pf: dropping packet due to failed memory allocation for tags\n")); + return PF_DROP; + } PF_RULES_RLOCK(); @@ -6637,7 +6644,14 @@ pf_test6(int dir, struct ifnet *ifp, struct mbuf **m0, struct inpcb *inp) return (PF_PASS); memset(&pd, 0, sizeof(pd)); - pd.pf_mtag = pf_find_mtag(m); + pd.pf_mtag = pf_get_mtag(m); + if (pd.pf_mtag == NULL) { + REASON_SET(&reason, PFRES_MEMORY); + log = 1; + DPFPRINTF(PF_DEBUG_MISC, + ("pf: dropping packet due to failed memory allocation for tags\n")); + return PF_DROP; + } if (pd.pf_mtag && pd.pf_mtag->flags & PF_TAG_GENERATED) return (PF_PASS); |