projects / freebsd.git / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 75d15e8) | patch
pf: fix use-after-free
authorKristof Provost <kp@FreeBSD.org>
Sat, 23 Mar 2024 16:02:50 +0000 (17:02 +0100)
committerKristof Provost <kp@FreeBSD.org>
Mon, 25 Mar 2024 04:44:23 +0000 (05:44 +0100)
commita1ecbc57011758257b85c3e9f51efc93ac93169d
treed7ee598c3a42e7ff0c400dc4d77265da1e79b740tree | snapshot
parent75d15e893b14188b83c5fb5e4979fa21c557934fcommit | diff
pf: fix use-after-free

If we fragment the packet in pf_route() the first transmitted packet
will free the pf_mtag we have stored in pf_pdesc (pd). Ensure we
update that pointer for every packet to avoid using a freed pointer in
pf_dummynet_route().

Reported by: CI KASAN, markj
MFC after: 1 week
sys/netpfil/pf/pf.c diff | blob | blame | history
FreeBSD Project Source